xecuting program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000301e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1331.827729] binder: 2806:2807 ioctl 40046207 0 returned -16 20:25:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x4, 0x20480) bind$can_raw(r2, &(0x7f00000001c0), 0x10) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 20:25:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x48}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001301e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1331.908870] net_ratelimit: 26 callbacks suppressed [ 1331.908877] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.908907] protocol 88fb is buggy, dev hsr_slave_1 [ 1331.913888] protocol 88fb is buggy, dev hsr_slave_1 [ 1331.929170] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.934255] protocol 88fb is buggy, dev hsr_slave_1 20:25:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002631e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x80c0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x5, 0x1}, 0x8) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x20000000) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) [ 1332.050751] binder_alloc: binder_alloc_mmap_handler: 2836 20ffc000-20ffe000 already mapped failed -16 [ 1332.087993] binder: BINDER_SET_CONTEXT_MGR already set 20:25:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002301e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1332.118834] binder: 2836:2839 ioctl 40046207 0 returned -16 [ 1332.125068] binder_alloc: 2836: binder_alloc_buf, no vma [ 1332.148851] protocol 88fb is buggy, dev hsr_slave_0 [ 1332.153975] protocol 88fb is buggy, dev hsr_slave_1 [ 1332.159095] protocol 88fb is buggy, dev hsr_slave_0 [ 1332.164150] protocol 88fb is buggy, dev hsr_slave_1 20:25:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4c}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1332.169278] protocol 88fb is buggy, dev hsr_slave_0 20:25:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003631e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd010) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003301e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1332.283930] binder_alloc: binder_alloc_mmap_handler: 2852 20ffc000-20ffe000 already mapped failed -16 [ 1332.319074] binder: BINDER_SET_CONTEXT_MGR already set 20:25:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x7, 0x4102) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000340)={r1, 0xde, "794e74604dff0dc1b136d4a67584c2719b09276bbdc13cdabb4317de13a569fd228bec4802728549995b6b046956e2166c8f86acb7758929e494ac6c6c9b08e47713d5d24fbca12d77efc23ee1a2d8a6bc036a29b87547266595416e9e378a090b1a9d800fd2ed341e5ad29cd4bc4e6529fc3e657a6f056ba7152593339e5035e754bf66c23bed161e5c4fb4f7bfb2b1e67dfa27a9f8ca8ec4538763db7239a42bb27d8600ecf808aa96f2fe34e25acb0715cfeb5df3770d86f0eb712ef053bc945769983498a4a4d4ffd68cb6dcd097db8dd3a6cda4f911c6fbec39f16a"}, &(0x7f0000000140)=0xe6) r2 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x0) [ 1332.329150] binder_alloc: 2852: binder_alloc_buf, no vma [ 1332.348296] binder: 2852:2856 ioctl 40046207 0 returned -16 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x60}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000311e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r1 = geteuid() utime(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x1, 0x800}) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getuid() fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f00000004c0)={'irlan0\x00', {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000740)=0xc) setxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000680)=ANY=[@ANYBLOB="02000000010002000000000002000500", @ANYRES32=r1, @ANYBLOB="02000600", @ANYRES32=r2, @ANYBLOB="02000200", @ANYRES32=r3, @ANYBLOB="02000700", @ANYRES32=r4, @ANYBLOB="040006000000000008000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="100005000000153463b1926c003e551319efdabc21bf416b61c60000bfe22d23d41b93743f413a15f64fa38510ee615f4736296fc06cc6115e1b2a6de99243033c395e1378026d9c3ae2db013e079e593012f027ff"], 0x54, 0x3) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000580)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, r7, 0x111, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000500)={0xff, @local, 0x4e21, 0x4, 'sed\x00', 0x20, 0x1b5c305e, 0xf}, 0x2c) 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/autofs\x00', 0x10002, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm_plock\x00', 0xc000, 0x0) setsockopt$inet_tcp_buf(r3, 0x6, 0x1e, &(0x7f0000000240)="615f1809808051c1ef7d493ce042716db2351cdb5bf1e16aeb71f89a460a8d790bee72ae3f9c2329f9bcad507a2d8fae5a8a0bc42af37d83a81274cd1f47da13b9ed6b062fa42c2000b5a7f04acaa63dbf4e32bea83cf4adc94168dbcaec1187e174ae0f21524d0daccc9309cb74db805e342580", 0x74) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = accept4(r1, &(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @remote}, &(0x7f0000000000)=0x80, 0x80000) getsockopt$bt_BT_POWER(r5, 0x112, 0x9, &(0x7f0000000180), &(0x7f00000001c0)=0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1332.515976] binder_alloc: binder_alloc_mmap_handler: 2878 20ffc000-20ffe000 already mapped failed -16 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1332.557487] binder: BINDER_SET_CONTEXT_MGR already set 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001311e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1332.578251] binder: 2878:2879 ioctl 40046207 0 returned -16 [ 1332.585074] binder_alloc: 2878: binder_alloc_buf, no vma 20:25:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x68}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1332.670147] binder_alloc: binder_alloc_mmap_handler: 2890 20ffc000-20ffe000 already mapped failed -16 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002311e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 2: open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f0000000040)='./file0\x00') 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1332.730414] binder: BINDER_SET_CONTEXT_MGR already set [ 1332.768310] binder: 2890:2892 ioctl 40046207 0 returned -16 [ 1332.788954] binder_alloc: 2890: binder_alloc_buf, no vma [ 1332.794457] binder_transaction: 23 callbacks suppressed [ 1332.794472] binder: 2890:2905 transaction failed 29189/-3, size 40-8 line 3035 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003311e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) r3 = open(&(0x7f0000000000)='./file0\x00', 0xaa80, 0xc8) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r3, 0xc0bc5310, &(0x7f0000000100)) ioctl$KVM_RUN(r2, 0xae80, 0x0) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SIOCAX25DELUID(r3, 0x89e2, &(0x7f0000000340)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r4}) 20:25:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6c}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x3) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f00000000c0)=0x5) 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000321e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.000554] binder: 2917:2919 transaction failed 29201/-22, size 40-8 line 3192 [ 1333.077020] binder_alloc: binder_alloc_mmap_handler: 2917 20ffc000-20ffe000 already mapped failed -16 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001321e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.129092] binder: BINDER_SET_CONTEXT_MGR already set 20:25:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = fanotify_init(0x40, 0x40000) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000100)={0x0, r1, 0x9, 0x1, 0x8, 0x3ff}) r2 = open(&(0x7f00000000c0)='./file1\x00', 0x80000, 0x4) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002321e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.167051] binder: 2917:2919 ioctl 40046207 0 returned -16 [ 1333.196923] binder: 2917:2927 transaction failed 29189/-22, size 40-8 line 2896 20:25:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r3, 0x28, 0x6, &(0x7f0000000100)={0x0, 0x7530}, 0x10) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x74}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003321e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x1) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f00000000c0)={0x4, 0x2, 0x2, [], &(0x7f0000000040)={0x9e0907, 0x53d, [], @value=0x1}}) r1 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x10, r0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000140)={r1}) [ 1333.361637] binder: 2950:2952 transaction failed 29201/-22, size 40-8 line 3192 [ 1333.393877] binder: BINDER_SET_CONTEXT_MGR already set 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000331e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240058651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.428309] binder_alloc: 2950: binder_alloc_buf, no vma [ 1333.455525] binder: 2950:2952 ioctl 40046207 0 returned -16 20:25:09 executing program 2: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x202000, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x2, 0x7f737f7f, 0x5, 0x800, 0x0, @discrete={0x7f, 0xf62}}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x2003ff, 0xa) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) [ 1333.479256] binder: 2950:2958 transaction failed 29189/-3, size 40-8 line 3035 20:25:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7a}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7f, 0x442100) ioctl$PPPIOCGMRU(r3, 0x80047453, &(0x7f0000000100)) 20:25:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001331e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 2: r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0xc, 0x22001) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000440)={0x0, 0x4}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000004c0)={r1, 0x1, 0x55}, &(0x7f0000000500)=0x8) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) r3 = geteuid() mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x23, &(0x7f0000000340)={[{@metacopy_off='metacopy=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@xino_on='xino=on'}, {@default_permissions='default_permissions'}, {@workdir={'workdir', 0x3d, './file0'}}, {@nfs_export_on='nfs_export=on'}, {@metacopy_off='metacopy=off'}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@dont_appraise='dont_appraise'}, {@dont_hash='dont_hash'}, {@subj_role={'subj_role'}}, {@euid_lt={'euid<', r2}}, {@uid_lt={'uid<', r3}}]}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x20000, 0x0) ioctl$TUNSETPERSIST(r4, 0x400454cb, 0x0) r5 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000000)='./file0\x00', 0x0) [ 1333.670431] binder_transaction: 6 callbacks suppressed [ 1333.670440] binder: 2976:2977 got transaction with too large buffer 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.712234] binder: 2976:2977 transaction failed 29201/-22, size 40-8 line 3192 [ 1333.738603] binder_alloc: 2976: binder_alloc_buf, no vma [ 1333.739036] binder: BINDER_SET_CONTEXT_MGR already set 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002331e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.768162] binder: 2976:2986 transaction failed 29189/-3, size 40-8 line 3035 20:25:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x300}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.834701] binder: 2976:2977 ioctl 40046207 0 returned -16 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003331e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.897580] binder: 3000:3001 got transaction with too large buffer 20:25:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = semget$private(0x0, 0x0, 0x40) semctl$IPC_INFO(r3, 0x6, 0x3, &(0x7f00000002c0)=""/172) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x80, 0x0) read$alg(r4, &(0x7f0000000100)=""/219, 0xdb) ioctl$KVM_RUN(r4, 0xae80, 0x0) 20:25:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f00000000c0)='./file0\x00', 0x3, 0x4, &(0x7f00000013c0)=[{&(0x7f0000000100)="8aacc363edd7586e9b018d204b7c4ae1b47df38d762d8edf4c9f4aa7fc53aac8698257d34325cf1540cf7bc14a183c82982b8e158640528f989d2581527fc548e8eecf37ee09f2e92498f07aceec8c", 0x4f, 0x7fffffff}, {&(0x7f0000000180), 0x0, 0x11f306c2}, {&(0x7f0000000340)="bf99c0a9bbc455ca63e29009322275fb3e01978cdeffd92d867a82202ee16ed86181fa2def3beff69963689ea3fc747348b6b49096f7181227a68a64bb5f0d396b5f534c1d718693d21e94c8ec7a68b0a1951cc46d3062af12cf0a0a3af21685592cebd565b8058fc512e58da24164cfdbe2affc87aba7cfe0f7e439e919f2", 0x7f, 0x800}, {&(0x7f00000003c0)="18c701454316baf2fc75e1943a69a2bb08f66ef3da5db0da576fe58603f3a1cf79a1c1affe4563bacc305a81270f7f0fbf7811fbcdee84897565205fa2510c5279d0985834a18e89a3c485dbfed39533c3a6e5363971993afbae2cabeaddca06f6261907226b951970544372e4cee39d8c6d788a424813fef97cd1ee7e2ebc88a0413d577fd5bf0a8d58b084673aab89d1471c067055387e03fc66736ad283a600d8ab3236f2fe98a36513248712485d26184a2f8f7b792ad4fb3e6cee652fd4b470797feb101d3f7c80434b1d2e0c89b8193c52fc21d17f7527359a30cadff92b2ff161b0aaca24ac41110a30e9f64272de3f2c863d53398aefd6912d121ef0a5fe979b0a2f14f327599338e2c5c2cc81194536f64a5c1d7ae8c9659ba8bd63e86f2d26361caaf8e5d9efb97fc28fae6d1ca2324218ec2a644fb8dc9dafc001657f36de64162b77df9ae0d9d3efcb972feb6b9fc79ae1573367ea8a159c6598bba755a48f53f639d14b83d5ee4052db431de86992cf2ff80648acb20de55b03e909b75a3fc03ba175270ab03b1d786384f3eb06c1012d934db328c5c437b66cd4ea849f9f9ce44d05444ff50c07f705f8809df41a24c13586ad58fc492002c22b12a4e940964caf17f10ec6ae36785a50d03f38c03a90dcd93d2afe0f72f96f6c49236f75711d10810cb3149a09f86674ae501f421e832ba5a66e01461fe090a5db7de228fab19bf03f7f6d8846244697306353fa18697f537aa5b0aa695995eb16e131b05ffbfeb296ac3796fd58d033f27967194da20424d0ae5572855155c153a94574a6e7c80c134c4088457ea1f849b820f856d21b9de1b301e72fdae45f3131afb6828ddecc15fc24f3b8586d8f2a9b2f02402d4ea8b6d187c88f0fcb7c05cde6aff589fc2861c9d4c18df51b7bfa058549c34ab1069686ad024770f2331d4c20a7508bd057d28e26995a6a7913b920be1038d6dffc32ef39d3d60eee2c1287bf60b03e328aca1f3dca2cbe8f2fa49de7315495462ce8e08df46bbf199c8d28bf0d80441e3489c19139bafbcbb7895093c5adf0210de7801ee61eaff83f1fe1871241b62691b8cbf6138e7c06a8ef0a0c5ea12585972eab6ed2b71ad9b610af4e641757e50096c5c2dfb6f312ae2868dd5282de7126e831dc0276f7840024532911e3714e4536dadf3e68c7c433017f2f82c7e072b7e3a47953a63524a090e5c34f0c49fa75301a95c7a9fc5cfda46728f9129f07c6967b97cdb11b40dcbc51d14cad38122798705149583e7de81f370fff9b1fee4be13d6784828f5a9bb2d9699b753b294be76f5a9dcede9fdd9fbc13ba89a8bf38415da4c2fef32621685db0110672a72a8007dd7a25b2520b147b198f8fa9457a377c2d23262fa798e7ffdca76df50a6d37991baa6dce440c8793eac03b1492d15c4f86c8ef26cfb53c28ef2fa9fbf5655cdd8d26de23a778dc13fcacd3773dd4e9b414161650a8194cd94aa3aa513c77a5f45aa44b116aaaf6497088f5f430222a95d535d9265f5bd297de4f70935f7edafccbe6fadc6b3350449648940f16f4b33721fe1ef86d9fb0e4a72a3463d1b137502dc077eccc5503e4e0dbb88b9d741ae1c4ff203fe872dfd51887f511529d72ce119525814e3256236a1feeb15ce2d5eee3d79bad00d09164acb6e6632c019722c5ac022488a454d2d1bf6e90d80bfee8578a77b23ed00f4e7295476775d43566515c1a6c8251bd9860f03f551b5efc07d06d8af12e57d9fb2a0f198bd1a6440c3ebb1842aba29d6c48a0f21efca0f4e49b631b5f026158a83b3a4c0b6b646083e8e033683989d6fa38280588f7285495b06334cc4fba009c73acea050107f4267f40d4a5804db6330a9e38f07e255732e9c56464adf8d3b557f1cc1329bae4bcce9030a4dde9ab655d8b3f91a046fff8e3e995f31b8a14d757d7ffbba0cec0aa4aaf7b25a15daabd424950b9fa005da523e4da51a3dd045248f8339e8c343addc07af233ee10dbbc289a6566383ace4fd0878ca981738680344e903df693bdb42d4c9e5fe1014fc1e77496581b10a611756ce227c4188a1722dd096806092594b00186d3afe238374885344e2e0b4fcc3402785b483ea28ee40d28517cb4cf4e5129ac07d94e8fe8fac62f07d7b3e4ab90c14a73de5e7b0608bddb1c6ae3104f816942ba3da11e6c62c5e20b44adc10445e7d3598aa2e7860c3f9badb37730320fd61686d863351a2b03552f8039842149a6707b3e674d93db7794435eb5be73dd5794a871358cbd7692055ee486096a84bdb6005a1a129b95068635f6fc238c1fc20d3d6cf89d10832a4e3c8f8a83d4c161ff243eed36f461ec9b8c31a0f5b74a6ff645fb992675da3dec64c1b7c910129aa0528fc0a8b90b982ec5e512379a36ca64f8dcd2b81cc8c95ea731aacadfb34c440cff92e6f7ec1bd7670a5360d3d1ed59ae7cc8fc6af3da69a6dd20eae993d1406e458eb850bf3d9787eca0d960625984c78d9f610daed3be853452a2b225edd6acd76bb23b9fe02a5b096ed6a95893e5d21832304dc5764eb42768cc67d9f81b808b4df09102aa2d57e079141261605355ab473a47764b94b60cb07f019f99c744deb25e6029458f27d6c445c2dd62e81c1ddbd39534cd9690e3539959d7f8b79609caddc7f7c29e71c34409f24ab726f08930144bc49b8f7e5d4b92d4f0538f5cf76c9411bd6e304f4483b1021595068071f520419399dd19b289d3de7daed3a43dce4e7d66a751151ea57398a0433e7e3b3b2505454b2ace0ce40b1b83cbbd8082f1a90ff3c785ff76f154158e2f71e569a94f28413cd5d26867f884b8ac3efc8c811a45622779f6db17feab6486042e7f214be0eb25a4cfc1baf0aae7ef03063b141f965b3e10b419f207cffec44db7ae272c9aaf3539456bb07f4b163abaaaeba24a522acede54be4dfd7c685fcccb63c385381637f95b632f464815dabb9c934ed61f549f9c116bdbfed12a4ca1a0936d9a5926584c66dbba70d58427d6c77a99e2db5310ea0073f4a21ac319b3f5382836408cdacee21f85494fda1d11b19370b6218a5f4842f68e7ea1aa06da68c02d86c014139db088c8a5fba9851144e7bf88fcb927dc3bcf70fcb136115644dac98cc50f6c06359c280ff856574498984dd6bb0ccc8021cb30702ade9009297820022d3a41041589f9c615768e53b0d39f9eb115ddc906735d1f42f3aff13a96b2f6f5834f8b3aada528104505d893ee27da577919ea89e2f85426744ce7e0d8f330e760b9e6425ee3d1ba1c43d04c49941f18b5879d4499cc8451396fe93673e80d3e2d9475bc75a837914da8ce125a1b144476aebee5fc3d8fa9a299a1493bf45b84f31225d1630e8d23be00f9780b46a93a3a51b456d4b164c86869faeef9aae6a852a2c411693f5b7b13df9a3f4228b938ebb932ae5c3398abaf2e73bcf8cdb82c6c1f1654f2768f1e3b724bb91a1f8eb005a33a7475ce8b835e91a22f20bb54bdca4fb8c08f68cad3aaeda85f0fb8918487adddca7aa51b5aaf7c48cec8ad989b569b4ade6d5d04617e6ded01960d31c09b6a9148993bfcdbab7d0ec5a5f4e1324af2f77b8f473c9cf0c7532f09e5305d9dd465a9e0213dc854848314ce142d20a2a4e8f76eed14d8f232cc6ad2810324afe5b85c34b3f95fea8d2939f599bd60558b5a06ac91503cfd776b75b78e2e6f65a68a50d473549b1751d64e33a5fcff691a7e7fa0ece77798a5a0dc5e5b8bb6c303c73ec36ade8ce80bb8a7a038e059707497200654fd7a032314e59044fd117731f7825e66bcc4dbe0aafd03c761d06fe41495dda37bae856bcb060acfed0ccc0930812ff147b96adc12de27b578b509520a162ee5a30fab34581cc80397a8cdb4502bb531838ded5ee3e18845f81e5e5690fc50c4f4f578c02ddb3f7fce23fa9fde416cebffaf6759d6ae2e1dcd46d3391b1a113e37a561bdc2f6842ef09a5a272ec6eb8cf872ad470b2df996aa40c9a40a01d2f019931f991c1c61a5cf39ec22c5b327df18f269fb5c448bd4af3d66b3fa4255fac96fee3d3efcd9944ad23e1e91cd63cbd444ebefb20228ae83b1bff0e138f6fc849aa0f0e5c5750efd761954a46078f5135bc3808678d08e42eb70a94625219525facfb858013cbf5196e00db830ed8aa536e9ec5987ce9d822ba5eced6c2b96f8096caaf20519170cd77e2dc910d26d4c1d4827b506fb6554e01ef1da948fbd1506b963551e24d0efb206bea8dfc792ae0c79a52252c7afabe94a91c5b96b10ad976d879d250a417ee3d79105ed30e86fa423eb7d26a9f7ac3a4310f3d1b7fb093a21b212f0cdbccdd2ea0ead90e89cc1953703ece3b1d9ebbaea12e8be2fb660a36056a71be58a1a32eda66e85a6ed4ac9106767e5c9fa4025d5370033102c40975f57fcf251bd944aa8f7fc937e52d674ecfc03e4f0bac695c5359921149f67c50b3f1ebce7580b2186249ac15a34c4d91e2404b4d9a32e9f1a014b134e8cce068e90eb58fad4b3f2d129067ad81af50f87f8f14e9bf920a6213a1364c13ec7a3ae55611115fc0de7d2303dc1e080310f5b43f825aa161775f2fcad6afdb9e5e5c3e8041361871c18e4e6309efe6d49fd12710bf55605295f279ddfaf33c50cb12f8d8bb396c5c0231b4214242027d589771785a0ed6b11eec8ec26e390ab96f510eef288f696037843749223c2ffb4731734903aa64671d624f424db768cac6dc9901fb5e64982b96e3a3e9df0b3444d0143372f60dea879887ea3be499be3c28a3e43a664971e3bc4b3786d1e10dca7f136052b101f036883c4120dd2b5f83732aff38812e15420bcf4fb85ad0d11150c176d18529298d4c591256cb173c8e4723b41655aa8dd1ac2e0b472f2677e3701ead4762ca91119a6cb6b5c75a28ae34cc5f5cbe2e5cc5ec4b30777309582b392615889bf99adccd8b36834bd651ad20040096e33a78c30c9975d255f1115a8654960d4a2a4728dc22b0b5233246818b56a7347b5a79b0a6ddfcdcc39d9fbf69d8914595118f0660f08ae40ba193142336a1c9fb8f943901c92fdf950ddc9de1cc6f5edee4b77226a1e0822e0d7066ed76c53b50b96f97795cdd3ec6e25992512ebe2e7649233cd4a34f4a9ae9d4ab1d59f694170dfc2800a8e6bd3a7b94007ad0764ec9e10d2614cb8853068284afe590326d2e8ddf2ee763054fbaa944a2f3a1f92a561fe9b3f32a5b32b3b0eb1726bb33253a36cc4867b3316cc5afc3cd84cda210a609aceb252c213c59f32fede8efedc2633c1f3ba11a25fe9ae4b1677e050a9e685a87b92935dd41c16975a8ef2b11d3fe1caba34f07275c268823f38f704f5e2116247a73115aaacb12e17a33850a25aa8559643b6c8a5e46c2933ef11a7b80e41d54ebc4481448e0a017caa4cfe9a2a555f00c2964dca8fc0ec298c852c90c7b5cf6f358dc9fcfab335c28dc721d957740a635b089abc07902ad518e0e262aaba35f52014747c07b17ad7c8b29e9f78ac25b54e0f5f5915d18327c2c95a4056ac81cd8a6d3171fc7f3dae51f5a08f5b82a18916d6dedb47301d9c6132ea3ecd195ab417e29a0ccb88560113bf5ad478eee4b70a7a7042a3de805bb3b5a3e293324ce64d041ef260683ebec6168f8185a27ed69366ca3032d57bdaf014932aec453729777e24b0319ea6834826d3d8bcc7dac937878fe2822a28ad66a560c96fd17a9f7fc516df26363067b273386a4f8bef7d0987e6879c133065198d0dc7cf03ba6f3c0f22241b86f70c80b507739bf4", 0x1000, 0x5}], 0x0, &(0x7f0000001440)={[{@nodiscard='nodiscard'}, {@noikeep='noikeep'}, {@pquota='pquota'}, {@quota='quota'}, {@gquota='gquota'}, {@mtpt='mtpt'}, {@dax='dax'}], [{@fsmagic={'fsmagic', 0x3d, 0xf3}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.941128] binder: 3000:3001 transaction failed 29201/-22, size 40-8 line 3192 [ 1333.967900] binder: BINDER_SET_CONTEXT_MGR already set 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000341e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1333.991566] binder_alloc: 3000: binder_alloc_buf, no vma [ 1334.010433] binder: 3000:3001 ioctl 40046207 0 returned -16 [ 1334.024630] binder: 3000:3005 transaction failed 29189/-3, size 40-8 line 3035 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x500}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x5, &(0x7f0000000500)=[{&(0x7f00000000c0)="e798268614ecf02bf8438b83542a1752563f6300e240b6e0ad717451c7f7f0919d8bc557bea0142e03c55b2ce6faf850f012e91c6a2ac1d9481ccb17eb8d7da6fac4f334de00bc1f368b73ce85a0496312d249e4b6877af0217c14ffa242390b22b1023e6e1af041283130521ee45272f4cdf0db70f29919a9456cce7b7c1f9674e0224cebfb985a207933f33b6612ca3725a0a8d31f5ac6e9d6be68b8793abb6319fbdd3aba1e90dc9a191ad8b36ddc96001ab3dce23a227308b38c9442caea59a1cfcc9bac27cf120ef4186a34fa90f77580df6e0cd3679d6eedd05fedf8446fa0c77045690f0c7e1ca7c028e369247d381c4bebc2ea0a3413b62d", 0xfc, 0x2}, {&(0x7f0000000040)="4e7796a08a246c177979829ed2932b4eee2cf959195fe755333c636beda01383e545704bb75d58bd73ecf14d4f915f2113", 0x31, 0x5}, {&(0x7f0000000340)="87bcaeb0c8c0259fb31965def79cd6e3ecf14302880a55cc8ef1e690e7f44e6c56312f5b7e5933e7be60bd39f5c7ea2eb29e1bee5fc171c0629884ec7468ebfb8b937591d4407f3a224c6c", 0x4b, 0x5}, {&(0x7f0000000580)="d6ffc1208bb60027332bb5f682ac1e32087f6c7f4f073ab49ea8b1c7fc95193c31681e736d936c1fdd999fec8f4fbcfc6be5b9c2e30539a53c4b78e13a1f430d1ae548c0ed089afccd82a2a902228742577a31ba6ff3a490a0ab7aeae695", 0x5e, 0xfffffffffffffffe}, {&(0x7f00000001c0)="275753c79438bae5c2078a98b5e4c3fcfe332a12f81a72e687ee9712fc9ba3c07018d613aad0f03dfa254048865941d03a701348805026df9d5ca6d7577921b283d0deb994d96c6c6361fc46b4517b6ad62095aa433bbf805dda22801df2c8f9f289a17571a6d6c4ad0be26d3fea2030dce17ae112882a7fd1c0804981b1bdbc33c9fe179ee6663c3bf6aa8fac8bea87c87e02acb2ef39c318e1868cc581e62a9ca44c0e46baf4", 0xa7, 0x800}], 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000400)='./file0\x00') r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000002c0)) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f00000003c0)='./file0\x00', 0x2000) 20:25:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001341e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:09 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x40802) write$P9_RLOCK(r2, &(0x7f0000000100)={0x8, 0x35, 0x1, 0x3}, 0x8) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000140)=0xffffffffffffffcd, 0x4) 20:25:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1334.217436] binder: 3025:3027 got transaction with too large buffer [ 1334.224142] binder: 3025:3027 transaction failed 29201/-22, size 40-8 line 3192 [ 1334.281509] binder: BINDER_SET_CONTEXT_MGR already set [ 1334.281528] binder_alloc: 3025: binder_alloc_buf, no vma [ 1334.306985] binder: 3025:3027 ioctl 40046207 0 returned -16 20:25:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002341e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1334.332781] FAT-fs (loop2): invalid media value (0xec) 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7fffffd) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/sequencer\x00', 0x88480, 0x0) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000600)={0x0, r2}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) getresgid(&(0x7f00000001c0), &(0x7f00000002c0), &(0x7f0000000300)=0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@ipv4={[], [], @loopback}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@remote}}, &(0x7f0000000440)=0xe8) syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000100)='./file0\x00', 0x9, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="76115469", 0x4, 0x2c19}], 0x1000, &(0x7f00000004c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r4, @ANYBLOB="2c6e6f726f636b2c6d6f64653d3078303030383830303030303130303030302c6d61ee36af25c3da4cef757466382c646f6e745f6d6561737572652c736d61636b66736465663d2f6465762f6b766d002c7375626a5f726f6c653d2f6465762f6b766d002c6d6561737572652c666f776e65723d", @ANYRESDEC=r5, @ANYBLOB="2c6673757569643d313f33366737397e2d653939762d377563372d3f7300352d3e31773238617f772c66756e633d4d4f44554c455f434845434b2c6d61736b3d4d41595f57524954452c646f6e745f61707072616973652c00"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1334.365901] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x600}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1334.510592] FAT-fs (loop2): invalid media value (0xec) [ 1334.515970] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1334.532747] binder: 3051:3056 got transaction with too large buffer [ 1334.548451] binder: BINDER_SET_CONTEXT_MGR already set [ 1334.555052] binder_alloc: 3051: binder_alloc_buf, no vma [ 1334.568963] binder: 3051:3056 ioctl 40046207 0 returned -16 20:25:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) accept4$ax25(r0, &(0x7f00000000c0)={{0x3, @null}, [@rose, @null, @netrom, @netrom, @null, @default, @rose, @rose]}, &(0x7f0000000040)=0x48, 0x80000) 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003341e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x700}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000351e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x1, 0x0) ioctl$PPPIOCGDEBUG(r3, 0x80047441, &(0x7f0000000100)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) [ 1334.717421] binder: 3072:3074 got transaction with too large buffer 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1334.770248] binder: BINDER_SET_CONTEXT_MGR already set [ 1334.775647] binder: 3072:3074 ioctl 40046207 0 returned -16 [ 1334.798475] binder_release_work: 22 callbacks suppressed [ 1334.798481] binder: undelivered TRANSACTION_ERROR: 29201 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001351e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xa00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1334.829186] binder: undelivered TRANSACTION_ERROR: 29189 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 2: syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f00000001c0)='./file0\x00', 0x100000001, 0x9, &(0x7f00000008c0)=[{&(0x7f0000000340)="362fe917551661dd16a64269813616aabd44450d89d9479f8cbf016b98bcd36d94ecc2663f4928619a0455d4591afe72296f41407690ce2581f9b71cb724fb4a2e2f88cbe0d3dc99275ed6644532486a4a954c121e7dca13f0d30d137f6e13db80a24fe032525a2421510edb59e57b6558d548128032ce233b68a285ac6e9d4a5aa9c12d2f940f9f6d8bdc5f6d55ad281d7f990f7f2b7cd1dda73de36271a98785b72c331c928e1bf6c7826e40cbe4cc", 0xb0, 0x7}, {&(0x7f0000000240)="e28b94f0533829ffd5c085c40ddbf13962be4bc5ae2f01a9b40a", 0x1a, 0x1}, {&(0x7f0000000400)="0ab0011ff442eeb773e6a474e54679228b8976fabba4d100006a341d58fbf536ca0a8c1d1d02bd2dd0c23183fcb55e6de263e290324be47a36e9ee5f43956b559a64aedc29aee870d4a07d39a21e01eabb69b65e5aeddf86", 0x58, 0x1}, {&(0x7f0000000480)="bdb14353a30f3cf2165e32f4a353e8e93ff855f952d7ae99472e0ddf62e1450948bc4dd1f295a72f9ea8bd2258d71b6088f2d429726dbb4791aa4252f85d190278e434020c25f801437f41f8104c6ef9e2194f952fca12d8cfd4f35e8310ae4987eee339fdaa3cfc820417c70330c12c12e5cbe56471e4b17b9df5d7350df08dff8c767a90912c020690f9237128d0791621af44183b30083ec1cc20aeda3f9e44e143969a3e66552f5c9026ac704c", 0xaf, 0x7}, {&(0x7f0000000540)="91a77607c58855f07812c0d33949f95cd59e96c626f2c89953204dea2698277067d8bc295f9b760a6f3ae51baf0c5773666f03d4f7befa42e1ab894493be154ee79cba56b384de606369200f8465dfc4c8af81872384d0f097c7de4e9706de23b23d3e9bdfa898e3fef92f3f1ae6f558775ed0771824357843221feeffb65229ac52ede2edcaab31", 0x88, 0xfffffffffffff06c}, {&(0x7f0000000600)="7e6ca89242867a9c7c39095c26236a2ab2c1826ea11a937adbd16b4c54c65c07fe5cbf3f57ec4870e5c5487e2ff2a747175029e581fbd41ce6f2df65d285bf321eedd509886815ae519a51d3760d915adbd90ba3a4f7f4b57fc334f186d87b63e882f94f43e9de0ccfbea203efeb8f72aef5a0a5d8ec1efdb226c6937631192d2e33f8a5e77e93088755a78ac440a25518bf157873b335abe1da7ad050703c9842ee6d766743d2f830e05d3c581d1a7a4cca5de0146a39b63a45b2b3583d9f0fa1fb286a25d986f5a9867e208396c9afecbb41ddcce5cd91e8dbb5", 0xdb, 0x5}, {&(0x7f0000000700)="62a54d416cdc9221ab19403cf295ba657868cae498bd849ddce000121d268d60276dca32087756fd529aaf0ec7edca83f6d2bcf1432ce0cfdd1999193ac95da665d6568a598cd0d42343fbed0d8b14debfa184603405beb6b7de265f914f053aa90101e283c6f10f654c201a16697471e633238ae0f9e354a677cc7750119cd3e957119dd90d0515f2ff035ea74f56470509fe8d70cdef08bb4c40ec6e938a75f9d06604fe03c8988b387828adb72305690595747e1f7f02e539b7c746334f3b313d48edca565a25f3b50159af", 0xcd, 0x2}, {&(0x7f0000000800)="87b43bc67b9b", 0x6, 0x5}, {&(0x7f0000000840)="cd2c347521996b4b3a4500b3a6d52a5018e2379a592ef380daf6212d8fd6de84da30ec32b8b88002268ab99d096d9c436c158727878b9f791f7fb040c68d7860ba49766edc5043b32ac89dcd73d9123f87d1335218fbbcdd16635f8f4e114f53e76a83cf91c3e6ae00cbd657d5a8063f48d550b998a6", 0x76, 0x4040}], 0x4, 0x0) syz_mount_image$vfat(&(0x7f0000000a00)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8"}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000100)={0xc, 0x7, {0x0, 0x1, 0x3f, {0x401, 0x7}, {0xbaa, 0x10001}, @period={0x5b, 0x578, 0xffffffff, 0x8, 0xfffffffffffffff9, {0x9, 0x7f, 0x8}, 0x5, &(0x7f00000000c0)=[0x5, 0x1000, 0x7ff, 0x80000001, 0x81]}}, {0x52, 0x1f, 0x400, {0xffffffff, 0x100}, {0x2}, @ramp={0x8000, 0x0, {0xffff, 0x0, 0x4, 0xffffffff}}}}) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040)={0xd8b}, 0x4) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002351e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1334.980591] binder: 3098:3100 got transaction with too large buffer [ 1335.026349] BFS-fs: bfs_fill_super(): No BFS filesystem on loop2 (magic=a5620a00) [ 1335.065112] binder_alloc_mmap_handler: 6 callbacks suppressed 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003351e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.065127] binder_alloc: binder_alloc_mmap_handler: 3098 20ffc000-20ffe000 already mapped failed -16 20:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x3, 0x0) ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f0000000100)={0xf, @capture={0x1000, 0x1, {0x4, 0x6}, 0xfffffffffffffffd, 0x9}}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1335.108472] FAT-fs (loop2): bogus number of reserved sectors [ 1335.143576] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1335.163465] binder: BINDER_SET_CONTEXT_MGR already set [ 1335.176102] binder: 3098:3100 ioctl 40046207 0 returned -16 [ 1335.193697] binder: undelivered TRANSACTION_ERROR: 29201 [ 1335.200521] binder: undelivered TRANSACTION_ERROR: 29189 20:25:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x2000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000361e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.227549] BFS-fs: bfs_fill_super(): No BFS filesystem on loop2 (magic=a5620a00) 20:25:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) [ 1335.351070] binder: 3139:3143 got transaction with too large buffer 20:25:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001361e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.401195] binder_alloc: binder_alloc_mmap_handler: 3139 20ffc000-20ffe000 already mapped failed -16 20:25:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@remote, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@empty}}, &(0x7f0000000140)=0xe8) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f00000003c0)=0x0) getresuid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f00000004c0)=0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000500)={{{@in6=@ipv4={[], [], @local}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000600)=0xe8) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000640)={0x0, 0x0, 0x0}, &(0x7f0000000680)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, &(0x7f0000000700)=0xc) lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f00000007c0)='system.posix_acl_access\x00', &(0x7f0000000740)={{}, {0x1, 0x6}, [{0x2, 0x1, r3}, {0x2, 0x5, r4}, {0x2, 0x4, r5}, {0x2, 0x6, r6}], {0x4, 0x1}, [{0x8, 0x4, r7}, {0x8, 0x4, r8}], {0x10, 0x2}, {0x20, 0x2}}, 0x54, 0x1) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.483154] binder: BINDER_SET_CONTEXT_MGR already set 20:25:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) modify_ldt$read(0x0, &(0x7f00000000c0)=""/176, 0xb0) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000180)={0x4, 0xa0000000, 0x8}) 20:25:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002361e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.514969] binder: 3139:3143 ioctl 40046207 0 returned -16 [ 1335.536551] binder: undelivered TRANSACTION_ERROR: 29201 20:25:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x2400}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1335.565735] binder: undelivered TRANSACTION_ERROR: 29189 20:25:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003361e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = request_key(&(0x7f0000000180)='ceph\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f00000002c0)='vmnet1GPLmd5sum,\x13vboxnet1\x00', 0x0) add_key$user(&(0x7f0000001500)='user\x00', &(0x7f00000014c0)={'syz', 0x3}, &(0x7f0000001540)="bb23b327e7cb8ea3341526a7cc18307f0e4e5bee09c7d7bc2aab1436395f3d38b9e35e4d40955f8946e8068683446ec0aaf15928a2309c34cb376c389eeea3111f3c86dd055a8f0fa22315da461ac29510d4123c78a67b4dd4a99fa53ea423c194a16a6dba1456088aae575c1d286edb1f63c54bb4eb082eeb", 0x79, r3) r4 = syz_open_dev$usb(&(0x7f0000000300)='/dev/bus/usb/00#/00#\x00', 0x8, 0x24000) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r4, 0x8004e500, &(0x7f0000000380)=r5) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$IMSETDEVNAME(r4, 0x80184947, &(0x7f0000000000)={0x16, 'syz1\x00'}) fstatfs(r0, &(0x7f00000004c0)=""/4096) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.684593] binder: 3176:3179 got transaction with too large buffer [ 1335.715105] binder_alloc: binder_alloc_mmap_handler: 3176 20ffc000-20ffe000 already mapped failed -16 [ 1335.759547] binder: BINDER_SET_CONTEXT_MGR already set 20:25:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000240)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0xaaaaaaaaaaaac61, &(0x7f00000001c0), 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) statfs(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=""/248) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000371e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.788949] binder: 3176:3179 ioctl 40046207 0 returned -16 [ 1335.810359] binder: undelivered TRANSACTION_ERROR: 29201 [ 1335.817417] binder: undelivered TRANSACTION_ERROR: 29189 20:25:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x3000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1335.970982] binder: 3204:3209 got transaction with too large buffer 20:25:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001371e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) r3 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, &(0x7f00000002c0)={@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @null]}, {&(0x7f0000000100)=""/137, 0x89}, &(0x7f00000001c0), 0x20}, 0xa0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1336.012051] binder_alloc: binder_alloc_mmap_handler: 3204 20ffc000-20ffe000 already mapped failed -16 [ 1336.035485] binder: BINDER_SET_CONTEXT_MGR already set [ 1336.054878] binder: undelivered TRANSACTION_ERROR: 29201 [ 1336.060848] binder: 3204:3209 ioctl 40046207 0 returned -16 [ 1336.069164] binder: undelivered TRANSACTION_ERROR: 29189 20:25:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4800}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1336.208356] binder: 3230:3232 got transaction with too large buffer [ 1336.235325] binder_alloc: binder_alloc_mmap_handler: 3230 20ffc000-20ffe000 already mapped failed -16 [ 1336.278476] binder: BINDER_SET_CONTEXT_MGR already set 20:25:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) linkat(r0, &(0x7f0000000040)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00', 0x1400) writev(r0, &(0x7f0000002480)=[{&(0x7f0000000340)="e2dacdcf3797754021afd67d451b9877454eeb56f88e6697149332515396c751e0f7db12aab0e8805768e8dcd13c9a2a8c91ea597425822ca82202f60b6867ad6e6e027c64615828fc9f79dd60ad2c0f7b0a522c1fcc3715b86c780a8fe1abe558a30aab8d8a412c4cba52cf0ab9adee78ea1ca2de1d7c6404c0e05509f3a89edad4653db00d283426c80ccc82a45536c118cdf0bf1afdca072c100649e6d5ff00a837f59815cb32e88a03b45d34d3ec7b846bb70abd2a4cbc0c4915ad4ad03839c08db45c5c4f0212f45cf51e78d4a0cf3d8a2c327b4ea406246148a1d39659bef5f5b1f1730f4aa8600d8f1ad835cc14de8667b16da161015f2e2a0b57f5c5ab70667c7e52b84ffac0d39876ea1a1651e843d365ac1595bf23940f340c61cbc6817f299ee559bcf23a86e853ac46c5b5439422c8b0389cbc1ee3847f80881135fe07b785a89ba4c6136d3d3c0b1c0e8298bf1a5f9bfbb157ef1f54d382dabbe55a8e2c5d0cfff0cd386e9e94487fb552f4e677c115b1c9b8eb33714fbaf9747cf14ad7eb548b59b447730b1da6c01c78ed13ec0ee4604030e2a52330e134a447116cb45a43e98f8eeddb10d2203eaba806e880cbe9cf64d99f547f6fb7f35890b497a49bb13c4d5131152aa02597447508a668d4192c19bd44c6f183676f6977ec40b2e6d0a2abd7f3d42ee3d876992cdd378023978bc42919c354557b3edc792a64e35cf86bf7f339e6196af38c7ba95fcbe148ba749d45a3be3155ae45e6ba4af7344110cfe54f90f9f0567d2d83d82161545edb88a4d78151ff76d069dd4613f675535cc28f0f9ae94e0bb1a1837ee1155571d1dac3ed26122faa9b3afee85067f7b1d4dc1d602d6d646f6cf9200ad0b087bbc3a31483ff8ac2355c9960ac2e079027a9950931a0c705ade9e58505664abefc6e81337cb73d7f7385542e8a7a69774d660c5ce0aabf06d05cf0b0ae993e8c819258a1fb06f76af27d05964eb2b2750a0c151b1e2b6f5e381da66b43ad5675c11816400d31861e1e48c37219da465675fc4e52e2c9114896d99d318244dd00cce49ba9d7e7f91d15b9d7764263d3cf96efc9744e2dcd21892867b960e4e16fa0874527033d4f93643b2bc53b3714283e97bc8691a298dcaa294f1424457629af90b4d509b0d99bc4ecd7eb79ced352c86d253004e4116cd7ac9d7ebccc7aa8e2f5bdc4ee3dc5f5a601764cf3e45e93a82a20d584c1be891ac5b18be62b24cda3c76a9b41f53da271d138c0a189f94f6c1480964e0ae7dd6f7b224fa34151d041604551281525478535fa1b830d1ed06797134746e9f5798a8f93d6c64a95c8134818634c00fe9388ab18d50a3dc69b98818226da6aa58cb37233588b342a748abbd5cd07529cbe193191225c8d8442ca4c72ca88813da4c5de653c5f2cc7543bd63d7e3488ec412aca7de442eef93744b6732997b2f8cb3e53657f7d2ae39eb96653a313a2ac3dd87c81f76ef8887d21ddd496591868f0b8fc7fa1cee2a0e8426ab179cb58941b431993c60164f85dfa523b8cc9dedfbc743a8503c9b04ff7ea53314f4ac83966e7168816a821b0d7a04eecb1fdd5572fe9337c20abbfc6a74e1cc7667842f213375fac6cd5dd6065dd73adb92c3ae693209e5510e202de582af5b85717a0095eadd959686299b6a42c04ef54eb126430f826b878fd99638fa1425b006d58199f15c58e7c262e41469def667991b9656e0082cb22a6bac4815f3c950626642cdbe94dd2e08693c5521d1fc5076ecf5749a8ffb69788a64c80b14b7fee82c500b029190cefb6c9a415ba47321d28f48fbd9e1a7a2c7e817b7ac99c586e2f8e1deb4943eab332309feeabce8272ce8201e55a7ee8c4a4c56e4996371ee2c8e03786397c6e987c143815e490bc9443dda12af4e04b160bde64c44195fb1374c3fcf4764bb1c7679d80e5e6b4c7807c17e9c38f4ed0e8fb8a91505ee676efee4d68bb6a14f8b858bfe7043f0aa35908111f9d3d8674d0b14c0710f59248b76905d6aa80f78acedeb555a6c54f26bd3c290ce10a4b571635dd41999aeac8de92b0070b316f73ac5d5b2d0bb9c218dfc12be13364c65074a84afbe40e078ba76ece5cd64039436dac9f093196dfd2e4100d419b570b9c7521d76307b26371ed1d9316dd7fa21a3aa4a777b418c493c6d7773f8b3fbdf0d33a4b92b75ed2ab7e1d26881768b7f0846a441d13fb4cc333d9d51bd15d7d9b75e85da429aa819c89c56b401b16eca14452290738960802a6630584fd649eb8cec5446874ec220ef11d2f1fcbf472c58e040416a87bb4be92c56c8f3a47dbcb2ef24b3c394b3a57db222955c13f10463ee08308b22e337dcf08573d21b8eab6c79af8a82a6ff1846fb29d2d63b7d14d7534a9aa0262311e129549c24ae506fb547f2dac3ffaf79e7085768ff3f89261ff37e5b4e2e7869bc6b3e9e0f03eae8f1f6b23037b2881289121b43f19921132265208b0d957bbc1b8e255627c75964a256f8af833274f36ea841a6cef74b074ff0fd87c8f0ba1b85d0082c40e03381b17d3073618f673c4001ff1175450cd3917027b922fa7c44c3c388295889a34da963f2fc67c4f9152e99706b0041e305d2209aeafc2496f890b591cb4e81acd832aeb9fa9b88416f6846c64b5ad16718e6f97695923bb1e3f36e5acedbde66e9f430f807ee045d423ee21e357d87e318ffe5f9139e708ceac255d240eaf4028d5ea034fcd9ee94c1545af3fdd769d278332dcd30e8dba2b85c84c53c7224402e75854996eec975d4492d5913d399696ce62f2ff1392f3c2781b886e391f42c87b5c89c83613c95e768a131ba54a053766e8df53284286ccda31a241517ca006e1e4735a18a66ba0722bbdb8ffe274ff6428dbc531be834d0c731390fc763accc7a9dc5171167ad47f4a0e078df67d77e479730013f0da0e52862c01247c1ba142e261fe5fa137336bba0b9458d6c1dda1863648605d5b227563f7d9a2070fbba57efa6cb66226bb5da69f6ff9348b340828d16253c27d17dccefbabeff56b0744c8bb2921b7f6679d5d5d6dc45575d6f209882c937a2c0807fdc43cb4b5551aa7775c04bbe368a55771909e3f259ce16c27140b8764a7ecf2794a343c421456f548774547faafc91da3f86b1fbb940990ec5d6a42eaa056f00aff64cc841462c5c0ae2e385fcc4b9d9a44de30793088065be0927b6446462e7ee2513c5d35bbff00e0877d97330b3b8dcecfa4084ded7c168d1d5c7ad789b207748003e5e86f54e45687042bb522be91e9a384f4089ccbff8f9134599d169b3334eef8cca40d97509c767b3c7203a0743b6b1ab68d4dc795ea12d7b75cf9eb4d106d10cd6c0b0311112f7c87ac920cfa7d63c917b884bbb55676fcc103de195d28637efd6ca74bdc2f087b4a354217fbbf120040c3a41e47434e59c87c42a4d6e0f3f65e8a4f6d32384fa8e30c7ef29e037541d3e5b23cb0260bc70552f2b0b18e458759f31f0b58c7bdc40c7a9e705ede00e253b3a2c68db2d0680319ee00034fe529052a334d9f6cdc4a88bec44511ed573d4ab6a3612452e715402d7971fabf528e70a105730aabae3065b15c8bddbebfc7da85b8eedbd4ef1438c3b9d388e095f1e80b3446d0affc09f4d81b1c8899b1b9997bb7d246e36a1af8ed2d3d470022c2c7bc83f855c7c6a4fdb713a0af4ed939fd040bf576a4c5b801094d3442b58ce8babd6e323aef03b84358cf24a906104f85cdd134ded642ed00d5b8051f8a79d904e37f2d9807c88d769683292765b65afc755120bedc43f9565988c844fde48e1be106877f45a3f091fce7fdaf6a39c9b83c2bd5a47b99ac040581e1e978a67c518e8b31361ddc6eedc0b0984f21887a128efb48ddbb1a804123566c6c0acdf64d5af86b82b7d3885f6ab74c5e70133b9edc1c3dd6ccff567691c5c20a4da20c93645d1bbd290dca7ee585eb0298fe782a520d2d87153212d851a4d5d612fa02dc317a0165201be9c302e05ccbf3ff5186f19b21a33bf2e6aa4bc8261bec6636cefc407780741ccae7438ac88225309bf250c3dfd8e7432aea43e59282008b376eb9030cd6fe225cec0d44da0312599536a83984c0574b7e90cc0bd7982909f538f422b58b65db6da222934aefc20f6de1a0af7ebd293b212a8c31b75d165d83fe0a0ca2bd35587f6b59f9fc03af179a1b69a89b72921d5b4c8ae7350d1d7b0735c33f3de6d3f7205896117c5f4c41bd35d54a4188ad199e72ccda0dc1b39f86e7b9d9d877e53665b5833b522c7e0a0dbaf27840aed1109c04a20e8d2c526772c5ee4a4f752574e262f58364c67f8f75f146a10e42c9f0121d709636794820586b4a5e66f445d93f8d76c103b3d7f44eb67ff808b336891e03b202e3acb01c057bba3f3b8d7f857aa46f91d913722ab0ec725d65c9688a5df861b58588d5b3a03cf8c4cd8a8718a8dc47cfc35042c866bc27a7dfe0c6135a1fa5e0cdba990442a16bee0a34bc614056ace993714ae3a370efc76898f680d45ad060da4a1185d6296598044683ce38d83e2de00537505a870a00834682ed5a88b88e3cb29098d258899be28a754b60b31caf903b1d6d00d406f81e1429c0f8f6109c3107d82545a1b502e248503a8f34f5f50173780d9cfb38da98b5bbde8cbe3e4b7f4f100d25eec079f88551c1a298ec9fbef8651b1faef1c3eeca0ed179e8e4d76cdd6cfce0047d77d82b1e37ddd3ce09e65702c232e667923b210fc51a62e4e32d0d81cd41a8aeea7abf87bee989bafe6054c0ecbbe198f715078cd6fc0c6a319b27b67fbd154a8d1b8fd73209437d4cb71e864dddf34a254ce2bd99f1fa801da6d54a45a59837280d00fbb0d65cff02acc0baea8a343d8c924526a20b8b1ed20480d780b19fb16748ddb5c06718e599e2007aad7727ed4471ec8aaeb87cbed0b0e0916ebe148b16d78168deda67cd92914e0c26ce7a920e5b3ad6f4dc2dbef348ba4513a5f5f7bc8484f096631b8a5a8bf4164607e65034bf0b8371651c65ac5318d0fb0ca608db97ce0d3b4ae6b83a4f2f67ab288e975beb8ba3ad0e2c8022addb746c51e3ee2eaac2c22f2a0ff96136b81e2a31b54fbe008544bda9aaaddccb9af788a9ecc03f0a2158747b9d9d360fac188f873321ee994bd024c38b98482ab2bb32b1a92be76d3a7c6f39f28fcff71ab62c7003b658cfe47fea507ad9b4c6ff3edfb92751b11a91bbfc2667bc83d17dca98fb24903fdb43891ab3895fe2ae5dddbf654573781912cba1477a1cf8e677aa876d23fd1731b06812b8c8cd6a21b8b31bea70ebbacff805328a004c8120f2a9f82be5bb6bf69d94c3fd80489a4d2b524ec739699d42179c164a88165264929de98495bd60547a04c4f1337b65a59d79ed706c7f557b43d9bb4aa34946b28a682b8316a78b211abc68c40374f4ede0c73904b22a7ae661d603602adb115ecb48754158db0c43d383ba263bac2b680fde64cbe7b8310650c0d4f19f9faf4f43a79384e2c759f4c500e433b9e91d8620b93d7e47ad1974eb0d72bdb02a564090cedae1a26d1ab17c0cf6571ecafbac64169631ee7b8e84ee1c5dbe1e83bf0cc8c170c521ba8dd22a57d65f0a4aea91524b0b41aa0f0bff630273a46e88c0366f4999a1fe3c8880a6e8c8adb2acb71f9cf6689db7b118a608e3725536158488a805900e3596379c8c92f62c0b1df2576a384e90630ec96bf24d6b1ffd82f45b0715dc8205c6fbe369baa7a2695b1bd23b134f8836fd053e093b6cdcd7cd5e651f4bf1145db1f04105", 0x1000}, {&(0x7f0000000100)="0873f92644f9273f0f2d7e0d8af896d092950642f90796b396c185b5bc55b2311e1d24cba3deee6a38146090336ae6d5b096371f7e55e64b", 0x38}, {&(0x7f0000001340)="3d89c125f1574cf3c81f3fb43a8dbd5e2702004acaecf4394ceecbe2cc15a398a418981b9e3dd2d832b4fc20bdd0d118dd73ab3605517f01b4cb8e484c80ac7b14c9abc5076bfa4e5904516b5d8561c4ae2a9fd374fc415a96a9e2d23f6299a857cf87c5fe3cb6b373f2a2fa42cde5aac3fd1621bb3c81a4d2d6c8676c541081fd26f233ec2eeadb84c687bfb860e7b0c85889b95ee88eee6f2103337221a3e90cf50d00f57fe0315139c77b21f67ddf0daf0a0222be6241937dc38073864d2eb6a61cf335a941ee16183b3662ff1780e947377b92848a94ecd03c240dfb7a231ba24df616192ce3319448cfd01d33039d51d39f3b487182b6698c6284289869da95f75c1a50153bd5996cc552ca7096bb17450cc83b9dff7d304bc3cae119df78e36bc54d3ee0e11a1427cf95f68f89fa7b1cf8457a4e30a37b293d7899dd15ec602dd271b17ce71093305a2f04b1b3ccd49d9d65a71b49920198d54d24df568aaf0fd28d5e1ac87a50e6601aed7c0e93644144762993f74341cc839db0e89726cff36d4085382e08e86dfa56e8e394701984b0526feef7a346374ce072eeb9da202fe8c4a8d21f41ba2d45de812da24d0f68b16e7d3f17a19ad269795e7ffe85f677b8b4cf7682de89e56038249ff437991871294a2eca961ca94a6bf836b40d7c3d6486b076e1fe241ecd871bc4e516680d6df4990d88eb4771cbd49618166d58f97509966343bdcab81598822ed7731601d433e7af7b5a208b802304bab29cacaa7d143c35c44376588ad2f85f266971793c57e34523db21aadb66577c44464f2d4d17639f1ad4816a94768dfa6d485746038207e99c6666797b754b7cee3c8dfa8ff4b19ae369d2b5d2630b8306598bfad9be819866b64633b375be8521262b80e0824801c5ab3f628a546fc8c50ad206f9bfbf86edf99630b97a0264f75d1bdf8b1c4cbe48fbf5b195d241379de47af4a3e5060369c9238d6da777298471d4d566ed2530b209439514365f0842fb9b1733f436734858a7f152b448a69c1b29cd05a01425b2911ddb62aa52a9ff0c97359b4d159ee603025890ef2a05d1da246802ecd4cb5ec1b3c293c1527526c6775a1c346bd7f6c1804a2b9ce6b0e47d8f09367d75d5c5949656ed803a85a4f9d4283c029ed02294809b65854d1b7ac8b668905584c676b723f07bf89a5b1a9619ef689588e5558361e4eebc0ff6d40340b361539842be36d22ccc45e6e13805829ac2ca91b11814b49580b47ceafceac45048189f63b27bde16c9aa0547809c4223c55bd179a541d57ddb243185b52538a477ab3ca697802af060be2bb530cbfbb945333896504a93caffbab198c14cf44c8102ffce7ebaaf83a85a2486bde9b3194b90811c73f4d6c733c51ff62e12ee0957b92d647b31c5a1473a97dd16b69fda1f748e0bc9f8c86abcd5990c84203c80fa442035dfa1304736121ccd52e043d5d77f2beb6cf9931c3cf14050fb1c3e2f0febabedb580a7e183503bdbe87d96013381ac3f6ce23de0c2e5b7ee93203738afed7880cf47b24e23804a3232e3d6235c29630cb2bd29efc51111b1c8728f8ff8fff9cca21f3c777d70eae66aeb0414e64803139ddfc2534fd000997ee4af00aeff0056f48e6c3e687814a2546e6301a72b5ec23fd326ba7c20264a8dcfc9903b28faec4e27ab6af3681e9fce0c6c3b267f94d90dfdf9a666ab3b1af2bec58badf6cd1cff2300662d0a3db8f14c46cd0b039a6685c4ed63f966e045ace869949c939147c8b256601ba28de4010118e8c9173f1a5e12617f1b4a9e8f3b32962af76c33d707beaa5d3cfe0c36f1fe14e065004889fe022f9defae3ca03f26b5a9c3fdb0ddf5af8ea8539bfa834b97347124455ef3465c72f996cbf6d8f6124b9ca147a65ed089bea08b158eb7fb2a56d386c48b5f83d29f433d4e851b0d574cd81030f5c2ce6580bcb0178737773fcdabc364d6f08d236a68136421cf64f9f43b925b1ec9a73336afd48955a592520dec024dd022ea752ad1c4b5948f6b0ad6f4572bf2d47a63c4a1b3167b40e0a7be3225c30e506faf0b9a26035ff3a20ebfcd8fbfc1530fdf2ac5eb4d8d7320745888553fa7e530b4b8811baaf53aa2b69c8ee6ab664ce164dab60dfeae60e1ef0c2eef6d0d37889d3031844c27420a3aa58f9305bdd79a8903c13d46ffce5b36ebdb5e2f0384219b89a918ee96cd82e54b95e265cfc643ae86d7f81334f989f240003a451923d2cb76c16d729229953aa18c2a51aad9240cfdb9342ea90d8f95ec6a103053705799f37b76242212d737aa5017a6f96a00b41ad656591bd7fb502c24583b1c61bb6181bcaef1678254b56fdc966e528c703405edb84f3f0a4dfbfa27bc3f9b8aabe514f9958b78e9c6ca8bbcd97bcea0699dc34d520ee8c772412e321eba38a492a35289b2c5c843b36f36b7321e90b070ac27890b11e9cadea623a61693d25f33d1337995ece60b58d074068856969c749df320fa2f4d49a806b744ba446da620081e57d734483c2fab7f4757ea595b5e3407249aa3ecf54e7776cc0f28dfcbd5932f696d7860f28c21c299d22c4b02a72101b7b355a6881ac9b356987ccb548a30117f3ed858e1e1f386dc94cb8ce2d6282c9264fb57942aad226aa36a6c09ec868b1804d2bde43f25c0e3d744075a2f01f73079825a1411eb181051602ff86d30520a8592f95afeb1faf021081912114a0ad458a875b31a88269422f46298e9e32e9bb9af27351c98979c6f639e6b1369859f0f244274131c9d118165da517209e0009bd829f51ebe1a3e63137c0609136003a039fc3f83801afa1b080e1dd4da143aed2de14dc4d2e2b601345c79936a810703eb92795d65bc7654597880119e6fb7d58ebeb8537efa0e6fac19e809e5a9d26e527528e3eedea40b653ac90b69ce2e27fa968e040e45068bd17beeaaff591bb7faec8166e5aa17d97a127cb75fa31c61a98f493eb6579a02ffc9adb965e71f7eec393ad0ee22764aa202157f065ab1de8c3d61cecf3db67061420692ef48c95f04a1181b2b001e13dac829f5b8ab0f1e1050ddf95c81fa75202672a6f3074a1dba8c834d3eb134353b2bebdd880c7747ebd10aedbc1451e6ccce87a4e79d62ca62bcb6cb0803a8ccc2d3f50407e4fbc432371aacbe6db5b77bd0db068ddf3659b6af25464be2737a807538678bd00ef508bc51f4f35db1696e957f52dac8cc8a2c372e49bffa9ef59cbe075ea76317937cd45843e92296f222f9e11dd5ecc1c6bd5631fa82b119c8a751ac8b5b6f5c97369628981aa610c39b16aa7532f3da4011c4743528b45b995d30afc0de78ef079d054451dbec326e6f16861aaa809d4caef2374ff5fb12df70a5eab5d8bcbf53c62968e54f357960a4fd6149872bf554ca828cd9459b4cde4f2c179ac159b542c0f62e3addc4d34a5fdd704bf7705f64c5986aa6adb21a774175b0a3b8724623769b6e76d31b4600c21d02140a1a71729e7ffbb81027b8bc52d6ba0d3000a1358746fbdc8becdaecd31c02f7fb375e7e1e464806c4cfbe15e6733d0b589765c95311add6413c047b94928683715f29b76abbd7d91b877fa6cb067f628076817cb16253c6e05b69019308d271e447733bd6f0e874e0faa3fccc746ceafed58799f0b375f015c1142c45ad5bbfec5f0f9594751aa8b315c219d2b9eb858a6de007215f884617deb68ff5d7c41942e67cda991663aa0e52408ce6ef28258961552c0b6746b64a046abff958afcf5faa2b12c8ef0c57c3f441df9a6e09ca18b652f0ea59869b1e4b271d5a3ed716f4dc10af2e415c13e4f59d4d5cdc94d0ee14d108f40ed621fe48b51a41ef2e168bd7f0325cb06b5c994a65e803d79d086fbcf8feb0004ecbf6c79719fe5868aa56fa60a5d6a06226ddaa00b5b5fd12bba30a566fcffb40a487bf44df3b591a3013a2b41f55d65eec8876723fa77f700f8fe9a7148975a993ee6d6d4c7552ab66ffe240e438682e5cca88272bd5890cd956e00ba573f09da7e296b11fcca87af9ca342f3e4915fac1d3883b94a27d15e690fa541752e56a0e06647e30ae520bc54d57f80d3f50a84841b6d4534efd366c7d597af8aff2594ccca5446385c80dfe124b2813823c61c86763cc1210a5e40b3ebb4161a8f18827fdd3b7dcf645e43cbdf2f664b55f8faf4f79e5844e09ffb58fe3e4aeb5729338ff17630c64e3f63f508b6080fa2c5ecc1c102725c02ba407d34a2bb75cc596bb9212aa0ae6642025346510c3803dd9936743a5e74515f329030c3c209b05da3febb0f560922548092b026f1b0739a2ed57a1368654ecfdd2a359c52bbac34d3207ce77345daa947a29015c4594852dbabaa62ac0223060dc66a118c72b3345b949a575fb48d7810811b45f2aebbbf76176a1ab989209b4d29030fd8250f7ec3bfdd704d02729018746b9b2bed329bf8696850b49362eb58b3cced3aa6f921688a3aab7685b206f1ab3f09550e998673a4670a111d7f1b20bd39ae518c6f82d76897b9012c06c65d06a4e51d6d7c39a3b3cbfec8a95e2ca6eaa9efa18c33ea6a68d0509db5b1223419b0bbe7ec4181ca18a40a349fc8d0980a0a6b76ce740e2a9d087cf207d6ffb04b1fe5cf4a7681c59afd3f24578ef2f39db8655fb1d07d8f8df8e60ff261c2ce70614bc6a62f819be3488fe513c27f6361dfd0a632ade5ba0350cbb7775830389aa948c22dc261fe67c6db77b0bfbb3043722ff0c45e250248152bf28188bdab6d6c746ef688d5a2264495a2af85a93241367232e262b607e20bb80e7f2ad3ac775454f5259afe475b26f17ac4f97389070edcd3b347cbcaef404d2809ce294b56e7cb20b129defe111cbd58cf268fac5fbbf950841863f49d0f88f6dba51ea7d4003d82f2ec1b900fec5103390d652f6cbbf66a3bb42d1a0a0baef9bdda1a817c5a2ab39686c86e75c625958d9927ea09b15046e701e64e946cfa32911098b1bccc9b93aa849084a0c9d9ae0c6627a3ac0f36005e52f901a2d67b0e98a5c2ced2bd2eb0a5aacb62872c412af0926d1bccaeac271ddf53018d697956335336646c27e7d049089ab78b05d327ba21a8ad6d3d54ce9e772e1b1f927779de02c21e76948e57f4a1f76b7672639053e0cb5dec312e7e1f442cc45d359a9ed504163bf2682832b68c819b8205741d5d4ef7fde213b700a16a7e1ec4429a47556e4126192cc3362c0613676551ec4f5b0fcbefb568644dd3f5857388687c61d6473700b7a5aea80c438e8b5ea7c9022776e247aad3e8529261afcb6d80395375c915e99af7d7d39cd7bc96726ab0426c9922ce4e6984c1bcc7ff5299114cab47948ac32903066ee06d759aa59e8e07a1ac4155fb5b1e18032d6bf92c59daf5b4c2c32e58811c938c87f6bcdd91af145cc55cad68b26ebae480153442e7b9f6ec12c686dc889688789f997bb5879e191f03eb307ed79ea654472327b00807eb0eb9e1e3cd530c9f35203cc9085ec6cef8d0f65fc6ebe43038722175545c72660216bf3bbf37f7d4ada0d0100ced1abe614477881bc31e6ae0ac3694ec5dcceb658d7782972ae5d4d31358d5e59fba5b07009e8498391d979441086b7c91447dd808ab395c29c76ac6a9a7abb82e1b1bf78f89884729e8810ac25b708716b6482cfb2369ac0fd90ded80a90af26efafe5cf9422ce877db9b2b58a29be6bf82ba0095e479b6098a35fb8bb6006f467a1bc1d730da8f22539a774452029a3e8559acc054255628ee00f41ebd6be58d6d040319f22fea4efb5857a9a1f0b", 0x1000}, {&(0x7f0000000140)="cee6746c90783760531acee8b0a687d4780040cc0383ccf7d8a5eee2dd8afca2f29a7c5a7fd0a6b493ae4dbd3f199b60441266d8de2f3635ae23e21df9f835d6f74cb9fd91cf59c99eaf3e4b891a58772f86f327bea5b6f05a400a26d7986334e0197a8d3aff3a357637b53c19acf75871d1e2ae4cffbf9744bf12e78785d19885dc91f0519169112398bbc8edde031a85e9356976a8aa7e6aef37e04d152bce0201dcb7bf06f6c9f1d9c5ddd75fb24038724e9058", 0xb5}, {&(0x7f0000000240)="a686b9f6d4d9cb65", 0x8}, {&(0x7f0000002340)="f6b49bbadf7914ec017edc30eedb9cc8599e22a576e3b710f4e78dbb8506308e7e8803dca6fee05cfb0ba6330bcd09f180f093e8b7072a3ea2aec2ee0e2dd18f39d27b22298301440246b68cf07f6113585328c5522dd30ff87ac4713c4dc1ad735d34e9bafdafff983cc56b76bdb7b0db0f31b127e6696de082ddc9f6ad71454b61f0f96efe2d8eaff713e97aa24d178f89b7ba07119f03827905bac6395bef60ef480d3d7954d7c67e5179f5251fcc827ab4e99f7ae96a313d9a2aa7430fef1f837cc8b2e9488ba36c74f2c12594428e5f10d56c9946b0100db504633bf1ddf1", 0xe1}, {&(0x7f0000002440)}], 0x7) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002371e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x6, 0x1) ioctl$PPPIOCATTACH(r3, 0x4004743d, &(0x7f0000000100)=0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$TCGETA(r3, 0x5405, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1336.309875] binder: 3230:3232 ioctl 40046207 0 returned -16 20:25:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4c00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003371e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1336.447054] binder_alloc: binder_alloc_mmap_handler: 3252 20ffc000-20ffe000 already mapped failed -16 [ 1336.462787] binder: BINDER_SET_CONTEXT_MGR already set [ 1336.476134] binder: 3252:3255 ioctl 40046207 0 returned -16 20:25:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x2, 0xc1) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000100)={0x100, 0x1, 0x3, 0x22, 0x1, 0x0, 0xe}) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f00000000c0)=0x3, 0x4) 20:25:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000381e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3fffffffffc) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001381e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1336.671183] binder_alloc: binder_alloc_mmap_handler: 3272 20ffc000-20ffe000 already mapped failed -16 [ 1336.706559] binder: BINDER_SET_CONTEXT_MGR already set 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=""/221, 0xdd) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) [ 1336.727999] binder: 3272:3278 ioctl 40046207 0 returned -16 20:25:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6800}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:12 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002381e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1336.884602] binder_alloc: binder_alloc_mmap_handler: 3302 20ffc000-20ffe000 already mapped failed -16 20:25:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000001c0)='./file0\x00', 0x1) setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, &(0x7f0000000340)={@in={0x2, 0x4e23, @local}, {&(0x7f00000000c0)=""/236, 0xec}, &(0x7f0000000040), 0x1}, 0xa0) 20:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1336.932454] binder: BINDER_SET_CONTEXT_MGR already set [ 1336.949590] binder: 3302:3305 ioctl 40046207 0 returned -16 [ 1336.959515] binder_alloc_new_buf_locked: 6 callbacks suppressed [ 1336.959522] binder_alloc: 3302: binder_alloc_buf, no vma 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003381e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6c00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000391e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1337.126535] binder_alloc: binder_alloc_mmap_handler: 3331 20ffc000-20ffe000 already mapped failed -16 20:25:12 executing program 2: r0 = dup(0xffffffffffffff9c) r1 = fcntl$getown(0xffffffffffffff9c, 0x9) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000040)=r1) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x0) [ 1337.174431] binder: BINDER_SET_CONTEXT_MGR already set 20:25:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001391e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1337.218991] binder: 3331:3338 ioctl 40046207 0 returned -16 20:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0xffeffffffffffffd, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f0000000100)=""/114) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x4000, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x33c}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 20:25:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7400}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002391e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='bpf\x00', 0x40010, &(0x7f0000000100)={[{@mode={'mode', 0x3d, 0x2}}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@dont_measure='dont_measure'}, {@smackfstransmute={'smackfstransmute', 0x3d, 'vfat\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x7f, 0x0, 0x38, 0x61, 0x66, 0x37, 0x0, 0x36], 0x2d, [0x77, 0x34, 0x32, 0x36], 0x2d, [0x66, 0x36, 0x33, 0x66], 0x2d, [0x77, 0x33, 0x31, 0x39], 0x2d, [0x77, 0x37, 0x35, 0x7f, 0x7f, 0x77, 0x38, 0x37]}}}, {@smackfsroot={'smackfsroot'}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]}) 20:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') sendmsg$NBD_CMD_RECONFIGURE(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r4, 0x28, 0x70bd25, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x24}}, 0x4) 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1337.387363] binder_alloc: binder_alloc_mmap_handler: 3357 20ffc000-20ffe000 already mapped failed -16 [ 1337.425747] binder_alloc: 3357: binder_alloc_buf, no vma [ 1337.425981] binder: BINDER_SET_CONTEXT_MGR already set 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003391e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1337.479513] binder: 3357:3363 ioctl 40046207 0 returned -16 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000000c0)=@int=0x40, 0xfffffffffffffff4) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000100)={0x51, 0x5}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400003a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7a00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1337.706376] binder: BINDER_SET_CONTEXT_MGR already set 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400013a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = dup3(r1, r0, 0x80000) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100)={r2, r2, 0xb}, 0x10) ioctl$SG_GET_TIMEOUT(r2, 0x2202, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10000, 0x3, 0xd000, 0x2000, &(0x7f000000b000/0x2000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000140), r5, 0x0, 0x2, 0x4}}, 0x20) [ 1337.733887] binder_alloc: 3388: binder_alloc_buf, no vma [ 1337.747328] binder: 3388:3389 ioctl 40046207 0 returned -16 20:25:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x1000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) sendto$unix(r0, &(0x7f00000000c0)="bf127929802d9b9350c3b14819756f0dcfcd1245e132d902789b3c27f475ec8527cd773d95e201737abdf1b023407d887d04494fe6bba9298713cfa8e0fff548bf4828b1a5647c5e98851cec36246e1b8b18c0eb13205a0b40e52c6590d99008e4a45060d40b", 0x66, 0x1, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e21}, 0x6e) 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400023a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1337.860394] binder_transaction: 25 callbacks suppressed [ 1337.860406] binder: 3404:3406 transaction failed 29201/-22, size 40-8 line 3192 [ 1337.881286] binder: BINDER_SET_CONTEXT_MGR already set [ 1337.886778] binder: 3404:3406 ioctl 40046207 0 returned -16 [ 1337.931648] binder: 3404:3409 transaction failed 29189/-22, size 40-8 line 2896 20:25:13 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='tunl0\x00', 0x106) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400033a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x2000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x28) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.091686] binder: 3425:3429 transaction failed 29201/-22, size 40-8 line 3192 [ 1338.129881] binder: BINDER_SET_CONTEXT_MGR already set [ 1338.148851] net_ratelimit: 24 callbacks suppressed [ 1338.148858] protocol 88fb is buggy, dev hsr_slave_0 [ 1338.148862] protocol 88fb is buggy, dev hsr_slave_0 [ 1338.148918] protocol 88fb is buggy, dev hsr_slave_1 [ 1338.153833] protocol 88fb is buggy, dev hsr_slave_1 [ 1338.163921] protocol 88fb is buggy, dev hsr_slave_0 [ 1338.178988] protocol 88fb is buggy, dev hsr_slave_1 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400003b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.211595] binder: 3425:3429 ioctl 40046207 0 returned -16 20:25:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x3000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:13 executing program 2: r0 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x3, 0x200) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000100)={0x10000, 0x400, 0x54, 0x5, 0xffffffffffff78ae}, 0x14) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58106d6b66732e660100000000a8fbf80000000000", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x400040, 0x0) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'tunl0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000180)={0x1d, r2}, 0x10) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x4000) ioctl$VT_RELDISP(r1, 0x5605) ioctl$VIDIOC_SUBDEV_S_SELECTION(r1, 0xc040563e, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x6, {0x8, 0x3, 0xffff, 0x8}}) 20:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000980)='/dev/snd/pcmC#D#c\x00', 0x101, 0x80081) ioctl$SIOCX25SCAUSEDIAG(r2, 0x89ec, &(0x7f00000009c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_mount_image$nfs4(&(0x7f0000000000)='nfs4\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x7, &(0x7f0000000880)=[{&(0x7f00000002c0)="a8865af39e12242108468333be4a987691aa87c561eae0806fdf4709fe6d5798cb398e52579490bd49605db8b6bb8bbdfc1d29d1b2e2c95268e0aba432e2455062fd1383389c7edfba5c7b044498a61d576cf3a282c1410dc9af3b8929752203af4a7fbb4ca9080c3a1db8d1686d44df93487ea5dfdbfc043fbdfbaafee2a0c1716e03d24b0022ac1313bcfb7ddac52a49ac9e7c3fbf18d8d798f3248fc74c67c15fc20268ac782aece6522bb90231861c1f67cc1108e80e9353892258cbda2a91dcec5f57bcb5", 0xc7, 0x1}, {&(0x7f00000004c0)="b76edee1426faf6d0b7ef3fb0e88ea738987ce2ce039622faabdca68a44a110c626369e4cb8126f2d8391764495ff15f98d598983301de91f369e605bcd78a01179cb7c0ee2482c379ca8e1085d9e51f9074048f196760b680551d5186a9664c55ea760f81ffd8bc06e55a9b553d5e0f03fdec136673455c9f35e25dd82b51f2054866e7da7bb6ff7c213251e6fa644ef1b3b678bdbf467c531bfb429e06bdac6615773e0c0378f7b5efc377869fb386c423634139cdcdc7d5229c8de75341f7e87fac85cb80", 0xc6, 0x7ff}, {&(0x7f0000000140)="ba868746c357afde9c85ea052ea7d052aaaad765115b4c3fad63fd578e4ae4fd7eca811e8f6b95853ed51578baeb96c8a819b56a2a879d4d98c682f9193c8764c851ddaf20ab0744fe21a9bb913c0c7ad4f3a93d037ccd472612884bb58b2e87efbffd7438f4862f26eff3f3cd9ff7646c98bd0d56f676936b2fb9a1855a72a16727ce9d6fe5048e22c3a6efc2246b7967546cc34d8c568f14b7401e51b086bb071b2c5ba0fda19ab43d6b041fe6eed5600ce5127c725f789d63a9e307b1", 0xbe, 0x9}, {&(0x7f00000003c0)="da798eda208568b584a444fdc5825e3e3d1fa926fdc3fb434b9d731445324f0691639709b5fe4f202f3d5a3f44c1408c12ecaf961a3e024731193686474a7dc008031c6b452a26b7136e0165d8ddf43a65da7120aa4e9a40b7d14675ae5922e5cca8f547b99e1b0f5fb352425d5dca9c344a70814215d37465e978686a8a236dfcd29e6f45da96b514b9612af29a8a4d9ceac65dd6f942aeb5ccd3c63cb509ff05e479c051fe6e9de14531b975db1ddc04058f173483467df0f8c23f96299af9", 0xc0, 0xffffffffffffffe1}, {&(0x7f00000005c0)="3959d606afe0de95729aa1b6a2fe4a0ede03ef2398a386ee853ad281a9c39bc2921e6a84112722239372ed55cf4e7ed74d6d36a47d457e50f06b064aae9fdf3c5d0982716fbce55d3c08a5af96ee8e69c4d471ca1177a59ed62a7b1b1481edb2e9c9ffbb41d00569209eee109aa55d8d4c5e3d31d4a60058484fccfd9bdb73830c3ccead31573cbf03988d777b0cb177bdf3198e56b1f9ac56c43ba5913846757ead8b25982ee844a0aa377c15a2ae13391765c09f0469021246a4dfa2bac8a6e160e81610efede9370e3981e8c01fd374e8b1395ee2fc7b864c48db28e97f08767e9ea2c6644b44", 0xe8, 0x1}, {&(0x7f00000006c0)="fb3b936a88728944652cad3d3213b8a0dcf50054219703e6f9cbb3ebecd5dfb08a3785265be8229394435d47df0ac5e3d2ad2c261470ce1598c21d3734f223b1511cdfbc05ae514a8365e1226e45e344e52b44fb73bc12bc1f24a7d0091280a384d720e055c1748000ae9572ba5908d1194034179ece35b38d6a9a6cc408a8b905f65b5c3e72a01d5d09f32f809333ee59434fad470578f5acf8af044d366569c6eb9d6e0cd1ca99241ef52c00b1f675827577cd94d1a3d2548737e9ddd6ba8ac3dfdb", 0xc3, 0x40}, {&(0x7f00000007c0)="45df09537ed8a54db1f019992c84a626d4d4ff2d28aa65d719f20a547d386038fb2e21394dc6a673c4bc6d9b319be21ce0bbc57e25d8c087920c408c4b7bd9b7ed6cd421205905309fd3e30b877aff22a31c8c210a66186e51f335722bd36269ffa53709a325c1d2c345ae806a8d850cfdabde8c2087b62b2cf8ea8f669731ba187923dd272d39bbc10b3d697f07ac5e12660722db0fc53eb1c1ee5b", 0x9c, 0x1000}], 0x18420, &(0x7f0000000940)=':ppp0*.vboxnet1}(+}cpuset,\x97{\x00') socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) getsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000a00), &(0x7f0000000a40)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400013b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.345562] binder: 3448:3449 transaction failed 29201/-22, size 40-8 line 3192 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.388834] protocol 88fb is buggy, dev hsr_slave_0 [ 1338.393933] protocol 88fb is buggy, dev hsr_slave_1 [ 1338.399104] protocol 88fb is buggy, dev hsr_slave_0 [ 1338.404159] protocol 88fb is buggy, dev hsr_slave_1 [ 1338.407717] binder: BINDER_SET_CONTEXT_MGR already set [ 1338.426720] binder: 3448:3449 ioctl 40046207 0 returned -16 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400023b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.442926] binder_alloc: 3448: binder_alloc_buf, no vma 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.486176] FAT-fs (loop2): invalid media value (0x00) [ 1338.494690] binder: 3448:3458 transaction failed 29189/-3, size 40-8 line 3035 [ 1338.505863] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGFLAGS(r3, 0x8004745a, &(0x7f0000000100)) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0xfffffffffffffe4b) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1338.592819] FAT-fs (loop2): invalid media value (0x00) [ 1338.617822] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.636742] binder: 3474:3476 transaction failed 29201/-22, size 40-8 line 3192 [ 1338.665741] binder: BINDER_SET_CONTEXT_MGR already set [ 1338.677372] binder_alloc: 3474: binder_alloc_buf, no vma [ 1338.684725] binder: 3474:3479 ioctl 40046207 0 returned -16 20:25:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000240)=0x8) r1 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x18, 0x22002) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0x4020565b, &(0x7f0000000040)={0x8001005, 0x6a, 0x1}) readahead(r1, 0x9, 0x7) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in=@multicast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@local}}, &(0x7f0000000180)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f00000001c0)={@remote, 0x16, r2}) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f00000000c0)={0x4, 0x20, 0x1, r1}) r3 = fcntl$getown(r1, 0x9) getpgrp(r3) accept4$inet(r0, &(0x7f0000000440)={0x2, 0x0, @broadcast}, &(0x7f0000000480)=0x10, 0x80800) r4 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r4, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400033b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x5000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1338.707731] binder: 3474:3480 transaction failed 29189/-3, size 40-8 line 3035 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400003c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000100)={0x7ff, 0x2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000000)={0x0, @aes256}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1338.854543] binder_transaction: 10 callbacks suppressed [ 1338.854551] binder: 3489:3496 got transaction with too large buffer [ 1338.869008] binder: 3489:3496 transaction failed 29201/-22, size 40-8 line 3192 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.908506] binder: BINDER_SET_CONTEXT_MGR already set [ 1338.927740] binder_alloc: 3489: binder_alloc_buf, no vma 20:25:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) io_setup(0x9514, &(0x7f0000000000)=0x0) r1 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x5, 0x20000) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) io_cancel(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x5, 0x883, r1, &(0x7f00000001c0)="8c237df700f3cd4cf5a8bd54d0900381fca0371569256d02d7b6", 0x1a, 0x7, 0x0, 0x3, r2}, &(0x7f0000000380)) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1c41004}, 0xc, &(0x7f00000003c0)={&(0x7f0000000140)={0x28, r3, 0x111, 0x70bd29, 0x25dfdbfd, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", "", "", "", "", ""]}, 0x28}}, 0x2000c004) r4 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000440)="5177589809c3ae91db266a97b5d2d4e823283ade9cd063d256f1d5a037062fadc7c9c290f7dd6bc6f36fef5981687cd01a189bf738350a181f5d6c812ae9df29cf341d478aa0e4e187220618d0fcbf32f41d55e950fc7042d03ff59fad36d08fb03ed3781efb34614faf86a44a4f6c4aa1e153219f95bba8b660a7891218e7ac06c21d82785ac5cb8dbc1bcf231ebc893a1be92ae3a0c1aaa7a00f5b4e33797ad9e6524b6311991df245f76d67094fc20d718d005d", 0xb5, 0x0) mkdirat(r4, &(0x7f00000000c0)='./file0\x00', 0xe) 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002801e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400013c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1338.951339] binder: 3489:3496 ioctl 40046207 0 returned -16 [ 1338.972222] binder: 3489:3503 transaction failed 29189/-3, size 40-8 line 3035 20:25:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003801e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.084615] binder: 3513:3514 got transaction with too large buffer [ 1339.122665] binder: 3513:3514 transaction failed 29201/-22, size 40-8 line 3192 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400023c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.151825] binder: BINDER_SET_CONTEXT_MGR already set [ 1339.167301] binder_alloc: 3513: binder_alloc_buf, no vma [ 1339.184938] binder: 3513:3514 ioctl 40046207 0 returned -16 20:25:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="eb58906d6b66732e66617400020120000200008000f8", 0x4, 0x200000400}], 0x0, 0x0) modify_ldt$write(0x1, &(0x7f0000000000)={0x100, 0x0, 0x400, 0x5d4c, 0x4, 0x566d, 0x7, 0x2, 0x80000000}, 0x10) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x2000, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000080)=0xfa80, &(0x7f0000000240)=0x4) r1 = open(&(0x7f0000000100)='./file0\x00', 0x3, 0x8) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)=0x3ff, 0x4) mkdirat(r1, &(0x7f00000001c0)='./file0\x00', 0x80) 20:25:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = add_key(&(0x7f0000000440)='logon\x00', &(0x7f00000004c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa) add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, r1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fsetxattr$trusted_overlay_origin(r3, &(0x7f0000000500)='trusted.overlay.origin\x00', &(0x7f0000000540)='y\x00', 0x2, 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x200001, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={0x0, 0x24b}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000340)={r5, 0x7, 0x401, 0x43}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000380)=@bpq0='bpq0\x00', 0x10) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/udp6\x00') getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000100)={0x0, 0x3}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r6, 0x84, 0x23, &(0x7f0000000180)={r7, 0xfff}, 0x8) 20:25:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400033c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.297889] binder: 3528:3529 got transaction with too large buffer [ 1339.308605] binder: BINDER_SET_CONTEXT_MGR already set [ 1339.359026] binder: 3528:3530 ioctl 40046207 0 returned -16 [ 1339.359300] binder_alloc: 3528: binder_alloc_buf, no vma [ 1339.387811] FAT-fs (loop2): bogus number of reserved sectors 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400003d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xa000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1339.423284] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1339.511559] FAT-fs (loop2): bogus number of reserved sectors [ 1339.532785] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.559899] binder: 3552:3555 got transaction with too large buffer 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x5) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8000, 0x40) ioctl$VIDIOC_DBG_G_REGISTER(r3, 0xc0385650, &(0x7f0000000100)={{0x7, @name="ce0dd69a50d50bc4d268033875d0fccbe4f203b211176b424b46e5e75c456e4f"}, 0x8, 0x6, 0x7}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000002380)='/dev/autofs\x00', 0x80000, 0x0) getsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f00000023c0), &(0x7f0000002400)=0x4) [ 1339.588538] binder: BINDER_SET_CONTEXT_MGR already set [ 1339.606709] binder_alloc: 3552: binder_alloc_buf, no vma [ 1339.614278] binder: 3552:3555 ioctl 40046207 0 returned -16 20:25:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x80001, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000140)={0x0, 0xcc, "e1885b605ea494f4e5b78bc4b9fcb7df63b7d1d945da98c12230625a50663f728115cd310dedb0d70497a0bb22e13d0755027a2e2ba86a08e247dbef53c2b7ec1ee9de88efe1c3a341725cb78cce3598ee4efcea56e385c2d9f56ecec7616a098648aec8a5dba38c477ebd66fde09f9253955389f7941278839a1f6bf2d12a8be9a003b86f507dd86bbe5bd54200a95891fbd402823b337e9774b066d67f0eba607fed41470fa71e7e20697c225a1788918bb67899ad7be461815552cd28bd1849f7a96482866899c5564b0d"}, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000002580)=ANY=[@ANYBLOB], 0x1) setresuid(0x0, r2, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000040)={0x0, 0x0}) process_vm_readv(r4, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x3f}], 0x1, 0x0) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000100)=0x3, 0x4) r5 = socket$inet6(0xa, 0x803, 0x1) ioctl(r5, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f00000000c0)) r6 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400013d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x20000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400023d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.767144] binder: 3565:3568 got transaction with too large buffer [ 1339.802592] binder: BINDER_SET_CONTEXT_MGR already set 20:25:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.840132] binder_alloc: 3565: binder_alloc_buf, no vma [ 1339.863310] binder: 3565:3568 ioctl 40046207 0 returned -16 [ 1339.867276] ptrace attach of "/root/syz-executor2"[22906] was attempted by "/root/syz-executor2"[3576] 20:25:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400033d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1339.895429] binder_release_work: 27 callbacks suppressed [ 1339.895435] binder: undelivered TRANSACTION_ERROR: 29201 [ 1339.907280] binder: undelivered TRANSACTION_ERROR: 29189 20:25:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x24000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1340.041425] binder: 3587:3590 got transaction with too large buffer [ 1340.055819] ptrace attach of "/root/syz-executor2"[22906] was attempted by "/root/syz-executor2"[3586] [ 1340.080129] binder_alloc_mmap_handler: 10 callbacks suppressed [ 1340.080142] binder_alloc: binder_alloc_mmap_handler: 3587 20ffc000-20ffe000 already mapped failed -16 [ 1340.109601] binder: undelivered TRANSACTION_ERROR: 29189 [ 1340.115133] binder: undelivered TRANSACTION_ERROR: 29201 20:25:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000001400)={{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@ipv4={[], [], @initdev}}}, &(0x7f0000000240)=0xe8) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x99d, 0x3, &(0x7f0000000180)=[{&(0x7f0000000100)="f38a89004180e0f291fd12a956a725941cf4899a6e8f208aa45df1aa75fd212ada92ebf585f575e0af6f5bf3fedd6383661a707b2a63d4a9836375281d4d3e0b62b284b636f45123d9980ac9cb04bdaf854e05b8", 0x54, 0x2}, {&(0x7f0000000340)="f67437e3372f8066f1c5c1795897b5cd1aa1bd2dbad6d7b0b27cf586968c41ffa4ba02fd9b26c6511915ebb178e52c1d57451b58b263c55f04781fb33d30be80a1dbbdf9751b7857c8f85c46f2750b9093e10fbfcc62b7558d2888abb33cb42fb70d0b80800a5a549717ea7c6bf637870ab4dd609a6614bb68ca5bebe41a0a5c4ea97f4ddca60c2bb670debd70cf100bd3e8cf8cc5054f338e3e0453b88a8eff6bd9ba707650b5", 0xa7, 0x8}, {&(0x7f0000000400)="f42228bbb823b4c4c2cb9f2abf2ad15a56bd2322f340b69c75e2d34555d5b42651e8d912dc58a6ef5651e1d38da726ad763e85ef02454cd8f610a66901655e1b8acf306c3fa21d410584a4bf99ff9a5284be155dd18f0d57b65da7ec6e34265191d25384817f62cf88f289dbf3e5887bea3ad05dc50e7796a24cc30fcddfdf4805cd71bd5bccfb4e08152141fee6adb14c24ca231f006fb2ec838d8683aaf408bb6cc4152393f874906cfe28b5fcc38a85942f632f636c93350a7bdfa0cd6212fc8daa92a21977d4633d4b2b3ae7588bdd3ad22372a178c39afc29dd34148a698784ca9999f67be502bae51c0f312a6ba84964320da83102abcbb677d5be8e8c7cd07d2e3df5a7ac2a43b1e9d08a64558dfe57e847c3e83cb3124ea3bc8ed11c0fe3492b082be5d70423b21f2924888128375cb89b2ff9a48ba8594d88b6f728508bf5d5989ed9a1d779b974cd22910034c4cfeb729496a8ca06c524a08b9198652e15bd8266ac01e050cb370cf9d883423b4751a6ac59f4bb7e777e51d495f8d6dd38aec0487491071e7726e4766243be2eebbffc662fadd2be4c159321bf46bb16efcfe0ce85bdb8a5ef83d151c72cb0b1e1fbf85bc279db8232bfa20d9479579f35ec91e9394344e88770663759a312a147ac903d3f3e257d5236dcb3cc85a83580ed7c24043e229e754891724449ea296088920f11f33dcab3426201a735fc3c2a73f2da0be85839f43e2388fa42bc33de89aebdff0201c15a9c653b809cdd97b23548e22afcf71bddaa8fa0a8db795e8cc878e5d2f203bb9390dd9af4988dfc1f2b44613548d81ae75ea040408527bc64b0450fee8ea35fc877853c6685235c80870e275958736a30854e71e6e755895108fe390222e3b396210cc11f296b1c4e24a94d9bb0469c51042677810b365ccd3bf30d206aa1ae88788c4392ec12ee9b2a6119a73432777ee6152e744304d173c15eed263b1a60915db8f8a258fe0436637a5b2b4b6b645e26a42a897eb328fdfafb087fdc9007f8554f457f5f71845fa2798b8b475347be501c896419aa73599fedecd7f1c2b025f8f3857affb6ae3f831b8b83a25f3bf3683f268c2dc92b9f59d75f6e41f3d319950c859bf7d066c681a22592633f4ded9583bec75ed6afbb24d6c1a5c4f821f912be190a306044f726bff3cad4ace8d7a3c207069ce1f22f2cd37564e0148e92bc1c2fcdbc56a5eaa2a5edbc19d255499801e992f3847b45c74bf6630c6bc10eec141f8ef5ca9fb45934e411064596d3c04694434861c8d4ea53a2f12758a0e9d9ba1da0d2972c3166d9cdaef7e45b23569a1e43c6b1e1d90dbef7c1723af79b1e72a6c6d9721a8ff5270bee078ce6979e56907be5944655dc0fd450e6c9e2e2affa39225f5cecd6be42709a87fb072edccbb2893e8d5c435b09a8395e05a05d5272dbd0202f9a43396e73a98f96b134f74abbb22ab097a938dedd045e2592fb9576d3a0e3ccff18314211a2b2297b437fcc6529ad99171357bfe163b7e09183c94850446f93579d3849db00c8636d6a8a840263f45ac0cc8a35d1e6079e5f2b3aa56a3c02d80c652207df5ebd1a08cdb545177289f0352e995fa5efbedb2cf1afd482856f8a36b08da975f25b28496b9d8dbcfb085457682c3e06d614c2d927b05a3a2dd14580f3184c88ebca4240fe891afaa2c88efcdd7775c85c5256acd2a89300a366223169e834175034dc6b7dea90588e1c63c3228d2f2a2dd2ba2308a46076bae701e26afe29ab8597821be708277b4558bb2a27cacb63da3c358480bb1f5d9f9b2c2986a474b1dd6bd684867281e61fd5f2a25ca22795afc4ef280fecefed13b12ee6fa24940a296fc283b8a0bfff52530ccaf91339c2ee32b921d093c54cc59a31f8ba8de34a29b7ff9fe2a053ad69eee3ecf78a2421ccc37888665e10fe0119a29a43e815b873464392c86a613197062d78653d8175205290339dd93ae00e42f0b7b6d1bff1082f0bc8c1746d9be05c1f465b874f4f39eb7d215b29b697ed5b4c4b7d271f09da83fc997ceab760d70ec374adc78eb069ff59d4fc1bb9e8b7f96d789e826432e22ea79f45d49226f328e168f8b4df9823bcf5ea58910a1f4d58bc171c5771403172688ee44f38a4bf1bafd6cdbea11bd2dd376bf4a225c74ddd85ed9001987a5abf9758db1bd96324507d0636459c3623186372a3f81947c091ef819884ad169c3cab87c7667d6bd2a7f883c309f8e5f0f252a532b2dae25fae40e3883c84d34ae93ae7fe9c464e8a53f77453c4351ca92f585cf1547b23cd9889262666fecdb06375ac7fb019c328b1b04cd222c61a1798d83e273f3d0115640546a9a84e242749cdd4b2693f648ea75a030e75b223a9e8c18f920ac4b20b74b4bc7ea56250179d59e7acdf2b1a8b481b19d6b2f8061179e327d32154f362af1b2997b4a6ed6d8307268942322b72a82e9c12fe2854f0bd5b984f195618967e5e92f5a229d2f34c056187e54e0627a1b024435b5d4854f34b8f3e3e896575049ca3ef19468ce6141e36f50f9cc890dbd9626406caf4ccb16c69016e1c7dca4782e6ee6b5ced6bff83e05c3350a7642355120fc7afdae8575fb32b27dd3852d48a6282edb57d7c720d3aad5a2d1f3a1bd867ad539f5e0f7f6ebba21efae6e9b67c7e19c87513887fb3decf723b9bf9c03ae5c84efbad92a08b84996f9d2d745798ab70662cef8ada1c90dee73f8f55212efe5ae36b3c57e06b9e6878b604ffbf9f1590f2c0dcdba987a42fe5b72da0ef60ab47a3c62e139025c046bcde2c332ee25f01eb6b6c4c540bab913453ecf9902881661829c73ffeb7a500c423406d625fe46dd1f03083fb851d0cbcb43774b5c5ba1945f263bd716d618a3e7c3b6173ed2d4c636438cb518dc879f59e617438794a6b7dc9b08c3fe91a51aef754c1fd5477e5c838ac237351b13e939510a5acaf7b9ace0380a961eadb7167529eff203a71698107e04d50e5430264cc9c5302aa57202409875bb4de02dcd3227bfcc008696945cef91ea7d849d77b811e3667bdb2c3b5fe982bebf156d7e8bafc2de842d369766497e93d2752eb16da70d56ddb5bb5694b1de1dc7f4f43b8c99e3d9505b63bdeb7b52692c76a3baec64057f634f3d9c60f6a0b330679f8aa0984c62a15871145717791883da5715f8007dee37ab582c7058205259233ebcf366851ffd6d12ab53c50100dd36a0f4028b1e8c7656e5a20f59919458a1827d16ec0ab287144607b950a0017581941b55808847d8dc3e0446a75b2ae7960eacee90110906211fe126a37349366725d83d969fdef9a67750d1c28697e0ba0ca94ab2b8f043ea41dc4a0f7cdafc272c0bf6d7a3fb0457eccc7c95bd498e023828cca41a1f0a5997067b0ef9c79ead411799cb256d6226c6f333a9aaa8a10d9b8f3f84b66b84dac1e20a36998afcb4e8a278f1f2082fa519a18504dee49f1537ac84e2d445fcf5d486ae7c88fef172da970d803ba16fdb20ada3dc735944d6a883694b0f7d3754dbb4ed997eabe12d5ec34460245000fded60cf203181d0dd6140f8cf55e768feb1cafb68f5c21b6701a2a5e8b8a7ffe30b595f194317cac3be2c544287188ddf6601afcd043a1e9b9fddeff0faf0cd4b8e726aaa89a26d89fd61fe28b3766dd8eaf4cb1b6cabe5a0a953dbae2923811c82928d9aa36eb39673780c447cc5cd40739653ea024ef9c185c7fcb20e055be58ea10275e683a114cb03dfbcfed2dde91e2310095ac6261591821ee3e7a1b3a10173a173d2f85943b8209ce5db0ab4d0735a8e05d0efb3b4e6c4d049df81533e87a21a14dca828a3db5ddc68f405bf364d3a2f99d9ed48cf4b74665a22fefb7f08151f2437c6ef1f301cbebd4c3c28067f8d8d45b6e0ede24e60955cb17b4863803b9e60582db15e9bea73173eb87d479543ba4db413f70f8edef7f616239d2455468cd986cdc71f929e3c89c218f36390f6c4b1826f9e6e8eaa8059b1ea57bb6bc6f840703491be2640763c53ac593e5fd589e3c30d7cc49fe5627c16fb21b6056b4cfb6dc5cf145dacba60ce2690a3b7e6679eab7095548a76031ad0f32cb2e282eff57e5af07c3eacb40764951991ed37f1a2875c154520209467f4c7bf0bed64ca7b24426c24c270222fecedc2c392382724cd195f8f1be5c73cb4d4a12c31552d049dc1a9c06e3187894a236ba51ac1a196efc8cf44bfd2357053f85d9c02b9dfdce367ef70e8181880793d589285832408ebd6642036c9d7e42abe62fef9a33737fe57fe79718de55bb846561a459a7237fb44e2aa0114ec651f5e5d96e91a58893243393ebc13c1cc4c131971aaf3c305c8883091a6a01e782b31e4241144c3481ad73636f1e7f59fd6f93f3360496076ec6151e0716aa09a8c649a36af2f05cb6593eade1598b4b8538ff9d38100c442cd893cd0b6f3857308ce09abfd16ffaab666345380deb88a235ec282c4924fe42f9cf6905a1e9dbef821d0a81457e27b44f4e602b72e5957de62a099f0b870371709e305889e2e4b537e0a55662fc2ca8370afc2f7183a4402822524b2953f2f5397832f886af3858e9608ea462d47882a90ed9a589f8f245331e17bcf22b33aa3098d810306fc00222cee6a16270706f1451a2c50d3afa2eeef9ed64977b91817b21cd54e41d7c4dd0b84ddbc6fbf4ed023f8be07ed7de07ace849ad108b422767b1284b3226df4bb47922196ca27faccb7a770ae656d6ab4533853a1ae8a7a38f8b984a78744a70b2f5ccf7f0eb9c894adbffddaf471df4309ac2f8a596cb9ef6ca369bd0d9edadbf0a44f2a0dda5b108498df6ee38d579c0c319a92c1c8821a44d4b2fe01387a748b1a2e59cce2c028c14b1ce0c05af15b4160208dae4ba588b1b975f8299a7042f028b5f54da3ee0ce61e40b2430eec71e421b23bddbe6e3b18d52a490a330b372f3517a7a29abd8a5413c1dc4c62582aa827f62237cfcee44fe60dbaed0783fc123dced0899de77d0f3e40012526e8fde4f070923d4bc41050c4361218105487800bc02b668c46d9b1728b16d5db11e848b0afaf6e06af07af68b8803d6dd1e8c85a9754a0e5a78a65fc0a9ccba2d72203da17a4cac303c130d7ee4a8649981917422206e8d688d227722b128ce30cfd5139a269e136a50d8757b102b759813da0909549d2e29f0d289b5f7d7ec9dafdf5725f42ed03a2d351264f7f7d6bb889702042ef5619e359508bc6aae3911f63a3ce7a77ca33df218aa1cc87815ad755f5880f4f8379a149639fcf0ebce1fdf04cd3a9b6c990617739b6d54437b617ba7b802ec93b8864d47f6c6608f1845669f9b1f9a9f796ca4a70e46de07a0b6a89fb504c5e04b314b3ca52ad3c1434e5e69cac3e8750c0b4e16014b6ee3f708a66f84a569054f7cf44b023cb5e4c5c12d6acb4ce656a95efee6ce10ae60a6b69a7f122f6cce6f6214fe539c1581f61c103ca4429ca17db98a107e70f0198dbc504007de04eabc1c458eb5d28b1fa393877a7fd8ba9bff0fe3aff0cc07cfa51c018823ef612192006d906456fae7097c44fb24b61ae0e05591a2fad4e71eb638512802719196ad7d05a7ac1d4b4ecd8100bb1d3d1f179d042dc02e5235def9aac3ec0734d892182d88ce1788cb0f960ade102251268bc4d590decdd4ccc9d87cdfea48bfda79124a0f6000925c8c18f4213ec1622e091bd92b9a9326a77417bf8e174281bc69cb7bf8b859dc53e3b6b66abfa2bddea99ba4bd67d404ac6c68487e61f52a17c2b4ecd9b0fa0d709ed2be26e88b", 0x1000, 0x7fffffff}], 0x2000000, &(0x7f0000001500)={[{@fat=@quiet='quiet'}, {@nonumtail='nnonumtail=1'}, {@shortname_winnt='shortname=winnt'}, {@uni_xlateno='uni_xlate=0'}, {@rodir='rodir'}, {@numtail='nonumtail=0'}, {@rodir='rodir'}], [{@audit='audit'}, {@context={'context', 0x3d, 'system_u'}}, {@dont_appraise='dont_appraise'}, {@smackfstransmute={'smackfstransmute', 0x3d, 'vfat\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}, {@uid_eq={'uid', 0x3d, r1}}]}) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x1) 20:25:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x30000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400003e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.242650] binder: 3601:3606 got transaction with too large buffer [ 1340.270109] binder_alloc: binder_alloc_mmap_handler: 3601 20ffc000-20ffe000 already mapped failed -16 20:25:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400013e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.292090] binder: BINDER_SET_CONTEXT_MGR already set 20:25:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x48000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1340.318189] binder: 3601:3606 ioctl 40046207 0 returned -16 [ 1340.330122] binder: undelivered TRANSACTION_ERROR: 29201 [ 1340.351397] binder: undelivered TRANSACTION_ERROR: 29189 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400023e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.478056] binder: 3650:3704 got transaction with too large buffer 20:25:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400033e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.520269] binder_alloc: binder_alloc_mmap_handler: 3650 20ffc000-20ffe000 already mapped failed -16 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_SIOCBRADDBR(r3, 0x89a0, &(0x7f0000000100)='gre0\x00') 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.599437] binder: BINDER_SET_CONTEXT_MGR already set [ 1340.604967] binder: 3650:3738 ioctl 40046207 0 returned -16 [ 1340.605988] binder: undelivered TRANSACTION_ERROR: 29189 [ 1340.634930] binder: undelivered TRANSACTION_ERROR: 29201 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4c000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400003f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x10c01, 0x81) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400013f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.763840] binder: 3752:3755 got transaction with too large buffer [ 1340.796372] binder_alloc: binder_alloc_mmap_handler: 3752 20ffc000-20ffe000 already mapped failed -16 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.856473] binder: BINDER_SET_CONTEXT_MGR already set [ 1340.895882] binder: 3752:3755 ioctl 40046207 0 returned -16 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r1, &(0x7f0000000000)="12fbfda040712886d97c3a073d394f3931f8ebf633c239a6ef064fd47f78ac1db08023ee238076a0b4f4922a2f", &(0x7f0000000100)=""/23}, 0x18) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400023f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1340.910847] binder: undelivered TRANSACTION_ERROR: 29201 20:25:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x60000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) renameat(r0, &(0x7f0000000040)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00') 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400033f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1341.082770] binder: 3777:3782 got transaction with too large buffer 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000401e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1341.127543] binder_alloc: binder_alloc_mmap_handler: 3777 20ffc000-20ffe000 already mapped failed -16 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000100)="66baf80cb8d2aa588eef66bafc0cec48b89d000000000000000f23c80f21f8350000d0000f23f80f01f80f01eec402d1925cad0066baf80cb823e8548fef66bafc0cecc4a2d9aa63006745f4c7442400b1000000c7442402c6000000c7442406000000000f011424640fd813", 0x6c}], 0x1, 0x40, &(0x7f0000000180)=[@dstype0={0x6, 0xd}, @efer={0x2, 0x4400}], 0x2) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x1, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) [ 1341.181997] binder: BINDER_SET_CONTEXT_MGR already set [ 1341.189650] binder: 3777:3782 ioctl 40046207 0 returned -16 [ 1341.212030] binder: undelivered TRANSACTION_ERROR: 29201 20:25:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x68000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001401e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1341.273416] *** Guest State *** [ 1341.288936] CR0: actual=0x0000000000000031, shadow=0x0000000060000031, gh_mask=fffffffffffffff7 [ 1341.297958] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 [ 1341.319863] CR3 = 0x0000000000002000 [ 1341.324338] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 [ 1341.330990] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 [ 1341.337568] RSP = 0x00000000000000ff RIP = 0x000000000001f000 [ 1341.343780] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1341.349993] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 [ 1341.356746] CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 [ 1341.364950] DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 [ 1341.395555] SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 [ 1341.415936] binder_alloc: binder_alloc_mmap_handler: 3803 20ffc000-20ffe000 already mapped failed -16 [ 1341.424037] ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 20:25:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002401e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1341.460532] binder: BINDER_SET_CONTEXT_MGR already set [ 1341.466838] FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 [ 1341.481823] binder: 3803:3807 ioctl 40046207 0 returned -16 [ 1341.491151] GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 [ 1341.500020] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 1341.508166] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 1341.516470] IDTR: limit=0x000001ff, base=0x0000000000003800 [ 1341.524816] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 20:25:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000100)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000200)=[{&(0x7f0000000040)="eb580efa42e0575673", 0x145}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x2) 20:25:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6c000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1341.559586] EFER = 0x0000000000004001 PAT = 0x0007040600070406 [ 1341.578569] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1341.608390] Interruptibility = 00000000 ActivityState = 00000000 [ 1341.626190] *** Host State *** [ 1341.633724] RIP = 0xffffffff811f9700 RSP = 0xffff888086b5f628 [ 1341.653472] binder_alloc: binder_alloc_mmap_handler: 3822 20ffc000-20ffe000 already mapped failed -16 [ 1341.671742] FAT-fs (loop2): bogus number of reserved sectors [ 1341.674096] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1341.688107] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1341.718939] FSBase=00007f698c865700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000 [ 1341.726991] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1341.733197] CR0=0000000080050033 CR3=00000000a0bf4000 CR4=00000000001426f0 [ 1341.744945] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff88001360 [ 1341.752199] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1341.758452] *** Control State *** [ 1341.763408] FAT-fs (loop2): bogus number of reserved sectors [ 1341.769334] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1341.775304] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000cb [ 1341.782688] EntryControls=0000d1ff ExitControls=002fefff [ 1341.788298] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1341.796202] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1341.803441] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 1341.810644] reason=80000021 qualification=0000000000000000 [ 1341.817248] IDTVectoring: info=00000000 errcode=00000000 [ 1341.824667] TSC Offset = 0xfffffd2e92817b05 [ 1341.829827] TPR Threshold = 0x00 [ 1341.833501] EPT pointer = 0x000000005819501e 20:25:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000000)=0x7) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x6, 0x80800) 20:25:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003401e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x74000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:17 executing program 2: r0 = add_key(&(0x7f0000000500)='user\x00', &(0x7f0000000540)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$describe(0x6, r0, &(0x7f0000000580)=""/227, 0xe3) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/cgroup\x00') fstatfs(r1, &(0x7f00000003c0)=""/149) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x3d, 0x0) accept4$llc(r2, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000100)=0x10, 0x80800) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) bind$unix(r3, &(0x7f0000000480)=@file={0x0, './file0\x00'}, 0x6e) getsockname$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000180)=0x10) mkdirat(r3, &(0x7f0000000340)='./file0\x00', 0x2) setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000001c0)={0xffffffffffff8000, 0x72f, 0x7, 0x1}, 0x8) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) openat$mixer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mixer\x00', 0x200, 0x0) syz_execute_func(&(0x7f0000000000)="c481e95413c4c288f318262e4204dcc462fd33f7670f38f023f23e440fb60f260fc7b8aa000000f3450fbc660c66470f62e6447ccf") 20:25:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1341.992513] binder_alloc: binder_alloc_mmap_handler: 3934 20ffc000-20ffe000 already mapped failed -16 [ 1342.029240] binder: BINDER_SET_CONTEXT_MGR already set [ 1342.035208] binder: 3934:3942 ioctl 40046207 0 returned -16 20:25:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000411e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1342.052142] binder_alloc_new_buf_locked: 6 callbacks suppressed [ 1342.052149] binder_alloc: 3934: binder_alloc_buf, no vma 20:25:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) finit_module(r0, &(0x7f0000000040)='@\x00', 0x0) fchmod(r0, 0x100) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) prctl$PR_GET_FP_MODE(0x2e) 20:25:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7a000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L-', 0x2}, 0x28, 0x1) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000140)=0x7ff) 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001411e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1342.383917] binder_alloc: binder_alloc_mmap_handler: 4052 20ffc000-20ffe000 already mapped failed -16 [ 1342.397558] binder: BINDER_SET_CONTEXT_MGR already set 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1342.428656] binder: 4052:4061 ioctl 40046207 0 returned -16 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xfdfdffff}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002411e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003411e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x101000, 0x0) sendto$ax25(r0, &(0x7f0000000440)="2f028915b2a07ecee23441642ba123fd552569c08c88a38e9d55ea260180a051018f02c2c23bffa965e601407d8b4cd3b56801dda97fe3962576585627b6cf925b077fae02d04e98f014eed949c02471017d48afb8887ff90dc2", 0x5a, 0x40000, &(0x7f00000004c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x3}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x48) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x4}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e23, 0x1000, @dev={0xfe, 0x80, [], 0x26}, 0x80000001}}, 0x81, 0x3ff, 0x4, 0x3c43, 0x40}, &(0x7f0000000240)=0x98) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000340)={r1, 0x5, 0x2, 0x9, 0x8, 0x41d, 0x10000, 0x100000001, {r2, @in={{0x2, 0x4e22, @multicast2}}, 0x2, 0x4, 0x9, 0x10000, 0x3}}, &(0x7f0000000400)=0xb0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000000)='./file0\x00', 0x8) 20:25:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1342.614990] binder_alloc: binder_alloc_mmap_handler: 4081 20ffc000-20ffe000 already mapped failed -16 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000421e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xfffffdfd}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1342.657760] binder: BINDER_SET_CONTEXT_MGR already set [ 1342.669043] binder: 4081:4083 ioctl 40046207 0 returned -16 [ 1342.685087] binder_alloc: 4081: binder_alloc_buf, no vma 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001421e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) socket$inet_udplite(0x2, 0x2, 0x88) [ 1342.825728] binder: BINDER_SET_CONTEXT_MGR already set [ 1342.852436] binder_alloc: 4102: binder_alloc_buf, no vma [ 1342.863619] binder: 4102:4104 ioctl 40046207 0 returned -16 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1342.879341] binder_transaction: 26 callbacks suppressed [ 1342.879354] binder: 4102:4105 transaction failed 29189/-3, size 40-8 line 3035 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002421e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x40000) ioctl$PIO_UNIMAPCLR(r3, 0x4b68, &(0x7f0000000100)={0xfff, 0x8, 0x20}) 20:25:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x100000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000040)) 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003421e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.057558] binder: 4124:4125 transaction failed 29201/-22, size 40-8 line 3192 [ 1343.107115] binder: BINDER_SET_CONTEXT_MGR already set 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000431e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.131173] binder_alloc: 4124: binder_alloc_buf, no vma [ 1343.151804] binder: 4124:4125 ioctl 40046207 0 returned -16 [ 1343.158218] binder: 4124:4131 transaction failed 29189/-3, size 40-8 line 3035 20:25:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x200000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000040)) 20:25:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x600, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x4}, 0x68) 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001431e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.369609] binder: 4144:4147 transaction failed 29201/-22, size 40-8 line 3192 [ 1343.399153] binder: BINDER_SET_CONTEXT_MGR already set [ 1343.399170] binder_alloc: 4144: binder_alloc_buf, no vma [ 1343.404618] binder: 4144:4147 ioctl 40046207 0 returned -16 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002431e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.433387] binder: 4144:4152 transaction failed 29189/-3, size 40-8 line 3035 20:25:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x300000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003431e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x9}, 0x4) r1 = open(&(0x7f0000000180)='./file0\x00', 0x800, 0x49) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000140)=0x10) [ 1343.593421] binder: 4164:4169 transaction failed 29201/-22, size 40-8 line 3192 [ 1343.629316] binder: BINDER_SET_CONTEXT_MGR already set 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.649824] binder: 4164:4169 ioctl 40046207 0 returned -16 [ 1343.653669] binder_alloc: 4164: binder_alloc_buf, no vma 20:25:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000441e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) recvmsg(r0, &(0x7f0000000440)={&(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000001c0)=""/46, 0x2e}, {&(0x7f0000000240)=""/18, 0x12}], 0x4, &(0x7f0000000380)=""/150, 0x96}, 0x40) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x400000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1343.754309] binder: 4164:4172 transaction failed 29189/-3, size 40-8 line 3035 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001441e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.899374] binder_transaction: 9 callbacks suppressed [ 1343.899382] binder: 4193:4197 got transaction with too large buffer 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1343.941429] binder: 4193:4197 transaction failed 29201/-22, size 40-8 line 3192 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002441e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x1f, &(0x7f00000000c0)="2a5a884681c6a96d48b168c7929cbc42694bc6cfc138e1464b324091e7866b9c67ca67b51c304d331a5c2d82cab5c4b51d049892ac99f1197ca44a0c760ba81a25ed5058b9074a5c8b7e42bf51946f6de890fdd13448a98a96305c087198cb7293975d2016b38d532f2fba806680860594e596fc0c54417b6ebbe36825f8788cafc4421b0343dd643bc2ce8e262aa300b63fa3acf979ac7cb348d3856761dad2c92c3ce37bc2d2d220b4aec50e3c68287351fc349276505612fcba59af38168b01edecfb365ea65c25c35560746ad9df2bc439fd1ae43918142452ab84a3b0ee72", 0xe1) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x40) [ 1343.992407] binder: BINDER_SET_CONTEXT_MGR already set 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.018155] binder: 4193:4197 ioctl 40046207 0 returned -16 [ 1344.043679] overlayfs: filesystem on './file0' not supported as upperdir [ 1344.051062] binder: 4193:4206 transaction failed 29189/-22, size 40-8 line 2896 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003441e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x500000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r1 = fcntl$getown(r0, 0x9) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r0, 0x0, 0x5, &(0x7f0000000340)='vfat\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r1, r0, 0x0, 0x5, &(0x7f0000000040)='vfat\x00', r3}, 0x30) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x12020404}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xac, r4, 0x300, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK={0x28, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2b8a69b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb801}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}]}, @TIPC_NLA_NET={0x48, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffffffffffff}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x4}, 0x4014) sync_file_range(r2, 0xfff, 0x5, 0x4) chroot(&(0x7f00000000c0)='./file1\x00') mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000100)) 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000451e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.210152] binder: 4223:4224 got transaction with too large buffer [ 1344.216684] binder: 4223:4224 transaction failed 29201/-22, size 40-8 line 3192 [ 1344.225821] binder: BINDER_SET_CONTEXT_MGR already set [ 1344.263593] binder: 4223:4224 ioctl 40046207 0 returned -16 20:25:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x600000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001451e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1344.387540] binder: 4238:4240 got transaction with too large buffer [ 1344.388832] net_ratelimit: 24 callbacks suppressed [ 1344.388838] protocol 88fb is buggy, dev hsr_slave_0 [ 1344.394194] protocol 88fb is buggy, dev hsr_slave_0 [ 1344.399077] protocol 88fb is buggy, dev hsr_slave_1 [ 1344.404055] protocol 88fb is buggy, dev hsr_slave_1 [ 1344.419248] protocol 88fb is buggy, dev hsr_slave_0 [ 1344.424295] protocol 88fb is buggy, dev hsr_slave_1 20:25:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) setns(r0, 0x4000000) 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002451e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.495310] binder: BINDER_SET_CONTEXT_MGR already set [ 1344.511259] binder_alloc: 4238: binder_alloc_buf, no vma 20:25:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1344.550043] binder: 4238:4248 ioctl 40046207 0 returned -16 20:25:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x80, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x9}], 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000700)={0x0, 0x6, 0x5, 0x80, &(0x7f0000ffd000/0x2000)=nil, 0x2}) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f00000006c0)='./file0\x00', 0x2) syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x6, &(0x7f0000000580)=[{&(0x7f0000000100)="a1676080c78302bf8e299839ed780474da4ad772b7662a2d6cc0c4c93ccd1ce69f0625bacad922cd8fcf1f5bfe1384b1842f9c825879894c840ad9809d2f47affb1c8d9262187c45d085804768f3ca3baebd06ead4ad1ee8b9f2655f801a136617006ded1f07c1413fd64e56fcbd03de6b67388adcdeaf20f3d5e9cb721d723cbaf68876c6d8c443c56ffd42c3a9ec56fb63d1ec32c075b23aa7a942d26bca9c4aed6b8dc8", 0xa5, 0x800}, {&(0x7f00000001c0)="d487e8f5ddf86347ecba75e5f0ba97988ebe05f05267fabb5e2703268f4e5540708f4aaed41a0287fabcc292e8f71b806333e953f6e1646bca39", 0x3a, 0x4}, {&(0x7f0000000240)="6bf17dc3aafb15da18ca453324a49d8177eb2e6fd7ceae129d784fb9b3cb3bf6537a99363f2d98529055eece75b85a3e14ae80d75755a484ed7397", 0x3b, 0x6}, {&(0x7f0000000340)="05594afe11cd6880e72c77f9a16d7b12fd11109e6e46c1503a2b3ca291d5355737d3cf902fd49d58762b34bc43798a203f4b138cbb97180314e781139f277dd08e61fb481dd5587f54892f9a1d5aac0f5158e7ab724689ac3f58bde59f4dd805973c9c5b79fcb0d1f35b4cc2f1e19eb4cb1291bac2c060ce3d9b46137a303699c923e35138552e0ac817ed3d1e34a3f5003d234b63240e16ee29de7154ec04bf77214595407479e3ca7a7d574317dce8aa31cf4d99be5e88a02991f329a425fc766600dd1d6e02eed850fe6c3826cf6e1717dd5bd20ffe36b2bc17039c9436612ab5d938c21fc1dc7192fd6901d66c11099ad04dee2485d2efe48a", 0xfb, 0x9}, {&(0x7f0000000440)="7ee990495ac0c6b86d3ef732d722b78e5e97f5f1df8b99c3892a99c78417addd4efa2b76ee4811d927530c36769db8b79b5393ee62c6f1b019acc0b854d4f7b1037ab6e804d8c8dd234f3086c784f5492cd46aea64279eb088431ecededbacd4b16034beca9486bff5ec2c4f48f492299eb4d7bfcd36523ac33f8c2c8f5cbbb5e73ed9ab7953339c1c6127e0483607b743eb12799504591f14ab41fc9f0b2d8b1a01fa8417e400ba9cfbe390a7fb48eee81d5a8439e8e00d", 0xb8, 0xffffffffe416b653}, {&(0x7f0000000500)="f90532e2fcfcbec5ee1267042f497e826bb44f6d983840c00ec44b107b25488c85e4276d54af915a9a26b491af9597ea23e76cc0e73ed990211be5239c5748aae718bae6000be5bfb87b2691", 0x4c, 0xb}], 0x100008, &(0x7f0000000640)=ANY=[@ANYBLOB="71756f74612c7768696e745f6d6f64653d66732d62617365642c616c6c6f635f4ede524b51254f221a6d6f64653d72657573652c646174615f666c7573682c6a71666d743d7666736f6c642c686173682c6673757569643d00637f00373337662d776377342d306366362d313e38382d00"]) 20:25:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x700000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003451e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.628843] protocol 88fb is buggy, dev hsr_slave_0 [ 1344.634101] protocol 88fb is buggy, dev hsr_slave_1 [ 1344.639273] protocol 88fb is buggy, dev hsr_slave_0 [ 1344.644330] protocol 88fb is buggy, dev hsr_slave_1 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000461e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.758811] binder: 4268:4270 got transaction with too large buffer [ 1344.778665] FAT-fs (loop2): bogus number of reserved sectors [ 1344.791886] binder: BINDER_SET_CONTEXT_MGR already set [ 1344.802990] binder_alloc: 4268: binder_alloc_buf, no vma 20:25:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.811014] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1344.818334] binder: 4268:4270 ioctl 40046207 0 returned -16 20:25:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xa00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001461e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1344.952149] binder: 4288:4291 got transaction with too large buffer [ 1344.958698] FAT-fs (loop2): bogus number of reserved sectors [ 1344.971008] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1344.994081] binder: BINDER_SET_CONTEXT_MGR already set [ 1344.999907] binder_alloc: 4288: binder_alloc_buf, no vma [ 1345.005627] binder: 4288:4291 ioctl 40046207 0 returned -16 [ 1345.012152] binder_release_work: 26 callbacks suppressed [ 1345.012158] binder: undelivered TRANSACTION_ERROR: 29201 [ 1345.036426] binder: undelivered TRANSACTION_ERROR: 29189 20:25:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f0000000000)="eb58906d6b66732e66617400020120000200008000f8", 0x16, 0x3}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) remap_file_pages(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000002, 0x80000000, 0x32000) ioctl$VIDIOC_DBG_S_REGISTER(r0, 0x4038564f, &(0x7f00000000c0)={{0x0, @addr=0x5}, 0x8, 0x6, 0x2}) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002461e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x2000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1345.155475] binder: 4396:4403 got transaction with too large buffer 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003461e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) [ 1345.197168] binder_alloc_mmap_handler: 9 callbacks suppressed [ 1345.197184] binder_alloc: binder_alloc_mmap_handler: 4396 20ffc000-20ffe000 already mapped failed -16 [ 1345.199328] FAT-fs (loop2): invalid media value (0x00) [ 1345.242482] binder: BINDER_SET_CONTEXT_MGR already set 20:25:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1345.268236] binder: 4396:4403 ioctl 40046207 0 returned -16 [ 1345.279166] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1345.304070] binder: undelivered TRANSACTION_ERROR: 29201 [ 1345.309851] binder: undelivered TRANSACTION_ERROR: 29189 20:25:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000471e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1345.362638] FAT-fs (loop2): invalid media value (0x00) [ 1345.401799] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:21 executing program 2: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x102) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e23, 0x1000, @loopback, 0x5}}, 0x0, 0x0, 0x0, "c00deb457fab49f88bdaca776a5e04e0425029a620c5d76a4c2592979a15ccd800e4c9b8c415756b4c1219b71632aacb8b91b02868d5982021e741a867076c5b5c983e0a943a8a2ad0c8754ed3bdda1e"}, 0xd8) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000040), &(0x7f00000000c0)=0xc) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000140)=0x4) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:21 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x2400000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001471e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) [ 1345.543859] binder: 4424:4431 got transaction with too large buffer [ 1345.563166] binder_alloc: binder_alloc_mmap_handler: 4424 20ffc000-20ffe000 already mapped failed -16 20:25:21 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002471e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1345.633812] binder: BINDER_SET_CONTEXT_MGR already set [ 1345.633833] binder_alloc: 4424: binder_alloc_buf, no vma [ 1345.658245] audit: type=1804 audit(1549052721.293:74): pid=4443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor2" name="/root/syzkaller-testdir646302604/syzkaller.3miOFr/699/file0" dev="sda1" ino=17225 res=1 20:25:21 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1345.691699] binder: undelivered TRANSACTION_ERROR: 29201 [ 1345.697286] binder: undelivered TRANSACTION_ERROR: 29189 [ 1345.703043] binder: 4424:4431 ioctl 40046207 0 returned -16 [ 1345.768426] audit: type=1804 audit(1549052721.403:75): pid=4435 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor2" name="/root/syzkaller-testdir646302604/syzkaller.3miOFr/699/file0" dev="sda1" ino=17225 res=1 [ 1345.856126] audit: type=1804 audit(1549052721.453:76): pid=4435 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor2" name="/root/syzkaller-testdir646302604/syzkaller.3miOFr/699/file0" dev="sda1" ino=17225 res=1 20:25:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x1) 20:25:21 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x3000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:21 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003471e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:21 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000481e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1345.980629] binder: 4552:4559 got transaction with too large buffer [ 1346.010801] binder_alloc: binder_alloc_mmap_handler: 4552 20ffc000-20ffe000 already mapped failed -16 [ 1346.098192] binder: BINDER_SET_CONTEXT_MGR already set 20:25:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000000c0)={0x0, 0x0, @ioapic={0xf004, 0x4, 0x6c71, 0x5, 0x0, [{0x80000001, 0x0, 0x3, [], 0x66}, {0x9, 0xffffffffffffffff, 0x1, [], 0x74}, {0x7, 0x9, 0x3ff, [], 0x9}, {0x8, 0x1f, 0x9, [], 0xfffffffffffffffd}, {0x2, 0x101, 0x9, [], 0x5}, {0x1, 0x100, 0x2, [], 0x8000}, {0x100, 0x6, 0x432b, [], 0x7}, {0x0, 0x9, 0x80000001, [], 0x100000000}, {0x8a, 0x6, 0x3, [], 0x5}, {0x6, 0x74f9, 0x7, [], 0x80000000}, {0x9, 0x4, 0xfffffffffffffffb, [], 0x3}, {0x0, 0x3, 0x8, [], 0xbae4}, {0x0, 0x0, 0x7f, [], 0x6}, {0x6, 0x8001, 0x2, [], 0x7}, {0x9, 0xf, 0x2, [], 0x5}, {0x7, 0x7fffffff, 0x7fffffff, [], 0x9}, {0x2, 0x4, 0x0, [], 0x10001}, {0x180000000000000, 0x8, 0x4, [], 0x5}, {0x20, 0x5, 0xfffffffffffffffc}, {0xbc, 0x2, 0x4, [], 0x8}, {0x3, 0x7, 0x9, [], 0x200}, {0xd46, 0x7f, 0x4, [], 0x3ff}, {0x10001, 0x2, 0x2, [], 0x2}, {0x4, 0x8001, 0x2, [], 0x5}]}}) mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001481e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4800000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1346.129902] binder: 4552:4573 ioctl 40046207 0 returned -16 [ 1346.145771] binder: undelivered TRANSACTION_ERROR: 29201 [ 1346.152793] binder: undelivered TRANSACTION_ERROR: 29189 20:25:21 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:21 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002481e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000040)) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1346.329414] binder: 4584:4588 got transaction with too large buffer [ 1346.369086] binder_alloc: binder_alloc_mmap_handler: 4584 20ffc000-20ffe000 already mapped failed -16 20:25:22 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003481e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x4c00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1346.380578] binder: undelivered TRANSACTION_ERROR: 29189 [ 1346.399256] binder: undelivered TRANSACTION_ERROR: 29201 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x7fff, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) getsockname$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) mknod(&(0x7f0000000080)='./file0\x00', 0x800c, 0x2) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000491e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1346.522541] binder: 4602:4607 got transaction with too large buffer [ 1346.554583] binder_alloc: binder_alloc_mmap_handler: 4602 20ffc000-20ffe000 already mapped failed -16 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1346.616119] binder: BINDER_SET_CONTEXT_MGR already set [ 1346.626645] FAT-fs (loop2): bogus number of reserved sectors [ 1346.635768] binder: 4602:4607 ioctl 40046207 0 returned -16 [ 1346.657813] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001491e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002491e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1346.770044] FAT-fs (loop2): bogus number of reserved sectors [ 1346.775959] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1346.789463] binder_alloc: binder_alloc_mmap_handler: 4630 20ffc000-20ffe000 already mapped failed -16 20:25:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x8002, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000340)="eb58906d6bae6e2e66617400020120000200008000f882c206a335102125d300d34dc52f5ec7d0f461293d0dfc36bd78d6da12d7edef6a91252e98461d064da91c27090000000000000000000000000000003d0e305e0c07c800a1f1cc9a5cf306ee1da0b77df8c7d9dad59c5e83df2aef3d4e83e162790ef0b4e5edfde764729ee16049a4b37f0e81a5f715f6856de4696a50b1768c42555a8581d0f395d58cba16de8f4b20fc93ba57f39259edfa9d889f52e2cec6456477c4a2eea6830d4201ffef43", 0x462, 0x7fffffff}], 0xfdfffffffffffffe, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x54ca646a, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="f59479bb1ba0ce4a03e3fbd2a0ee2e48651e887097e81c40ea6f9826beb4b96f6ef19c99bf5478290e8474928b55c7", 0x2f, 0xcfa}, {&(0x7f0000000440)="55b7845d1cf65313410af7017a563110020049609a15e32d517485e9431dd9d8f59d27c07e7828a9017386a8a155eef953b4817f4934272276a39306f30ee073835361274993bc960bd440b2373785ba548c29096a597c397ed1b7d1097f47365279beb4b19a110f0d83c46d7c630c4a19d0673940ced891572cdb1cef333682c57ea30ed2326591044f22a1f7c600f21980c9a4e21e768af60243cf30c3a706620e", 0xa2, 0x101}], 0x20000, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6800000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003491e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1346.967191] binder_alloc: binder_alloc_mmap_handler: 4740 20ffc000-20ffe000 already mapped failed -16 20:25:22 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400004a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1347.008926] binder: BINDER_SET_CONTEXT_MGR already set [ 1347.018939] binder: 4740:4747 ioctl 40046207 0 returned -16 20:25:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x6c00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1347.117357] binder_alloc: binder_alloc_mmap_handler: 4765 20ffc000-20ffe000 already mapped failed -16 [ 1347.177495] binder: BINDER_SET_CONTEXT_MGR already set 20:25:22 executing program 2: lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000d40)=ANY=[@ANYBLOB="0db6bd2230519f47e0c009ec1a9bf56460035777e578d4f8a955b2953080bd8f360e6ba121639cd15d2012d10688cd62df240617bac4e35dc43165b689f4adced1e0d21a74fa1e751fc2c9589ae25179305c47978c7773c2d48badc41b6852dbd1479d4682036871d76e9f6699e67c558bc2ae3f157a1d3a8b84dce99e4fa29f518b53d27cdbaf530e6e28bd9214e9fc3e431396afa5aa920000000000000000000000874874226faa3458c5a30723a0dd70a77dfbc80afec73015769baf1040557d12197d5e90fffdf8d53aa1f68856eae445a6f4334dd4cf00100000578ba997130df1b9e0382c503ca89ffa008d5573d292298a96219244e65aabf652d1d6485c84d699330811948d07a90676a4e2ef3b2e2889fb2fc139bf50275dc715eaed297461145407ae4ff49fe851a976fc9371a86c220599895d8958dbd79003bf34914fa213c79b27bda4c3bdd2161f138e1a240ce4d13a8e78b85e5aa28d2fb0f61862d4065229ee77700bbcf0c92152db90aad6d218bcbe53d25bbd6a06bb95b2291ab35d318c081074c974c106ad6d5d7fb9ca3336bad0d4ee56e265bff3ee642d677857da2c445ce163b8b2d43ca84aa5c2fb060fcb1f438911490fb160840f4fbd2566e639f9a73b5de605464aade880097879c024964faa2371dc3cb00768a5f02b5bd3705defe4695f8a84045e2f263e61655cbdf7cc12ed7b7a7db2142d6204208dcd706abc39ae545a458bbdcb6d61d20e13e7086ebd9c9b62766b3dc3cc451fb6d7c25bda978261b948f49353dd943abddc1d9b4541ec8f0a3d1b7150b06ca02bb29e0fcc9b1c040192330975fea561224cf45aeb4610120789b0d6cf57276a74cfa54d29791891a5fa7f7240bedbf7ec44138759e147faf2dd1fb7376ff2e1dac757707a0e0680d6d60a9b8412f194ec6a78a444af88717d81d3244aa5e7ef876e08ba2afe1f7eb9bdf1753e9d269aa60d23308952d7b054896fc87d9be96a59ef144e2a947d1920aee581eb64df9e8363fabbd8120ec3a76eaa8c655b6df011e910139138be57a707256aa7f6752f5b474cacf96bfc882565dcf18eb315e305082c1b9bfa57ff08c774b19ad059d15c0fb6a27a7e3b7262c52e54a16fec56f4c56c1654b9641a2f5674efd18d774240fbf1d1675e23f12ee5d5eeb4e9447469"], 0xd, 0x3) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e666174000200008000f800000000", 0xfffffe4c}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x2) futimesat(r0, &(0x7f00000005c0)='./file0/../file0\x00', &(0x7f0000000600)={{}, {0x0, 0x2710}}) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000140)={0x8}) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000640), &(0x7f0000000680)=0x4) lsetxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000480)='trusted.overlay.redirect\x00', &(0x7f00000004c0)='./file0/file1\x00', 0xe, 0x3) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000740)={0xffffffffffffffff}, 0x111, 0xe}}, 0x20) write$FUSE_BMAP(r0, &(0x7f00000001c0)={0x18, 0x0, 0x2, {0x37a8}}, 0x18) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000007c0)={0x2, [0x0, 0x0]}, &(0x7f0000000800)=0xc) accept(r0, &(0x7f00000006c0)=@rc, &(0x7f0000000780)=0x80) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000340)={0x15, 0x110, 0xfa00, {r1, 0x81, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @broadcast}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x118) perf_event_open$cgroup(&(0x7f0000000540)={0x5, 0x70, 0x8, 0x401, 0x200000000000000, 0x4, 0x0, 0x9, 0x4010, 0x9, 0xfffffffffffffffd, 0x3, 0x7, 0x80000000, 0xf070, 0x8, 0x6e9d, 0x5, 0x8, 0x2, 0x100, 0x7fff, 0xd5b, 0x7, 0x40, 0x7, 0x7, 0x6d, 0x1, 0x37, 0xffffffff, 0x7fff, 0x4, 0x179e, 0x7, 0x7fff, 0x8, 0x5, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000500), 0x9}, 0x10000, 0xfffffffffffffffb, 0x7, 0x9, 0x2, 0x3f, 0x4}, r0, 0x7, r0, 0x1) creat(&(0x7f0000000180)='./file0/file0\x00', 0x42) 20:25:22 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400014a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:22 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:22 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1347.230697] binder: 4765:4767 ioctl 40046207 0 returned -16 [ 1347.230733] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 1347.230740] binder_alloc: 4765: binder_alloc_buf, no vma 20:25:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7400000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:22 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400024a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1347.385539] binder_alloc: binder_alloc_mmap_handler: 4881 20ffc000-20ffe000 already mapped failed -16 [ 1347.454991] binder: BINDER_SET_CONTEXT_MGR already set 20:25:23 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400034a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1347.481056] overlayfs: failed to resolve './file1': -2 [ 1347.496214] binder: 4881:4882 ioctl 40046207 0 returned -16 [ 1347.663471] FAT-fs (loop2): bogus number of FAT structure [ 1347.674501] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f00000000c0)={0x0, 0x1, 0x59800, 'queue0\x00', 0xcc1b}) ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) 20:25:23 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x7a00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:23 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400004b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400014b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1347.927559] binder_transaction: 24 callbacks suppressed [ 1347.927573] binder: 5003:5008 transaction failed 29201/-22, size 40-8 line 3192 [ 1347.953592] overlayfs: failed to resolve './file1': -2 20:25:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1347.992856] binder_alloc: binder_alloc_mmap_handler: 5003 20ffc000-20ffe000 already mapped failed -16 20:25:23 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.077882] binder_alloc: 5003: binder_alloc_buf, no vma [ 1348.114656] overlayfs: failed to resolve './file1': -2 20:25:23 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400024b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000000c0)='./file0/file0\x00', 0x0) 20:25:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.131355] binder: 5003:5012 transaction failed 29189/-3, size 40-8 line 3035 20:25:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x8000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:23 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:23 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:23 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400034b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.283903] binder: 5129:5130 transaction failed 29201/-22, size 40-8 line 3192 [ 1348.294847] overlayfs: workdir and upperdir must reside under the same mount [ 1348.329542] binder: BINDER_SET_CONTEXT_MGR already set 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000040)='vfat\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x400, &(0x7f0000000140)={'trans=virtio,', {[{@cache_fscache='cache=fscache'}, {@uname={'uname', 0x3d, '/^selinux*'}}, {@fscache='fscache'}, {@access_client='access=client'}, {@version_9p2000='version=9p2000'}], [{@obj_user={'obj_user', 0x3d, ':!^keyring!'}}, {@smackfshat={'smackfshat', 0x3d, 'vfat\x00'}}, {@fsname={'fsname', 0x3d, 'vfat\x00'}}, {@subj_user={'subj_user', 0x3d, '.'}}]}}) 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400004c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.359613] binder: 5129:5130 ioctl 40046207 0 returned -16 [ 1348.379231] binder: 5129:5140 transaction failed 29189/-22, size 40-8 line 2896 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xfdfdffff00000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.477079] overlayfs: workdir and upperdir must reside under the same mount [ 1348.506432] 9pnet_virtio: no channels available for device vfat 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400014c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.533450] binder: 5156:5158 transaction failed 29201/-22, size 40-8 line 3192 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1348.576805] binder: BINDER_SET_CONTEXT_MGR already set 20:25:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r1 = getgid() stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x9, &(0x7f0000000840)=[{&(0x7f0000000100)="a550f08ccf5f5fcb88ef7749bcfeb0cbf4bb85e554becdf791b6ded127cb009706c30914b8c20420b353cf21676346fe13fb28e1de", 0x35}, {&(0x7f0000000340)="0e1f4a5faf29bb535a13cb803ab14ec39f28479dfe25ce5a61c72f19148a3904981fc9a4e5be888615110e256393ebfe6e0263b0350956b648ec89477a9ee6cfa17f3db36bbf8d27e1616c8aca22d60e4a55b045fbd488941c123e8b545ea4b65353868847d0d0ed350832e6f36afe4f7dcf1c64b83df68c86005c525d12bf29e7c7f11bf7ea86f34dadce3fcdbf57f9ae7ed28f48c7fcb49a8d3e7e2bff0d9460aa90f7fdc562c9296e7c402e7a7240b27a5a8393956532a7819b2f2ca0e46afc2cb20bd0215de0da03b061a6defd84d8d08d8959967ed562be14480ffd59c6cc", 0xe1}, {&(0x7f0000000140)="c2a3f58300f2848d3fe408a980ccab468f5831791de4ae69b3d77896644779f35bf6f802e05c0e8609fb", 0x2a, 0x2}, {&(0x7f0000000180)="3405e5e3be3f2c99af98700c126971e29fa884eaa4a7666b14fbc076806b0e1eac92acbc13d82f51f228f21fa5585e0b9c4ab439a88f5bc1be3856615a3a2f4b40d56cf1a6f6a2b5d321da6bc0d48e259c06a07acc423ff9a1ac9f0b", 0x5c, 0xda}, {&(0x7f0000000440)="be54c803435f2596b3571027f1f1b4c1068d0816415485b42b64d6ae3b44e4dc8d05af58077dc39fed8a5ab505a3f2f8f41d5090c08946ff968a5d8cfeec83a6e633996fc5edeeb9c0f89de9f69ddcc54fed03701d77281c78957fbe89230da7227fce41b277947e7df730dbe1e73a0763ac57bafc8dd7fc124fd5a6c3b953c626c47560b16fba1104418bcac0", 0x8d, 0x6}, {&(0x7f0000000500)="51250373941deff02693bf6a430dab34311040bcac21b9bbff8ed45a07fb2b4a7a8d2c91f8bd2faf963a3bc976ce316cac02847f9523d022cc45ff8b34409398f13ced488737854ccffcbc3f8a9d7a0c1ee87f1dad954317c1101d3f6a95cafd711fff391a355554b61b2bb3d0da5ec246915e9393397d076e30050e8c2c572cb378697b4cfc449a6f6c909b90a80c46", 0x90}, {&(0x7f00000005c0)="43380566bbebd75a609e03524c34099c98415a0197ae4871d618075a16eccb938f72f25782f56402b5d47d2be44547f9f93b54af9bef36b4f58c1562ae10c5434efd56e265a0d1fda0d0fa3e913218846f590de6479cc456e7b2f95239c63cbd52e6f234c506d83fcfe444042043acc327faed052c9d23a2b49c224761546f209f52cd72bdef1bdd38be8aa7bf910fdfce040f8b2d21d3c16870474767bcba612533962dc056b5b23a152cce30c6257c019cea2aadf5e8180b2e5583663ce22e7d4eb059cbc6", 0xc6, 0x9}, {&(0x7f00000006c0)="770aca48fca4ce5c6c0344636d7d3269aafcd5fed9a0c0d21a3cee5983bc12c9a1b2e610b42a44de3ddd1e801ed31ec1d958998e4ea81520f65266449d2c074e42284e9baf2aac5d5da0ab7b3a0ac327da5aa6a238bb2743d7a7ea1d7523147e82e5146001957f15d7be674514f914df3c556febebf016b529f84df54911c98e13e7737e92e233706a5029041e949a2b1b8dcd8a134c06db64ed541671f8f9e9c423c8bc3f6a981af89f4804bdd2fec419e095b9c4d6b25519a194bf2cc43fbff6d42ea9c35f74943cbd5d90b0520925b6", 0xd1, 0x401}, {&(0x7f00000007c0)="8ebef5484359b6926024de865d5384cb1664a9d03dd37151f03c66e31e5223f6796a3131c918842bd354110e1b9cd872c8cbf73ca5b5f331c6cad6d1ffd657974dbff09a0f2a26daac6c39146936a04ba99a5b073ca7ed72d5b355b3b6791fd1750fbc0b1ca6f85fa4698b0be89fbe705f842d1d49b5e4863f", 0x79, 0x8}], 0xeb927c9d6e33c544, &(0x7f00000009c0)=ANY=[@ANYBLOB='utf8=0,uni_xlate=0,uni_xlate=0,gid=', @ANYRESHEX=r1, @ANYBLOB=',rodir,shortname=winnt,uid>', @ANYRESDEC=r2, @ANYBLOB="0200"]) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400024c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.615749] binder_alloc: 5156: binder_alloc_buf, no vma [ 1348.638847] binder: 5156:5163 ioctl 40046207 0 returned -16 [ 1348.655165] binder: 5156:5164 transaction failed 29189/-3, size 40-8 line 3035 20:25:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0xffffffff00000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1348.689635] overlayfs: workdir and upperdir must reside under the same mount 20:25:24 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400034c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.804314] binder: 5219:5222 transaction failed 29201/-22, size 40-8 line 3192 [ 1348.847084] binder: BINDER_SET_CONTEXT_MGR already set [ 1348.855666] overlayfs: workdir and upperdir must reside under the same mount 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002801e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 2: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x8) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400004d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1348.888990] binder_alloc: 5219: binder_alloc_buf, no vma [ 1348.906264] binder: 5219:5222 ioctl 40046207 0 returned -16 [ 1348.928315] binder: 5219:5279 transaction failed 29189/-3, size 40-8 line 3035 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003801e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x2}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:24 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400014d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1349.069163] binder_transaction: 8 callbacks suppressed [ 1349.069172] binder: 5303:5305 got transaction with too large buffer 20:25:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000000c0)={{{@in6, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8) sendmsg$xdp(r0, &(0x7f0000000900)={&(0x7f00000001c0)={0x2c, 0x0, r1, 0x39}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000240)="5e2e8aeee33c3e3a3243cf9c86b3b32f6141b74882099674e54716134c632bc39bfba9adf0807f3479eb2a6c10bc76c5aa168c79921e88a5cb", 0x39}, {&(0x7f0000000340)="cb0ab7b6aa86559efb37c4d300cad962fe21aa19ffbe063701cbe588ffdf0366d4bfec5386bec72a3702cc6973719d8061ab6137dca3654072588927ddf31ae4d6ae3357575b6e35efc1c0afce3cb37a29d619378b0b9acda3eed9322e88fd7e3689340d8feeedc09d585a9f10a1add4e6e2e960af08eedd3f4fb9740f3e876c9c81f9", 0x83}, {&(0x7f0000000400)="43aaab68cfea75d9d73056fabef340ead2cb98ba29db5b5fca0c58ba5d0ef33990334a91cbc9b8b4d02eacc54ce641691695c8f39a7bfdc4c1232a9c9ad8c3e0329e1c8737f8b7b40e33152e648f3e7dc2251affc90cc5458fd678eba10746d33ab131472d5e3024b1ae2e450274c858cea8720a6015ee3dc1dcc2295d0a85d7dacc3889f2b64e8f84971808c815465bd95fc4b2f9ae95b509f051d89b39d7f5074991b85d46acde6660b9588a02b82f8e04fda954bca6da55bcd385a2dba20ed52f59f7845c7bef013581af20fc224e9714eae2f28679a50db35081", 0xdc}, {&(0x7f0000000500)="7ba5a9f8cac8869e679c66b4d7d5dda8ebf52a688aca2f526655644d05b35e706c140a8438ae5ddd9a496f0c5af25949a8f98c608fee0ef921a6414648225c10dc2415a8f4ead83819c33a0477f0c83fa10d47db0392b84c49bb743aeef43601ffe78bf6a3738a5955404dca88d2d9f0663d5745b86061a53badac525ef3155746eea2f44fb7ef1baa5a738b9cc06474659f4996e69fdf99dfbb9e3dad405790494285ec7e1c3ae6fcb2347e4df6f52b5a654e1cbdc314e24f3448ab7d412643d049bd9b02ec2cf264528fa40408fc7a8f3d8953272d428dc3f1b2c3e51c26fe61dd7f847cdecda7d0476578494a4df12e87684de19c", 0xf6}, {&(0x7f0000000600)="73cc3f3965cb8278ed934bafb6f35153070cd4fb9b6c26fdb3a775dd52c765a2cd7026a02a5b9c6f152d2d34f43ea0f0e7b60faf3d8f01d6ac86620d5f8c51f77f201d40b249b4b8dde84e203ebc4bad9cd0175f80ad67aaaac804822718603597f9c3388480b62d61aba035a3a25afa1ea156234fa43fefdd27dab01882c8e0c2dccec44d4db53311e9bf14a2d63b7c6b03a6115134ff2911865c1d2b12", 0x9e}, {&(0x7f00000006c0)="b32ee9aab49e0599eadb61b057946a0e6863899381c1a7df0a7886f91afea820dcd01926bad55df882d553b67bc8f1834a77100d80a305f664bc650eb271823bca7a450c4fd0b5406fd080865e673e721ff7c659e47fcc0a4f89e491cc0b69ad098ed654d024ccfbc0f13f97eadf06358bd4074eab265bd7b145455e4ba85a4458e56f3473622d464560d224ffa5cb0287c9b1a3e28b2a7313d782f19a19f6adba3cb28bdf9ed705057ee76adb7c522d01cf3e3cd497", 0xb6}, {&(0x7f0000000780)="cb41a7b8615860ed5285c777290d53a292cc08c67ffc9c4cd099162c6bac57c9356b65f509af5e6ca60a81c01153fa6160890ef51d124fce36c11d96f6afc07178ad239cf7e2bdb14cc96d6110243fba7b46f5632c121fba2a1fb1e955ac4d74ee6e1afda14fdf485658c09481a832d6adec10536f3ff5eb65a3f2162013b43e3b35b55bb6759dd5a86b2564c691a7eab374542a5ccbf5c7663baa81b56ffed7566f601f3d23ddafcc381eea2ec151f6cda61f78c9be9e2c5785cb7f2a8a1a177eb4547a3a134ee1", 0xc8}], 0x7, 0x0, 0x0, 0x40000}, 0x4000) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000940)=""/182, &(0x7f0000000a00)=0xb6) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1349.151127] overlayfs: workdir and upperdir must reside under the same mount [ 1349.173502] binder: 5303:5305 transaction failed 29201/-22, size 40-8 line 3192 20:25:24 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400024d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:24 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1349.221063] binder: BINDER_SET_CONTEXT_MGR already set 20:25:24 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1349.251698] binder: 5303:5305 ioctl 40046207 0 returned -16 [ 1349.253424] binder_alloc: 5303: binder_alloc_buf, no vma 20:25:24 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r1 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0) dup2(r0, r1) r2 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x8, 0x81) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f00000001c0)=0xffffffffffffffff) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000100)={0x6, 0xf000}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$VIDIOC_G_MODULATOR(r3, 0xc0445636, &(0x7f0000000140)={0x4, "da5d6fc0165fed9d326d0fe80bd24fd4970e92b76a6e4994b3d511cc77d50bba", 0x400, 0x7fffffff, 0x80000000, 0x11, 0x5}) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000040)) ioctl$VIDIOC_S_MODULATOR(r3, 0x40445637, &(0x7f0000000340)={0x6, "b550996b605c250386007c0e253f53e71a37eb7aef1e6c3a3409be4d84df1878", 0x0, 0x4, 0x8000000, 0x1, 0x3}) [ 1349.297611] binder: 5303:5316 transaction failed 29189/-3, size 40-8 line 3035 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1349.355350] overlayfs: workdir and upperdir must reside under the same mount 20:25:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x3}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400034d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400004e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 2: r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f00000000c0)=0x10, 0x80000) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000100), &(0x7f0000000140)=0x4) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x80000, 0xfffffffffffffffc) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) [ 1349.482610] binder: 5335:5336 got transaction with too large buffer [ 1349.505251] binder: BINDER_SET_CONTEXT_MGR already set [ 1349.527188] binder_alloc: 5335: binder_alloc_buf, no vma 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1349.555317] binder: 5335:5336 ioctl 40046207 0 returned -16 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400014e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400024e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000140)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x1f5}], 0x10000, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) getxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@random={'osx.', '\x00'}, &(0x7f0000000340)=""/252, 0xfc) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000040)) [ 1349.721124] binder: 5355:5356 got transaction with too large buffer 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1349.780511] binder_alloc: 5355: binder_alloc_buf, no vma [ 1349.810870] binder: BINDER_SET_CONTEXT_MGR already set 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1349.829652] binder: 5355:5356 ioctl 40046207 0 returned -16 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400034e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x5}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x3) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 0: mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1350.015188] binder: 5382:5383 got transaction with too large buffer [ 1350.050530] binder: BINDER_SET_CONTEXT_MGR already set 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400004f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.061420] binder_alloc: 5382: binder_alloc_buf, no vma 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.095115] binder: 5382:5383 ioctl 40046207 0 returned -16 [ 1350.134865] binder_release_work: 23 callbacks suppressed 20:25:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x242}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400014f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1350.134871] binder: undelivered TRANSACTION_ERROR: 29201 [ 1350.149370] binder: undelivered TRANSACTION_ERROR: 29189 20:25:25 executing program 0: mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:25 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:25 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400024f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.263706] binder: 5406:5407 got transaction with too large buffer [ 1350.298092] binder_alloc_mmap_handler: 7 callbacks suppressed [ 1350.298107] binder_alloc: binder_alloc_mmap_handler: 5406 20ffc000-20ffe000 already mapped failed -16 20:25:25 executing program 2: r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000300)='./file0\x00', 0x1) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x68, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e20, 0x8bc, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x9}, @in={0x2, 0x4e23, @rand_addr=0x40}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e20, 0x7ff, @mcast1, 0xfff}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in6={{0xa, 0x4e23, 0x7, @mcast2, 0x100}}, 0xffffffffffffffff, 0x6, 0x6, 0x3, 0x2}, &(0x7f00000002c0)=0x98) mknod$loop(&(0x7f0000000040)='./file0\x00', 0xf000, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0xae, 0x0) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.342519] binder: BINDER_SET_CONTEXT_MGR already set [ 1350.368895] binder: 5406:5407 ioctl 40046207 0 returned -16 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400034f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 0: mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.514220] binder_alloc: 5406: binder_alloc_buf, no vma [ 1350.539176] binder: undelivered TRANSACTION_ERROR: 29201 [ 1350.545356] binder: undelivered TRANSACTION_ERROR: 29189 20:25:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x100, 0x101800) perf_event_open(&(0x7f0000000240)={0x0, 0x70, 0x3, 0x4b, 0x7, 0x6, 0x0, 0x1, 0x0, 0x9, 0x3ff, 0x4, 0x6, 0x5, 0x6, 0xce4, 0x1000, 0x200, 0x76a0000000000, 0xfffffffffffffffb, 0xd8, 0x5448, 0x9, 0x8, 0x0, 0x2e97, 0x9, 0x100000000, 0x8, 0x0, 0x92, 0x5, 0x8, 0x7, 0xfffffffffffffff7, 0x6, 0x9, 0x7, 0x0, 0x8001, 0x10000006, @perf_config_ext={0x4, 0x3f}, 0x1, 0x1, 0x8, 0x7, 0x7fff, 0x7ff8000, 0x1}, 0x0, 0x81, r0, 0x3) time(&(0x7f0000000040)) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_buf(r1, 0x6, 0x21, &(0x7f0000000100)="8d6828a3b1a5cf4abc2baabb9106a2ba09910ad92133572e9065216e9ad290ad7f0ad063e8aa00ce16d60e5b312dfd23daef41f4fde79ee9797132f99b6881411c8f65e492a8b3248740c76d87b34600db1f6d162940fe5f37f9b4150a99d8616d9e26e47f60990b38b0dea51fc937d02c4bfd5b614a78dc728cee0788f778af6f6dd84e80edb2320b657130876ac03849026a3a8934bbde7b58e94e26e48250d308d4b767024351b42a", 0xaa) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f0000000340)="bb778ceef47fb73fb002156d0b8bc4477cda71fccc2edc30f1adf3a92a1df10f3b91a098bcee19362c8be5c497856ce6928429676b3611cf35a953dc76c113c258e2c912fc4dc16ed959c8fc2796f9789a58d2063402674d6279da84b304dfde93b105b426c24c9b1a311068090b4d7901538b98160364fc8907839ca076afce75076faf3bb3f9699e764e2ea703586f818e2f46da872cbe08e7a2a0719fbbe346e8b38e4a8e43b40780476ddb43cb822a7792b7c6fec3fc6015e6242f5e2292ebb26184cbf677848555a2e173a0adc48248deec3c00f76c8eb5f09887259ffc707cc51201b62de6ee4011cc999087210a8d40a5c4c81f9d5af934beb4585269709c57ac6f198bc7bfd6250cc7c8b522149e87a512869e8fcb33edde817dda1a7d6073ed5b8969fffab252d162cc6052fcec36e83727272ba135e3feded15ace5d8187d7c80f8b62aa83872d24d72fc539d41847044e85a77127b4f90b0ea815d8a21207eb5c405067cc77d009b524c3d3121d45070578ab29fd966d8f90399c17fddaed2bfe519c9c7d62c11ccb41417568fa91c26950eb94b7d013be0bda69bae0ba60b72596dfe134cd309050b47cde02f6d0fca7b16923b7bdf85783cca07a718857c74a7962113039d9eeafa36d4315b8c0d8d8208e450554faade96bba65570713126f67883bf99dcfa3c2744ca1555364045cbce96d37eda2188cd94e827f15868fa3a4f0a719c6c76fb3660b83750087ab7acc76fd921d93ce7f78179a49ba62eb717bd48b7b16f3a3dc6fc37107f1f395a825026e54b31065cd696ac464dff7c5ecbee9984535b686fa4940e62f128f4cd165087227df706e4ee9") ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f00000005c0)={{0x0, 0x9}, 'port1\x00', 0x20, 0x100074, 0x8, 0x4, 0x96c, 0x101, 0x100000001, 0x0, 0x7, 0x3}) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000501e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.628886] net_ratelimit: 25 callbacks suppressed [ 1350.628893] protocol 88fb is buggy, dev hsr_slave_0 [ 1350.628925] protocol 88fb is buggy, dev hsr_slave_1 [ 1350.633902] protocol 88fb is buggy, dev hsr_slave_1 [ 1350.638977] protocol 88fb is buggy, dev hsr_slave_0 [ 1350.653971] protocol 88fb is buggy, dev hsr_slave_1 [ 1350.670332] binder: 5441:5442 got transaction with too large buffer 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001501e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 0: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.687399] binder_alloc: binder_alloc_mmap_handler: 5441 20ffc000-20ffe000 already mapped failed -16 [ 1350.725440] binder: BINDER_SET_CONTEXT_MGR already set 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0x1, 0x100}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000100)={r1, 0x1d, "d1236ce447eefacba5af4c674451589f4846fc61d1423004097935ae73"}, &(0x7f0000000140)=0x25) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) [ 1350.753159] binder: 5441:5442 ioctl 40046207 0 returned -16 [ 1350.754004] binder_alloc: 5441: binder_alloc_buf, no vma 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002501e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xa}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1350.799130] binder: undelivered TRANSACTION_ERROR: 29201 [ 1350.816653] binder: undelivered TRANSACTION_ERROR: 29189 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 0: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.868839] protocol 88fb is buggy, dev hsr_slave_0 [ 1350.874031] protocol 88fb is buggy, dev hsr_slave_1 [ 1350.879165] protocol 88fb is buggy, dev hsr_slave_0 [ 1350.880967] binder: 5462:5463 got transaction with too large buffer [ 1350.884210] protocol 88fb is buggy, dev hsr_slave_1 [ 1350.895714] protocol 88fb is buggy, dev hsr_slave_0 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003501e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1350.949657] binder_alloc: binder_alloc_mmap_handler: 5462 20ffc000-20ffe000 already mapped failed -16 [ 1351.008913] binder: BINDER_SET_CONTEXT_MGR already set 20:25:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x1000002) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 0: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000511e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.032344] binder: 5462:5463 ioctl 40046207 0 returned -16 [ 1351.064727] binder: undelivered TRANSACTION_ERROR: 29201 [ 1351.072583] binder: undelivered TRANSACTION_ERROR: 29189 20:25:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x24}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001511e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.186682] binder: 5584:5588 got transaction with too large buffer 20:25:26 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/netfilter\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f00000000c0)=0x40) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) getsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000180), &(0x7f00000001c0)=0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:26 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002511e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1351.237367] binder_alloc: binder_alloc_mmap_handler: 5584 20ffc000-20ffe000 already mapped failed -16 [ 1351.270178] binder: undelivered TRANSACTION_ERROR: 29201 [ 1351.276877] binder: undelivered TRANSACTION_ERROR: 29189 20:25:26 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:26 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x30}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003511e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x7ffffffd, 0x4) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.399025] binder: 5607:5608 got transaction with too large buffer [ 1351.426409] binder_alloc: binder_alloc_mmap_handler: 5607 20ffc000-20ffe000 already mapped failed -16 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.455512] binder: BINDER_SET_CONTEXT_MGR already set 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000521e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1351.488638] binder: 5607:5608 ioctl 40046207 0 returned -16 20:25:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) write$cgroup_subtree(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='-memory -cvu '], 0xd) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x80, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, &(0x7f0000000100)={0x2, 0xffff, 0x5b19, 0x400}) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001521e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x48}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002521e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.650957] binder: 5629:5633 got transaction with too large buffer [ 1351.689904] binder_alloc: binder_alloc_mmap_handler: 5629 20ffc000-20ffe000 already mapped failed -16 20:25:27 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="eb58906d6b66732e66617400020120000200008000f8", 0x2}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f00000001c0), 0x4) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$KDENABIO(r0, 0x4b36) getsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000100), &(0x7f0000000180)=0x4) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x40000002, 0x68, 0x3f}) 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003521e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.735470] binder: BINDER_SET_CONTEXT_MGR already set [ 1351.759840] binder: 5629:5633 ioctl 40046207 0 returned -16 20:25:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4c}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.901167] FAT-fs (loop2): bogus number of reserved sectors [ 1351.926285] binder_alloc: binder_alloc_mmap_handler: 5658 20ffc000-20ffe000 already mapped failed -16 [ 1351.926391] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000531e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1351.955206] binder: BINDER_SET_CONTEXT_MGR already set [ 1351.965569] binder: 5658:5660 ioctl 40046207 0 returned -16 20:25:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x60}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1352.009737] FAT-fs (loop2): bogus number of reserved sectors [ 1352.015839] FAT-fs (loop2): Can't find a valid FAT filesystem 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001531e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.089004] binder_alloc: binder_alloc_mmap_handler: 5726 20ffc000-20ffe000 already mapped failed -16 [ 1352.131431] binder: BINDER_SET_CONTEXT_MGR already set 20:25:27 executing program 2: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockname(r0, &(0x7f00000000c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, &(0x7f0000000140)=0x80) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000040)={0x0, 0x425, 0xf54e, 0x65c, 0x1000, 0x5}) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1352.152694] binder: 5726:5727 ioctl 40046207 0 returned -16 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x68}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:27 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002531e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x10000000003fd, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000600)={0x3, r0}) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f00000004c0)={0x5, 0x0, 0x3002, 0x88, 0x49, 0x2, 0x5c5b}) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000440)={'filter\x00'}, &(0x7f0000000000)=0x78) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@remote, @in=@broadcast}}, {{@in=@multicast1}, 0x0, @in=@broadcast}}, &(0x7f0000000040)=0xe8) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000340)=""/140, &(0x7f0000000240)=0x8c) r1 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0xd, 0x0) mkdirat(r0, &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffc) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000500)={0x0, 0xffffffffffffffa0}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000580)={r2, 0x1}, &(0x7f0000000640)=0x8) 20:25:27 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.310055] binder_alloc: binder_alloc_mmap_handler: 5793 20ffc000-20ffe000 already mapped failed -16 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003531e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.367190] binder: BINDER_SET_CONTEXT_MGR already set [ 1352.381273] binder: 5793:5794 ioctl 40046207 0 returned -16 20:25:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x1, 0x0) ioctl$VT_WAITACTIVE(r0, 0x5607) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x1ff, 0x1240000000000000}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000240)={r1, 0x9}, &(0x7f00000004c0)=0x8) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000009c0)=0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000a00)={0x3}) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000980)={&(0x7f0000000500), 0xc, &(0x7f0000000940)={&(0x7f0000000580)={0x3a8, r3, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0xa8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'yam0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8000}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast2}}, {0x14, 0x2, @in={0x2, 0x4e22, @multicast2}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x4, @ipv4={[], [], @empty}, 0x2}}}}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xc5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x10001}]}, @TIPC_NLA_LINK={0xdc, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x57}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa2c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffffe}]}]}, @TIPC_NLA_BEARER={0xe0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x1, @remote, 0x9}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x9, @rand_addr="d966e89736fb24d33b6bf381718d2a78", 0x6}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'vlan0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x10001, @local, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x400, @ipv4={[], [], @local}, 0x5}}}}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xca3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9360}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xce0}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x325}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}]}, @TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x118fe552}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3b9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER={0x68, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1c04}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x7fffffff, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x10001, @dev={0xfe, 0x80, [], 0x1c}, 0x1f}}}}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}]}, 0x3a8}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040000) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="00fb56070264764c125234faa8ab4f3081b038ed1a690a3ca536542c3b4e5d03e14127f5bd075331e131236eb887aca98e75ef130e39e0e240e7ef39086a224d831f58c9d7bfbf7961df26293db731909e0692944f9538f8864c1ea675aa6a0b42710e538a9240afdb3393687b596c70f447812088eca37a8fc8d01b4619e90476913782be3de61218a577a46ed83ffe43e68c3590d638ce55fc8ff855ab077410d7db90590a8705671d2f87eb6746f888e5ca524192efa88d1e9bda2bd130ca71d6f0ede8cf94c1322fc6e08ed51d35c2ea317102fb2a7a3da8507c0f26ae47bf3ff8efbc8f411f8dffffcbf023809ba762d8197715c3813cf36600563824e7b4286f36e208921985398dbe3a40ec104b9e4d0760fc5c7a3c2192f6bc527b35d6ea76affa290459038d6401569333da38b275f79d5b1afa679174e42bbe4df9b3"], 0x56, 0x2) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'U+'}, 0x28, 0x0) [ 1352.419602] binder_alloc_new_buf_locked: 5 callbacks suppressed [ 1352.419609] binder_alloc: 5793: binder_alloc_buf, no vma 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000541e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6c}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001541e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002541e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x1000000000000000) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0xc000, 0x0) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.674047] overlayfs: workdir and upperdir must reside under the same mount [ 1352.698157] binder_alloc: binder_alloc_mmap_handler: 5931 20ffc000-20ffe000 already mapped failed -16 20:25:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1352.736650] binder: BINDER_SET_CONTEXT_MGR already set 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003541e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.775500] binder: 5931:5932 ioctl 40046207 0 returned -16 [ 1352.775550] binder_alloc: 5931: binder_alloc_buf, no vma 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x74}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.824211] overlayfs: workdir and upperdir must reside under the same mount 20:25:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x42) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000551e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.910969] binder: BINDER_SET_CONTEXT_MGR already set [ 1352.930510] binder_alloc: 5953: binder_alloc_buf, no vma [ 1352.945064] binder: 5953:5954 ioctl 40046207 0 returned -16 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1352.964576] binder_transaction: 26 callbacks suppressed [ 1352.964591] binder: 5953:5955 transaction failed 29189/-3, size 40-8 line 3035 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001551e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.013938] overlayfs: workdir and upperdir must reside under the same mount 20:25:28 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000018c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 20:25:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7a}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:28 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002551e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.191993] binder: 5977:5981 transaction failed 29201/-22, size 40-8 line 3192 [ 1353.226793] overlayfs: workdir and upperdir must reside under the same mount 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.238623] binder: BINDER_SET_CONTEXT_MGR already set 20:25:28 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000200)='./file0\x00', 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='ceph\x00', 0x0, 0x0) [ 1353.266512] binder: 5977:5981 ioctl 40046207 0 returned -16 [ 1353.296480] binder: 5977:5987 transaction failed 29189/-22, size 40-8 line 2896 20:25:28 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:28 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.316266] ceph: device name is missing path (no : separator in ./file0) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003551e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x300}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1353.358081] ceph: device name is missing path (no : separator in ./file0) 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 2: syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x0) r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x10000080002, 0x0) dup2(r0, r1) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000561e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.448495] overlayfs: workdir and upperdir must reside under the same mount [ 1353.465000] binder: 6005:6007 transaction failed 29201/-22, size 40-8 line 3192 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.523083] binder: BINDER_SET_CONTEXT_MGR already set 20:25:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001561e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.546892] binder: 6005:6017 ioctl 40046207 0 returned -16 [ 1353.577866] binder_alloc: 6005: binder_alloc_buf, no vma 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002561e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.602080] overlayfs: workdir and upperdir must reside under the same mount [ 1353.612232] binder: 6005:6018 transaction failed 29189/-3, size 40-8 line 3035 20:25:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x500}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f023c123f3188a070") r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000080)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcd, &(0x7f0000000200)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003561e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.740155] binder: 6032:6033 transaction failed 29201/-22, size 40-8 line 3192 [ 1353.767399] overlayfs: failed to resolve './file1': -2 [ 1353.767541] binder_alloc: 6032: binder_alloc_buf, no vma [ 1353.772881] binder: BINDER_SET_CONTEXT_MGR already set [ 1353.772895] binder: 6032:6033 ioctl 40046207 0 returned -16 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.798877] binder: 6032:6037 transaction failed 29189/-3, size 40-8 line 3035 20:25:29 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'nr0\x01\x00', 0x2}) r1 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r1, &(0x7f0000002000)='/', 0x1) sendfile(r1, r1, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) ioctl$TUNSETSTEERINGEBPF(r0, 0x400454d1, &(0x7f00000000c0)) 20:25:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000571e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1353.906404] overlayfs: failed to resolve './file1': -2 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x600}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001571e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.020306] binder: 6061:6062 transaction failed 29201/-22, size 40-8 line 3192 [ 1354.047961] overlayfs: failed to resolve './file1': -2 [ 1354.058903] binder: BINDER_SET_CONTEXT_MGR already set 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002571e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.079207] binder: 6061:6062 ioctl 40046207 0 returned -16 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.129862] binder: 6061:6066 transaction failed 29189/-22, size 40-8 line 2896 20:25:29 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:29 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003571e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x700}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:29 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.372729] binder_transaction: 9 callbacks suppressed [ 1354.372737] binder: 6077:6078 got transaction with too large buffer 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000581e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.424760] binder: 6077:6078 transaction failed 29201/-22, size 40-8 line 3192 20:25:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1354.468276] binder: BINDER_SET_CONTEXT_MGR already set [ 1354.494958] binder_alloc: 6077: binder_alloc_buf, no vma [ 1354.513701] binder: 6077:6087 ioctl 40046207 0 returned -16 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001581e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xa00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.660985] binder: 6102:6105 got transaction with too large buffer [ 1354.691689] binder: BINDER_SET_CONTEXT_MGR already set 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002581e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.709346] binder_alloc: 6102: binder_alloc_buf, no vma [ 1354.718556] binder: 6102:6106 ioctl 40046207 0 returned -16 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003581e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x2000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.837116] binder: 6118:6119 got transaction with too large buffer 20:25:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1354.891726] binder: BINDER_SET_CONTEXT_MGR already set [ 1354.897304] binder_alloc: 6118: binder_alloc_buf, no vma 20:25:30 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240065581e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1354.936935] binder: 6118:6119 ioctl 40046207 0 returned -16 20:25:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x2400}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1355.079566] binder: 6135:6138 got transaction with too large buffer 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000591e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.126463] binder: BINDER_SET_CONTEXT_MGR already set 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.147697] binder_alloc: 6135: binder_alloc_buf, no vma [ 1355.173344] binder_release_work: 27 callbacks suppressed [ 1355.173351] binder: undelivered TRANSACTION_ERROR: 29201 [ 1355.185158] binder: 6135:6142 ioctl 40046207 0 returned -16 20:25:30 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1355.211108] binder: undelivered TRANSACTION_ERROR: 29189 20:25:30 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001591e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x3000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:30 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.358587] binder: 6160:6161 got transaction with too large buffer [ 1355.395938] binder_alloc_mmap_handler: 9 callbacks suppressed 20:25:31 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002591e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.395952] binder_alloc: binder_alloc_mmap_handler: 6160 20ffc000-20ffe000 already mapped failed -16 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003591e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.505549] binder: BINDER_SET_CONTEXT_MGR already set [ 1355.505565] binder_alloc: 6160: binder_alloc_buf, no vma [ 1355.531114] binder: 6160:6161 ioctl 40046207 0 returned -16 [ 1355.579255] binder: undelivered TRANSACTION_ERROR: 29201 [ 1355.589957] binder: undelivered TRANSACTION_ERROR: 29189 20:25:31 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4800}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400005a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400015a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) [ 1355.775085] binder: 6193:6194 got transaction with too large buffer 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.839777] binder_alloc: binder_alloc_mmap_handler: 6193 20ffc000-20ffe000 already mapped failed -16 [ 1355.874953] binder: BINDER_SET_CONTEXT_MGR already set [ 1355.880383] binder: 6193:6194 ioctl 40046207 0 returned -16 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1355.925500] binder: undelivered TRANSACTION_ERROR: 29201 20:25:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4c00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400025a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.038575] binder: 6209:6211 got transaction with too large buffer [ 1356.074975] binder_alloc: binder_alloc_mmap_handler: 6209 20ffc000-20ffe000 already mapped failed -16 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400035a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1356.130041] binder: undelivered TRANSACTION_ERROR: 29189 [ 1356.135610] binder: undelivered TRANSACTION_ERROR: 29201 20:25:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:31 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400005b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.240656] binder: 6231:6232 got transaction with too large buffer 20:25:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:31 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.287277] binder_alloc: binder_alloc_mmap_handler: 6231 20ffc000-20ffe000 already mapped failed -16 20:25:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400015b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1356.399122] binder: undelivered TRANSACTION_ERROR: 29201 [ 1356.409306] binder: undelivered TRANSACTION_ERROR: 29189 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6800}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400025b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.497487] binder: 6256:6257 got transaction with too large buffer [ 1356.536202] binder_alloc: binder_alloc_mmap_handler: 6256 20ffc000-20ffe000 already mapped failed -16 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400035b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.601166] binder: BINDER_SET_CONTEXT_MGR already set [ 1356.606620] binder: 6256:6267 ioctl 40046207 0 returned -16 [ 1356.606633] binder: undelivered TRANSACTION_ERROR: 29189 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6c00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400005c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.745023] overlayfs: missing 'lowerdir' 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400015c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.785428] binder: 6282:6285 got transaction with too large buffer [ 1356.814628] binder_alloc: binder_alloc_mmap_handler: 6282 20ffc000-20ffe000 already mapped failed -16 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.859029] binder: BINDER_SET_CONTEXT_MGR already set [ 1356.864415] binder: 6282:6285 ioctl 40046207 0 returned -16 [ 1356.870232] net_ratelimit: 23 callbacks suppressed [ 1356.870238] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.870272] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.870285] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.870368] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.870413] protocol 88fb is buggy, dev hsr_slave_1 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1356.906602] overlayfs: missing 'lowerdir' 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7400}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400025c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.069391] binder_alloc: binder_alloc_mmap_handler: 6307 20ffc000-20ffe000 already mapped failed -16 [ 1357.090264] overlayfs: missing 'lowerdir' [ 1357.107463] binder: BINDER_SET_CONTEXT_MGR already set [ 1357.113030] protocol 88fb is buggy, dev hsr_slave_0 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400035c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.113084] protocol 88fb is buggy, dev hsr_slave_1 [ 1357.113169] protocol 88fb is buggy, dev hsr_slave_0 [ 1357.113218] protocol 88fb is buggy, dev hsr_slave_1 [ 1357.113312] protocol 88fb is buggy, dev hsr_slave_0 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400005d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.210662] overlayfs: missing 'lowerdir' 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.272069] binder: 6307:6311 ioctl 40046207 0 returned -16 20:25:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7a00}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:32 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:32 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400015d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:32 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003911e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.372080] overlayfs: missing 'lowerdir' 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400025d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1357.420517] binder_alloc: binder_alloc_mmap_handler: 6345 20ffc000-20ffe000 already mapped failed -16 20:25:33 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.485791] binder: BINDER_SET_CONTEXT_MGR already set [ 1357.504504] binder: 6345:6350 ioctl 40046207 0 returned -16 [ 1357.530123] overlayfs: missing 'lowerdir' [ 1357.538047] binder_alloc_new_buf_locked: 5 callbacks suppressed [ 1357.538054] binder_alloc: 6345: binder_alloc_buf, no vma 20:25:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x1000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400035d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1357.660818] overlayfs: missing 'lowerdir' 20:25:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.701746] binder_alloc: binder_alloc_mmap_handler: 6373 20ffc000-20ffe000 already mapped failed -16 [ 1357.732994] binder: BINDER_SET_CONTEXT_MGR already set [ 1357.747669] overlayfs: missing 'lowerdir' 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400005e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.768383] binder_alloc: 6373: binder_alloc_buf, no vma 20:25:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1357.829754] binder: 6373:6374 ioctl 40046207 0 returned -16 20:25:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x2000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:33 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003921e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400015e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.925516] overlayfs: missing 'lowerdir' [ 1357.950176] binder_alloc: binder_alloc_mmap_handler: 6391 20ffc000-20ffe000 already mapped failed -16 [ 1357.965314] overlayfs: failed to resolve './file1': -2 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400025e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1357.996458] binder: BINDER_SET_CONTEXT_MGR already set 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1358.024907] binder: 6391:6392 ioctl 40046207 0 returned -16 [ 1358.047957] binder_alloc: 6391: binder_alloc_buf, no vma 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400035e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1358.088075] binder_transaction: 25 callbacks suppressed [ 1358.088091] binder: 6391:6401 transaction failed 29189/-3, size 40-8 line 3035 [ 1358.096342] overlayfs: unrecognized mount option "lowerdir" or missing value 20:25:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x3000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:33 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1358.174388] overlayfs: failed to resolve './file1': -2 20:25:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400005f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:33 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1358.246382] overlayfs: unrecognized mount option "lowerdir" or missing value [ 1358.260479] binder: 6419:6421 transaction failed 29201/-22, size 40-8 line 3192 [ 1358.303407] binder: BINDER_SET_CONTEXT_MGR already set 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003931e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400015f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1358.336607] binder: 6419:6425 ioctl 40046207 0 returned -16 [ 1358.336693] binder_alloc: 6419: binder_alloc_buf, no vma [ 1358.343315] overlayfs: failed to resolve './file1': -2 [ 1358.371688] binder: 6419:6427 transaction failed 29189/-3, size 40-8 line 3035 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1358.444930] overlayfs: unrecognized mount option "lowerdir" or missing value 20:25:34 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400025f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1358.532300] binder: 6441:6442 transaction failed 29201/-22, size 40-8 line 3192 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400035f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1358.591269] binder: BINDER_SET_CONTEXT_MGR already set [ 1358.596672] binder: 6441:6442 ioctl 40046207 0 returned -16 [ 1358.621286] overlayfs: unrecognized mount option "wor" or missing value [ 1358.628904] binder_alloc: 6441: binder_alloc_buf, no vma [ 1358.634389] binder: 6441:6451 transaction failed 29189/-3, size 40-8 line 3035 20:25:34 executing program 2: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x5000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000601e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003941e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1358.799251] overlayfs: unrecognized mount option "wor" or missing value [ 1358.831203] binder: 6470:6471 transaction failed 29201/-22, size 40-8 line 3192 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001601e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1358.868276] binder: BINDER_SET_CONTEXT_MGR already set 20:25:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1358.916124] binder: 6470:6471 ioctl 40046207 0 returned -16 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002601e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1358.980426] overlayfs: unrecognized mount option "wor" or missing value [ 1359.020533] binder: 6485:6486 transaction failed 29201/-22, size 40-8 line 3192 20:25:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1359.066523] binder: BINDER_SET_CONTEXT_MGR already set 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 2: mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003601e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.088849] binder: 6485:6486 ioctl 40046207 0 returned -16 [ 1359.122214] binder: 6485:6490 transaction failed 29189/-22, size 40-8 line 2896 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:34 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000611e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.208465] overlayfs: workdir and upperdir must be separate subtrees 20:25:34 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1359.267367] overlayfs: failed to resolve './file1': -2 [ 1359.277328] binder: 6507:6508 transaction failed 29201/-22, size 40-8 line 3192 20:25:34 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003951e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 2: mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1359.317605] binder: BINDER_SET_CONTEXT_MGR already set [ 1359.334572] binder_alloc: 6507: binder_alloc_buf, no vma [ 1359.345692] overlayfs: workdir and upperdir must be separate subtrees [ 1359.355856] binder: 6507:6508 ioctl 40046207 0 returned -16 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001611e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1359.382156] binder: 6507:6513 transaction failed 29189/-3, size 40-8 line 3035 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xa000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1359.453753] overlayfs: failed to resolve './file1': -2 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002611e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 2: mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.496833] overlayfs: workdir and upperdir must be separate subtrees [ 1359.523004] binder_transaction: 9 callbacks suppressed [ 1359.523012] binder: 6528:6530 got transaction with too large buffer 20:25:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.573989] overlayfs: failed to resolve './file1': -2 [ 1359.580750] binder_alloc: 6528: binder_alloc_buf, no vma [ 1359.595803] binder: BINDER_SET_CONTEXT_MGR already set [ 1359.617991] binder: 6528:6530 ioctl 40046207 0 returned -16 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003611e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1359.669663] overlayfs: failed to resolve './fi': -2 20:25:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x20000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000621e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003961e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.750174] binder: 6550:6552 got transaction with too large buffer 20:25:35 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001621e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.811435] binder: BINDER_SET_CONTEXT_MGR already set [ 1359.816877] binder: 6550:6552 ioctl 40046207 0 returned -16 [ 1359.837498] binder_alloc: 6550: binder_alloc_buf, no vma [ 1359.849644] overlayfs: failed to resolve './fi': -2 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x24000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002621e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1359.985160] binder: 6569:6570 got transaction with too large buffer 20:25:35 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1360.027534] binder: BINDER_SET_CONTEXT_MGR already set 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.060912] overlayfs: failed to resolve './fi': -2 [ 1360.078870] binder: 6569:6570 ioctl 40046207 0 returned -16 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003621e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x30000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.167815] binder: 6582:6583 got transaction with too large buffer [ 1360.202436] binder: BINDER_SET_CONTEXT_MGR already set 20:25:35 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000631e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.218676] overlayfs: failed to resolve './file': -2 [ 1360.231637] binder_alloc: 6582: binder_alloc_buf, no vma [ 1360.252395] binder_release_work: 25 callbacks suppressed [ 1360.252402] binder: undelivered TRANSACTION_ERROR: 29201 20:25:35 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1360.266105] binder: 6582:6589 ioctl 40046207 0 returned -16 20:25:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:35 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003971e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:35 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001631e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.308719] binder: undelivered TRANSACTION_ERROR: 29189 20:25:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x48000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1360.393898] overlayfs: failed to resolve './file': -2 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002631e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.442257] binder: 6607:6609 got transaction with too large buffer 20:25:36 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1360.486839] binder_alloc_mmap_handler: 9 callbacks suppressed [ 1360.486852] binder_alloc: binder_alloc_mmap_handler: 6607 20ffc000-20ffe000 already mapped failed -16 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.541956] overlayfs: failed to resolve './file': -2 [ 1360.545860] binder: BINDER_SET_CONTEXT_MGR already set [ 1360.568231] binder: 6607:6609 ioctl 40046207 0 returned -16 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003631e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.590854] binder_alloc: 6607: binder_alloc_buf, no vma 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(0x0, 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:36 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1360.641173] binder: undelivered TRANSACTION_ERROR: 29201 [ 1360.649239] binder: undelivered TRANSACTION_ERROR: 29189 20:25:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4c000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(0x0, 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1360.756406] binder: 6629:6633 got transaction with too large buffer [ 1360.782425] binder_alloc: binder_alloc_mmap_handler: 6629 20ffc000-20ffe000 already mapped failed -16 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003981e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1360.858943] binder: BINDER_SET_CONTEXT_MGR already set [ 1360.877756] binder: 6629:6633 ioctl 40046207 0 returned -16 20:25:36 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(0x0, 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1360.908209] binder: undelivered TRANSACTION_ERROR: 29201 [ 1360.916190] binder: undelivered TRANSACTION_ERROR: 29189 20:25:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x60000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1361.045391] binder: 6654:6655 got transaction with too large buffer [ 1361.083696] binder_alloc: binder_alloc_mmap_handler: 6654 20ffc000-20ffe000 already mapped failed -16 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003641e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1361.125784] binder: BINDER_SET_CONTEXT_MGR already set [ 1361.162495] binder: 6654:6655 ioctl 40046207 0 returned -16 20:25:36 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1361.200981] binder: undelivered TRANSACTION_ERROR: 29201 [ 1361.212088] binder: undelivered TRANSACTION_ERROR: 29189 20:25:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x68000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:36 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1361.322831] binder: 6688:6689 got transaction with too large buffer 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003991e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1361.373281] binder_alloc: binder_alloc_mmap_handler: 6688 20ffc000-20ffe000 already mapped failed -16 [ 1361.404791] binder: BINDER_SET_CONTEXT_MGR already set [ 1361.417636] binder: 6688:6689 ioctl 40046207 0 returned -16 20:25:37 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, 0x0, r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1361.434309] binder: undelivered TRANSACTION_ERROR: 29201 [ 1361.444412] binder: undelivered TRANSACTION_ERROR: 29189 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6c000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, 0x0, r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1361.589750] binder: 6715:6716 got transaction with too large buffer [ 1361.610917] binder_alloc: binder_alloc_mmap_handler: 6715 20ffc000-20ffe000 already mapped failed -16 [ 1361.633938] binder: BINDER_SET_CONTEXT_MGR already set 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1361.665757] binder: 6715:6716 ioctl 40046207 0 returned -16 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x74000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:37 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, 0x0, r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240058651e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1361.826119] binder: 6728:6732 got transaction with too large buffer [ 1361.839418] binder_alloc: binder_alloc_mmap_handler: 6728 20ffc000-20ffe000 already mapped failed -16 20:25:37 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1361.868458] binder: BINDER_SET_CONTEXT_MGR already set [ 1361.888724] binder: 6728:6732 ioctl 40046207 0 returned -16 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7a000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:37 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.229443] binder_alloc: binder_alloc_mmap_handler: 6757 20ffc000-20ffe000 already mapped failed -16 20:25:37 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.274560] binder: BINDER_SET_CONTEXT_MGR already set 20:25:37 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:37 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1362.298655] binder: 6757:6758 ioctl 40046207 0 returned -16 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.367605] overlayfs: missing 'lowerdir' 20:25:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xfdfdffff}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003661e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.507657] binder_alloc: binder_alloc_mmap_handler: 6781 20ffc000-20ffe000 already mapped failed -16 [ 1362.515372] overlayfs: missing 'lowerdir' 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.575450] binder: BINDER_SET_CONTEXT_MGR already set [ 1362.575471] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 1362.575478] binder_alloc: 6781: binder_alloc_buf, no vma 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.643831] binder: 6781:6782 ioctl 40046207 0 returned -16 [ 1362.654788] overlayfs: missing 'lowerdir' 20:25:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xfffffdfd}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.797943] overlayfs: missing 'lowerdir' [ 1362.804933] binder_alloc: binder_alloc_mmap_handler: 6811 20ffc000-20ffe000 already mapped failed -16 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1362.849453] binder: BINDER_SET_CONTEXT_MGR already set 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003671e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.883963] binder: 6811:6812 ioctl 40046207 0 returned -16 [ 1362.884468] binder_alloc: 6811: binder_alloc_buf, no vma 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1362.944146] overlayfs: missing 'lowerdir' 20:25:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x100000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.063110] binder_alloc: binder_alloc_mmap_handler: 6833 20ffc000-20ffe000 already mapped failed -16 [ 1363.088481] overlayfs: missing 'lowerdir' 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.108843] net_ratelimit: 23 callbacks suppressed [ 1363.108850] protocol 88fb is buggy, dev hsr_slave_0 [ 1363.108854] protocol 88fb is buggy, dev hsr_slave_0 [ 1363.108895] protocol 88fb is buggy, dev hsr_slave_1 [ 1363.113870] protocol 88fb is buggy, dev hsr_slave_1 [ 1363.133954] protocol 88fb is buggy, dev hsr_slave_0 [ 1363.139020] protocol 88fb is buggy, dev hsr_slave_1 [ 1363.143600] binder: BINDER_SET_CONTEXT_MGR already set [ 1363.155331] binder: 6833:6834 ioctl 40046207 0 returned -16 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:38 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1363.178030] binder_alloc: 6833: binder_alloc_buf, no vma 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.222290] binder_transaction: 24 callbacks suppressed [ 1363.222304] binder: 6833:6836 transaction failed 29189/-3, size 40-8 line 3035 20:25:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x200000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:38 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:38 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, 0x0, 0x0) 20:25:38 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.293391] overlayfs: missing 'lowerdir' 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1363.348865] protocol 88fb is buggy, dev hsr_slave_0 [ 1363.354124] protocol 88fb is buggy, dev hsr_slave_1 [ 1363.359251] protocol 88fb is buggy, dev hsr_slave_0 [ 1363.364300] protocol 88fb is buggy, dev hsr_slave_1 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.393923] binder: 6888:6890 transaction failed 29201/-22, size 40-8 line 3192 [ 1363.428451] binder_alloc: 6888: binder_alloc_buf, no vma [ 1363.428916] binder: BINDER_SET_CONTEXT_MGR already set 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, 0x0, 0x0) [ 1363.447871] binder: 6888:6894 transaction failed 29189/-3, size 40-8 line 3035 [ 1363.456703] overlayfs: missing 'lowerdir' 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1363.513205] binder: 6888:6893 ioctl 40046207 0 returned -16 20:25:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x300000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003681e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, 0x0, 0x0) [ 1363.636166] overlayfs: missing 'lowerdir' 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1363.658456] binder: 6911:6912 transaction failed 29201/-22, size 40-8 line 3192 [ 1363.697052] binder: BINDER_SET_CONTEXT_MGR already set [ 1363.733436] binder_alloc: 6911: binder_alloc_buf, no vma 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000200)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200008000f8", 0x16}], 0x0, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x80, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x80001, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000140)={0x0, 0xcc, "e1885b605ea494f4e5b78bc4b9fcb7df63b7d1d945da98c12230625a50663f728115cd310dedb0d70497a0bb22e13d0755027a2e2ba86a08e247dbef53c2b7ec1ee9de88efe1c3a341725cb78cce3598ee4efcea56e385c2d9f56ecec7616a098648aec8a5dba38c477ebd66fde09f9253955389f7941278839a1f6bf2d12a8be9a003b86f507dd86bbe5bd54200a95891fbd402823b337e9774b066d67f0eba607fed41470fa71e7e20697c225a1788918bb67899ad7be461815552cd28bd1849f7a96482866899c5564b0d"}, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000002580)=ANY=[@ANYBLOB], 0x1) setresuid(0x0, r2, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000040)={0x0, 0x0}) process_vm_readv(r4, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x3f}], 0x1, 0x0) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000100)=0x3, 0x4) r5 = socket$inet6(0xa, 0x803, 0x1) ioctl(r5, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f00000000c0)) r6 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000000)='./file0\x00', 0x0) 20:25:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x400000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.761903] binder: 6911:6912 ioctl 40046207 0 returned -16 [ 1363.767886] binder: 6911:6915 transaction failed 29189/-3, size 40-8 line 3035 [ 1363.780896] overlayfs: unrecognized mount option "lowerdir" or missing value 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.881642] binder: 6930:6932 transaction failed 29201/-22, size 40-8 line 3192 [ 1363.904598] ptrace attach of "/root/syz-executor0"[25349] was attempted by "/root/syz-executor0"[6929] [ 1363.907064] binder: BINDER_SET_CONTEXT_MGR already set 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1363.932416] overlayfs: unrecognized mount option "lowerdir" or missing value [ 1363.963046] binder_alloc: 6930: binder_alloc_buf, no vma [ 1363.968560] binder: 6930:6936 transaction failed 29189/-3, size 40-8 line 3035 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400009f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.014425] binder: 6930:6932 ioctl 40046207 0 returned -16 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003691e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.095767] overlayfs: unrecognized mount option "lowerdir" or missing value 20:25:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x6000000, 0x0, 0x2}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400019f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x500000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:39 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:39 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400029f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.228676] binder: 6961:6963 transaction failed 29201/-22, size 40-8 line 3192 [ 1364.241468] overlayfs: unrecognized mount option "wor" or missing value [ 1364.270329] binder: BINDER_SET_CONTEXT_MGR already set 20:25:39 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400039f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.309073] binder: 6964:6965 ioctl 40046207 0 returned -16 [ 1364.309562] binder: BINDER_SET_CONTEXT_MGR already set [ 1364.335367] binder_alloc: 6961: binder_alloc_buf, no vma [ 1364.341068] binder: 6964:6965 transaction failed 29189/-22, size 40-8 line 2896 20:25:40 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.360992] binder: 6961:6970 transaction failed 29189/-3, size 40-8 line 3035 20:25:40 executing program 0 (fault-call:10 fault-nth:0): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x600000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:40 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.402552] binder: 6961:6963 ioctl 40046207 0 returned -16 [ 1364.439128] overlayfs: unrecognized mount option "wor" or missing value 20:25:40 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.519063] FAULT_INJECTION: forcing a failure. [ 1364.519063] name failslab, interval 1, probability 0, space 0, times 0 [ 1364.541812] CPU: 1 PID: 6983 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1364.548943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1364.558286] Call Trace: [ 1364.560876] dump_stack+0x1db/0x2d0 [ 1364.564516] ? dump_stack_print_info.cold+0x20/0x20 [ 1364.569551] should_fail.cold+0xa/0x15 [ 1364.573451] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1364.578586] ? ___might_sleep+0x1e7/0x310 [ 1364.582736] ? arch_local_save_flags+0x50/0x50 [ 1364.587324] ? __lock_is_held+0xb6/0x140 [ 1364.591393] __should_failslab+0x121/0x190 [ 1364.595630] should_failslab+0x9/0x14 [ 1364.599430] kmem_cache_alloc_trace+0x2d1/0x760 [ 1364.604169] ? ovl_test_flag+0x12/0x20 [ 1364.608058] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1364.613076] ovl_iterate+0x7a2/0xe60 [ 1364.616887] ? ovl_iterate_real+0xd70/0xd70 [ 1364.621204] ? down_read_killable+0x150/0x150 [ 1364.625707] ? security_file_permission+0x94/0x320 [ 1364.630643] iterate_dir+0x20d/0x5f0 [ 1364.634384] ksys_getdents64+0x245/0x4a0 [ 1364.638438] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1364.643987] ? __ia32_sys_getdents+0x520/0x520 [ 1364.648576] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1364.653158] ? iterate_dir+0x5f0/0x5f0 [ 1364.657042] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1364.662398] ? trace_hardirqs_off_caller+0x300/0x300 [ 1364.667495] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1364.672262] __x64_sys_getdents64+0x73/0xb0 [ 1364.676582] do_syscall_64+0x1a3/0x800 [ 1364.680466] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1364.685392] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1364.690413] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1364.695262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1364.700441] RIP: 0033:0x457e39 20:25:40 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1364.703646] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1364.722535] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1364.730235] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1364.737609] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1364.744873] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1364.752133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1364.759397] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x700000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:40 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1364.819415] overlayfs: unrecognized mount option "wor" or missing value [ 1364.914395] binder_transaction: 8 callbacks suppressed [ 1364.914404] binder: 7003:7004 got transaction with too large buffer [ 1364.928198] binder: BINDER_SET_CONTEXT_MGR already set [ 1364.936028] binder_alloc: 7003: binder_alloc_buf, no vma [ 1364.945380] binder: 7003:7004 ioctl 40046207 0 returned -16 [ 1364.952173] overlayfs: workdir and upperdir must be separate subtrees 20:25:40 executing program 0 (fault-call:10 fault-nth:1): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:40 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xa00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:40 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:40 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.080364] binder: 7012:7014 got transaction with too large buffer [ 1365.104241] overlayfs: workdir and upperdir must be separate subtrees [ 1365.115276] binder: BINDER_SET_CONTEXT_MGR already set 20:25:40 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.145604] binder_alloc: 7012: binder_alloc_buf, no vma [ 1365.147043] FAULT_INJECTION: forcing a failure. [ 1365.147043] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.166971] binder: 7012:7014 ioctl 40046207 0 returned -16 [ 1365.198980] CPU: 0 PID: 7019 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1365.206115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1365.215468] Call Trace: [ 1365.218070] dump_stack+0x1db/0x2d0 [ 1365.221713] ? dump_stack_print_info.cold+0x20/0x20 [ 1365.226770] ? is_bpf_text_address+0xac/0x170 [ 1365.231299] should_fail.cold+0xa/0x15 [ 1365.235217] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1365.240336] ? ___might_sleep+0x1e7/0x310 [ 1365.244494] ? arch_local_save_flags+0x50/0x50 [ 1365.249094] __should_failslab+0x121/0x190 [ 1365.253342] should_failslab+0x9/0x14 [ 1365.257169] kmem_cache_alloc+0x2be/0x710 [ 1365.261340] ? __save_stack_trace+0x8a/0xf0 [ 1365.265676] __alloc_file+0x93/0x480 [ 1365.269404] ? file_free_rcu+0xe0/0xe0 [ 1365.273306] ? save_stack+0xa9/0xd0 [ 1365.276943] ? save_stack+0x45/0xd0 [ 1365.280573] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1365.285682] ? kasan_kmalloc+0x9/0x10 [ 1365.289503] ? ovl_path_upper+0x71/0x230 [ 1365.293570] ? iterate_dir+0x20d/0x5f0 [ 1365.297474] alloc_empty_file+0x72/0x170 [ 1365.301564] dentry_open+0x70/0x1d0 [ 1365.305232] ovl_path_open+0x56/0x70 [ 1365.309043] ovl_dir_read_merged+0x2a1/0xcf0 [ 1365.313543] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1365.319082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1365.324628] ? check_preemption_disabled+0x48/0x290 [ 1365.329651] ? ovl_iterate+0x7a2/0xe60 [ 1365.333559] ? ovl_dir_open+0x310/0x310 [ 1365.337543] ? __lock_is_held+0xb6/0x140 [ 1365.341615] ? ovl_fill_plain+0x340/0x340 [ 1365.345778] ? rcu_read_lock_sched_held+0x110/0x130 [ 1365.350808] ? kmem_cache_alloc_trace+0x354/0x760 [ 1365.355748] ? ovl_test_flag+0x12/0x20 [ 1365.359639] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1365.364664] ovl_iterate+0x899/0xe60 [ 1365.368389] ? ovl_iterate_real+0xd70/0xd70 [ 1365.372731] ? down_read_killable+0x150/0x150 [ 1365.372751] ? security_file_permission+0x94/0x320 [ 1365.372770] iterate_dir+0x20d/0x5f0 [ 1365.372790] ksys_getdents64+0x245/0x4a0 [ 1365.372802] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 20:25:40 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:40 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:40 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.372816] ? __ia32_sys_getdents+0x520/0x520 [ 1365.382330] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1365.382344] ? iterate_dir+0x5f0/0x5f0 [ 1365.382361] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1365.382377] ? trace_hardirqs_off_caller+0x300/0x300 [ 1365.390119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1365.390139] __x64_sys_getdents64+0x73/0xb0 [ 1365.390154] do_syscall_64+0x1a3/0x800 [ 1365.390170] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1365.390201] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1365.400428] ? trace_hardirqs_off_thunk+0x1a/0x1c 20:25:41 executing program 0 (fault-call:10 fault-nth:2): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:41 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:41 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x2000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:41 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:41 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.400452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1365.400463] RIP: 0033:0x457e39 [ 1365.400479] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1365.408908] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1365.408922] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1365.408930] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 20:25:41 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:41 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.408938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1365.408947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1365.408956] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1365.528070] binder: 7132:7138 got transaction with too large buffer 20:25:41 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.598963] binder_alloc_mmap_handler: 6 callbacks suppressed [ 1365.598977] binder_alloc: binder_alloc_mmap_handler: 7132 20ffc000-20ffe000 already mapped failed -16 20:25:41 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.640527] binder: BINDER_SET_CONTEXT_MGR already set [ 1365.660334] binder: 7132:7138 ioctl 40046207 0 returned -16 20:25:41 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:41 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1365.750517] FAULT_INJECTION: forcing a failure. [ 1365.750517] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.774475] binder_alloc: 7132: binder_alloc_buf, no vma [ 1365.788795] CPU: 1 PID: 7142 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1365.795919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1365.805266] Call Trace: [ 1365.807857] dump_stack+0x1db/0x2d0 [ 1365.811491] ? dump_stack_print_info.cold+0x20/0x20 [ 1365.816521] should_fail.cold+0xa/0x15 [ 1365.820430] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1365.820917] binder_release_work: 25 callbacks suppressed [ 1365.820923] binder: undelivered TRANSACTION_ERROR: 29201 [ 1365.825542] ? ___might_sleep+0x1e7/0x310 [ 1365.825560] ? arch_local_save_flags+0x50/0x50 [ 1365.825585] __should_failslab+0x121/0x190 [ 1365.825602] should_failslab+0x9/0x14 [ 1365.853331] kmem_cache_alloc_trace+0x2d1/0x760 [ 1365.858012] ? __might_sleep+0x95/0x190 [ 1365.862089] apparmor_file_alloc_security+0x172/0xad0 [ 1365.867284] ? __lock_is_held+0xb6/0x140 [ 1365.871389] ? apparmor_path_rename+0xcb0/0xcb0 [ 1365.876060] ? __alloc_file+0x93/0x480 [ 1365.879942] ? __alloc_file+0x93/0x480 [ 1365.883821] ? rcu_read_lock_sched_held+0x110/0x130 [ 1365.888827] ? kmem_cache_alloc+0x341/0x710 [ 1365.893150] security_file_alloc+0x69/0xb0 [ 1365.897374] __alloc_file+0x128/0x480 [ 1365.901165] ? file_free_rcu+0xe0/0xe0 [ 1365.905054] ? save_stack+0xa9/0xd0 [ 1365.908669] ? save_stack+0x45/0xd0 [ 1365.912296] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1365.917383] ? kasan_kmalloc+0x9/0x10 [ 1365.921170] ? ovl_path_upper+0x71/0x230 [ 1365.925215] ? iterate_dir+0x20d/0x5f0 [ 1365.929089] alloc_empty_file+0x72/0x170 [ 1365.933144] dentry_open+0x70/0x1d0 [ 1365.936845] ovl_path_open+0x56/0x70 [ 1365.940550] ovl_dir_read_merged+0x2a1/0xcf0 [ 1365.944950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1365.950694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1365.956218] ? check_preemption_disabled+0x48/0x290 [ 1365.961230] ? ovl_iterate+0x7a2/0xe60 [ 1365.965124] ? ovl_dir_open+0x310/0x310 [ 1365.969095] ? __lock_is_held+0xb6/0x140 [ 1365.973150] ? ovl_fill_plain+0x340/0x340 [ 1365.977295] ? rcu_read_lock_sched_held+0x110/0x130 [ 1365.982315] ? kmem_cache_alloc_trace+0x354/0x760 [ 1365.987239] ? ovl_test_flag+0x12/0x20 [ 1365.991114] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1365.996126] ovl_iterate+0x899/0xe60 [ 1365.999843] ? ovl_iterate_real+0xd70/0xd70 [ 1366.004157] ? down_read_killable+0x150/0x150 [ 1366.008647] ? security_file_permission+0x94/0x320 [ 1366.013570] iterate_dir+0x20d/0x5f0 [ 1366.017288] ksys_getdents64+0x245/0x4a0 [ 1366.021336] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1366.026867] ? __ia32_sys_getdents+0x520/0x520 [ 1366.031437] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1366.036008] ? iterate_dir+0x5f0/0x5f0 [ 1366.039887] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1366.045236] ? trace_hardirqs_off_caller+0x300/0x300 [ 1366.050324] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1366.055066] __x64_sys_getdents64+0x73/0xb0 [ 1366.059379] do_syscall_64+0x1a3/0x800 [ 1366.063259] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1366.068175] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1366.073182] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1366.078034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1366.083210] RIP: 0033:0x457e39 [ 1366.086392] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1366.105280] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1366.112976] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1366.120690] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1366.127942] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1366.135193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1366.142479] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1366.157379] binder: undelivered TRANSACTION_ERROR: 29189 20:25:41 executing program 0 (fault-call:10 fault-nth:3): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:41 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:41 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:41 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1366.688153] FAULT_INJECTION: forcing a failure. [ 1366.688153] name failslab, interval 1, probability 0, space 0, times 0 [ 1366.705853] CPU: 0 PID: 7165 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1366.713095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1366.722536] Call Trace: [ 1366.725143] dump_stack+0x1db/0x2d0 [ 1366.728781] ? dump_stack_print_info.cold+0x20/0x20 [ 1366.733802] ? security_file_alloc+0x69/0xb0 [ 1366.738212] ? __alloc_file+0x128/0x480 [ 1366.742213] ? alloc_empty_file+0x72/0x170 [ 1366.746458] ? dentry_open+0x70/0x1d0 [ 1366.750263] ? ovl_path_open+0x56/0x70 [ 1366.754178] ? ovl_iterate+0x899/0xe60 [ 1366.758089] should_fail.cold+0xa/0x15 [ 1366.762083] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1366.767213] ? ___might_sleep+0x1e7/0x310 [ 1366.771452] ? arch_local_save_flags+0x50/0x50 [ 1366.776044] ? apparmor_file_alloc_security+0x172/0xad0 [ 1366.781436] __should_failslab+0x121/0x190 [ 1366.785668] should_failslab+0x9/0x14 [ 1366.789499] kmem_cache_alloc+0x2be/0x710 [ 1366.793642] ? refcount_inc_not_zero_checked+0x2e0/0x2e0 [ 1366.799221] __d_alloc+0xae/0xbe0 [ 1366.802678] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 1366.807685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1366.813321] ? __fsnotify_parent+0xe2/0x450 [ 1366.817640] ? fsnotify_first_mark+0x350/0x350 [ 1366.822218] ? apparmor_capable+0x6d0/0x6d0 [ 1366.826534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1366.832175] ? errseq_sample+0xe6/0x140 [ 1366.836176] d_alloc_cursor+0x3f/0xe0 [ 1366.840003] dcache_dir_open+0x37/0x90 [ 1366.843903] do_dentry_open+0x48a/0x1210 [ 1366.847958] ? file_free_rcu+0xe0/0xe0 [ 1366.851836] ? empty_dir_getattr+0x70/0x70 [ 1366.856077] ? chown_common+0x740/0x740 [ 1366.860071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1366.865605] ? percpu_counter_add_batch+0x13c/0x190 [ 1366.870624] dentry_open+0x132/0x1d0 [ 1366.874336] ovl_path_open+0x56/0x70 [ 1366.878043] ovl_dir_read_merged+0x2a1/0xcf0 [ 1366.882476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1366.888006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1366.893540] ? check_preemption_disabled+0x48/0x290 [ 1366.898569] ? ovl_iterate+0x7a2/0xe60 [ 1366.902451] ? ovl_dir_open+0x310/0x310 [ 1366.906435] ? __lock_is_held+0xb6/0x140 [ 1366.910486] ? ovl_fill_plain+0x340/0x340 [ 1366.914636] ? rcu_read_lock_sched_held+0x110/0x130 [ 1366.919649] ? kmem_cache_alloc_trace+0x354/0x760 [ 1366.924491] ? ovl_test_flag+0x12/0x20 [ 1366.928378] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1366.933412] ovl_iterate+0x899/0xe60 [ 1366.937135] ? ovl_iterate_real+0xd70/0xd70 [ 1366.941453] ? down_read_killable+0x150/0x150 [ 1366.945971] ? security_file_permission+0x94/0x320 [ 1366.950908] iterate_dir+0x20d/0x5f0 [ 1366.954634] ksys_getdents64+0x245/0x4a0 [ 1366.958695] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1366.964351] ? __ia32_sys_getdents+0x520/0x520 [ 1366.968935] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1366.973513] ? iterate_dir+0x5f0/0x5f0 [ 1366.977410] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1366.982781] ? trace_hardirqs_off_caller+0x300/0x300 [ 1366.987899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1366.992663] __x64_sys_getdents64+0x73/0xb0 [ 1366.996985] do_syscall_64+0x1a3/0x800 [ 1367.000881] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1367.005812] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1367.010835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1367.015689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1367.020977] RIP: 0033:0x457e39 [ 1367.024169] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1367.043077] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1367.050802] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1367.058072] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1367.065337] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1367.072610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1367.079875] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1367.530218] device bridge_slave_1 left promiscuous mode [ 1367.535712] bridge0: port 2(bridge_slave_1) entered disabled state [ 1367.615218] device bridge_slave_0 left promiscuous mode [ 1367.631011] bridge0: port 1(bridge_slave_0) entered disabled state [ 1367.951644] device hsr_slave_1 left promiscuous mode [ 1368.005061] device hsr_slave_0 left promiscuous mode [ 1368.073657] team0 (unregistering): Port device team_slave_1 removed [ 1368.093949] team0 (unregistering): Port device team_slave_0 removed [ 1368.114829] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1368.184966] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1368.332654] bond0 (unregistering): Released all slaves [ 1369.104498] IPVS: ftp: loaded support on port[0] = 21 [ 1369.257605] chnl_net:caif_netlink_parms(): no params data found [ 1369.344222] bridge0: port 1(bridge_slave_0) entered blocking state [ 1369.348859] net_ratelimit: 25 callbacks suppressed [ 1369.348866] protocol 88fb is buggy, dev hsr_slave_0 [ 1369.351383] bridge0: port 1(bridge_slave_0) entered disabled state [ 1369.355635] protocol 88fb is buggy, dev hsr_slave_1 [ 1369.367015] protocol 88fb is buggy, dev hsr_slave_0 [ 1369.373032] device bridge_slave_0 entered promiscuous mode [ 1369.377011] protocol 88fb is buggy, dev hsr_slave_1 [ 1369.388191] bridge0: port 2(bridge_slave_1) entered blocking state [ 1369.395006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1369.402486] device bridge_slave_1 entered promiscuous mode [ 1369.425106] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1369.435239] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1369.455624] team0: Port device team_slave_0 added [ 1369.464251] team0: Port device team_slave_1 added [ 1369.551754] device hsr_slave_0 entered promiscuous mode [ 1369.599195] device hsr_slave_1 entered promiscuous mode [ 1369.668939] protocol 88fb is buggy, dev hsr_slave_0 [ 1369.674115] protocol 88fb is buggy, dev hsr_slave_1 [ 1369.679275] protocol 88fb is buggy, dev hsr_slave_0 [ 1369.684353] protocol 88fb is buggy, dev hsr_slave_1 [ 1369.689501] protocol 88fb is buggy, dev hsr_slave_0 [ 1369.694722] protocol 88fb is buggy, dev hsr_slave_1 [ 1369.733899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1369.771963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1369.783790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1369.806967] 8021q: adding VLAN 0 to HW filter on device team0 [ 1369.826873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1369.836430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1369.850693] bridge0: port 1(bridge_slave_0) entered blocking state [ 1369.857036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1369.882967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1369.892416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1369.904675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1369.915505] bridge0: port 2(bridge_slave_1) entered blocking state [ 1369.921898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1369.936216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1369.955438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1369.986484] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1370.022682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1370.053826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1370.071589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1370.099494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1370.107622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1370.129481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1370.137276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1370.172701] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1370.183281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1370.193428] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1370.257930] overlayfs: failed to resolve './fi': -2 20:25:45 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x2400000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:45 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:45 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:45 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:45 executing program 0 (fault-call:10 fault-nth:4): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:46 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1370.357995] binder: 7173:7174 got transaction with too large buffer 20:25:46 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1370.409685] binder_transaction: 8 callbacks suppressed [ 1370.409701] binder: 7173:7174 transaction failed 29201/-22, size 40-8 line 3192 [ 1370.435562] FAULT_INJECTION: forcing a failure. [ 1370.435562] name failslab, interval 1, probability 0, space 0, times 0 [ 1370.437183] overlayfs: failed to resolve './fi': -2 [ 1370.467547] binder_alloc: binder_alloc_mmap_handler: 7173 20ffc000-20ffe000 already mapped failed -16 [ 1370.489022] CPU: 1 PID: 7181 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1370.496146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1370.505592] Call Trace: [ 1370.508185] dump_stack+0x1db/0x2d0 [ 1370.511826] ? dump_stack_print_info.cold+0x20/0x20 [ 1370.516860] should_fail.cold+0xa/0x15 [ 1370.520767] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1370.525883] ? ___might_sleep+0x1e7/0x310 [ 1370.530039] ? arch_local_save_flags+0x50/0x50 [ 1370.534634] ? mark_held_locks+0x100/0x100 [ 1370.538876] ? rcu_read_unlock_special+0x380/0x380 [ 1370.543841] __should_failslab+0x121/0x190 [ 1370.548085] should_failslab+0x9/0x14 [ 1370.551904] __kmalloc+0x2dc/0x740 [ 1370.555449] ? ovl_cache_entry_new+0x3f/0x550 [ 1370.559941] ovl_cache_entry_new+0x3f/0x550 [ 1370.564284] ovl_fill_merge+0x56c/0xea0 [ 1370.568263] ? ovl_fill_plain+0x340/0x340 [ 1370.572406] ? lock_acquire+0x1db/0x570 [ 1370.576376] ? iterate_dir+0xd8/0x5f0 [ 1370.580176] ? lock_release+0xc40/0xc40 [ 1370.584177] dcache_readdir+0x13a/0x640 [ 1370.588148] ? down_write+0x130/0x130 [ 1370.591953] ? security_file_permission+0x94/0x320 [ 1370.596888] iterate_dir+0x489/0x5f0 [ 1370.600601] ovl_dir_read_merged+0x42b/0xcf0 [ 1370.605044] ? ovl_dir_open+0x310/0x310 [ 1370.609024] ? __lock_is_held+0xb6/0x140 [ 1370.613098] ? ovl_fill_plain+0x340/0x340 [ 1370.617348] ? rcu_read_lock_sched_held+0x110/0x130 [ 1370.622363] ? kmem_cache_alloc_trace+0x354/0x760 [ 1370.627222] ? ovl_test_flag+0x12/0x20 [ 1370.631107] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1370.636125] ovl_iterate+0x899/0xe60 [ 1370.639932] ? ovl_iterate_real+0xd70/0xd70 [ 1370.644260] ? down_read_killable+0x150/0x150 [ 1370.648765] ? security_file_permission+0x94/0x320 [ 1370.648809] iterate_dir+0x20d/0x5f0 [ 1370.657523] ksys_getdents64+0x245/0x4a0 [ 1370.657538] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1370.657555] ? __ia32_sys_getdents+0x520/0x520 [ 1370.657571] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1370.667262] ? iterate_dir+0x5f0/0x5f0 [ 1370.667283] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1370.667299] ? trace_hardirqs_off_caller+0x300/0x300 [ 1370.667313] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1370.667331] __x64_sys_getdents64+0x73/0xb0 [ 1370.676463] do_syscall_64+0x1a3/0x800 [ 1370.676481] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1370.676497] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1370.676514] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1370.718603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1370.723790] RIP: 0033:0x457e39 [ 1370.726987] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1370.745887] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1370.753592] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1370.760857] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 20:25:46 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:46 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1370.768135] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1370.775399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1370.782672] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1370.799825] binder: BINDER_SET_CONTEXT_MGR already set [ 1370.805371] binder: 7173:7174 ioctl 40046207 0 returned -16 [ 1370.805401] binder_alloc: 7173: binder_alloc_buf, no vma 20:25:46 executing program 0 (fault-call:10 fault-nth:5): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:46 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:46 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1370.850904] binder: undelivered TRANSACTION_ERROR: 29201 [ 1370.885961] binder: 7173:7183 transaction failed 29189/-3, size 40-8 line 3035 [ 1370.896245] overlayfs: failed to resolve './fi': -2 20:25:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x3000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:46 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:46 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1370.928555] binder: undelivered TRANSACTION_ERROR: 29189 [ 1370.959534] FAULT_INJECTION: forcing a failure. [ 1370.959534] name failslab, interval 1, probability 0, space 0, times 0 20:25:46 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:46 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1371.011990] CPU: 1 PID: 7197 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1371.019118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1371.028468] Call Trace: [ 1371.031079] dump_stack+0x1db/0x2d0 [ 1371.034728] ? dump_stack_print_info.cold+0x20/0x20 [ 1371.039756] ? print_usage_bug+0xd0/0xd0 [ 1371.043827] should_fail.cold+0xa/0x15 [ 1371.047730] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1371.052848] ? ___might_sleep+0x1e7/0x310 [ 1371.056998] ? arch_local_save_flags+0x50/0x50 20:25:46 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1371.061573] ? mark_held_locks+0x100/0x100 [ 1371.065834] __should_failslab+0x121/0x190 [ 1371.070071] should_failslab+0x9/0x14 [ 1371.073890] __kmalloc+0x2dc/0x740 [ 1371.077445] ? ovl_cache_entry_new+0x3f/0x550 [ 1371.081941] ovl_cache_entry_new+0x3f/0x550 [ 1371.086270] ovl_fill_merge+0x56c/0xea0 [ 1371.090240] ? find_held_lock+0x35/0x120 [ 1371.094308] ? ovl_fill_plain+0x340/0x340 [ 1371.098551] ? kasan_check_read+0x11/0x20 [ 1371.102711] ? do_raw_spin_unlock+0xa0/0x330 [ 1371.107125] ? do_raw_spin_trylock+0x270/0x270 [ 1371.111804] ? ovl_fill_plain+0x340/0x340 [ 1371.111816] ? ovl_fill_plain+0x340/0x340 [ 1371.111834] dcache_readdir+0x27a/0x640 [ 1371.120099] ? down_write+0x130/0x130 [ 1371.120120] ? security_file_permission+0x94/0x320 [ 1371.120139] iterate_dir+0x489/0x5f0 [ 1371.120158] ovl_dir_read_merged+0x42b/0xcf0 [ 1371.120180] ? ovl_dir_open+0x310/0x310 [ 1371.120194] ? __lock_is_held+0xb6/0x140 [ 1371.120209] ? ovl_fill_plain+0x340/0x340 [ 1371.120233] ? rcu_read_lock_sched_held+0x110/0x130 [ 1371.158245] ? kmem_cache_alloc_trace+0x354/0x760 [ 1371.163085] ? ovl_test_flag+0x12/0x20 [ 1371.163099] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1371.163117] ovl_iterate+0x899/0xe60 [ 1371.163136] ? ovl_iterate_real+0xd70/0xd70 [ 1371.163150] ? down_read_killable+0x150/0x150 [ 1371.175750] ? security_file_permission+0x94/0x320 [ 1371.175772] iterate_dir+0x20d/0x5f0 [ 1371.175791] ksys_getdents64+0x245/0x4a0 [ 1371.185293] overlayfs: failed to resolve './file': -2 [ 1371.189513] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1371.189551] ? __ia32_sys_getdents+0x520/0x520 20:25:46 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:46 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1371.189566] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1371.189578] ? iterate_dir+0x5f0/0x5f0 [ 1371.189598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1371.208131] ? trace_hardirqs_off_caller+0x300/0x300 [ 1371.208148] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1371.208166] __x64_sys_getdents64+0x73/0xb0 [ 1371.208181] do_syscall_64+0x1a3/0x800 [ 1371.236393] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1371.236412] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1371.236430] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1371.236452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1371.259528] RIP: 0033:0x457e39 [ 1371.267890] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1371.287007] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1371.287022] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1371.287031] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 20:25:46 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1371.287040] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1371.287049] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1371.287057] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1371.303487] binder: 7202:7212 got transaction with too large buffer [ 1371.342792] binder: 7202:7212 transaction failed 29201/-22, size 40-8 line 3192 [ 1371.357943] overlayfs: failed to resolve './file': -2 [ 1371.363587] binder_alloc: binder_alloc_mmap_handler: 7202 20ffc000-20ffe000 already mapped failed -16 20:25:47 executing program 0 (fault-call:10 fault-nth:6): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:47 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:47 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1371.408509] binder: BINDER_SET_CONTEXT_MGR already set [ 1371.420576] binder: 7202:7212 ioctl 40046207 0 returned -16 [ 1371.456426] binder_alloc: 7202: binder_alloc_buf, no vma [ 1371.469151] binder: undelivered TRANSACTION_ERROR: 29201 [ 1371.475523] binder: 7202:7218 transaction failed 29189/-3, size 40-8 line 3035 [ 1371.509625] FAULT_INJECTION: forcing a failure. [ 1371.509625] name failslab, interval 1, probability 0, space 0, times 0 [ 1371.524664] binder: undelivered TRANSACTION_ERROR: 29189 [ 1371.552789] CPU: 1 PID: 7224 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1371.559910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1371.569257] Call Trace: [ 1371.571840] dump_stack+0x1db/0x2d0 [ 1371.575462] ? dump_stack_print_info.cold+0x20/0x20 [ 1371.580503] should_fail.cold+0xa/0x15 [ 1371.584386] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1371.589486] ? ___might_sleep+0x1e7/0x310 [ 1371.593643] ? arch_local_save_flags+0x50/0x50 [ 1371.598239] __should_failslab+0x121/0x190 [ 1371.602469] should_failslab+0x9/0x14 [ 1371.606262] __kmalloc+0x2dc/0x740 [ 1371.609885] ? next_positive.isra.0+0x2b5/0x490 [ 1371.614569] ? find_held_lock+0x35/0x120 [ 1371.618625] ? ovl_cache_entry_new+0x3f/0x550 [ 1371.623241] ovl_cache_entry_new+0x3f/0x550 [ 1371.627555] ovl_fill_merge+0x56c/0xea0 [ 1371.631515] ? rcu_read_unlock_special+0x340/0x380 [ 1371.636430] ? ovl_fill_plain+0x340/0x340 [ 1371.640680] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1371.646204] ? next_positive.isra.0+0x33c/0x490 [ 1371.650864] ? simple_lookup+0x120/0x120 [ 1371.654920] ? ovl_fill_plain+0x340/0x340 [ 1371.659057] dcache_readdir+0x404/0x640 [ 1371.663018] ? down_write+0x130/0x130 [ 1371.666814] iterate_dir+0x489/0x5f0 [ 1371.670518] ovl_dir_read_merged+0x42b/0xcf0 [ 1371.674929] ? ovl_dir_open+0x310/0x310 [ 1371.678898] ? __lock_is_held+0xb6/0x140 [ 1371.682939] ? ovl_fill_plain+0x340/0x340 [ 1371.687081] ? rcu_read_lock_sched_held+0x110/0x130 [ 1371.692087] ? kmem_cache_alloc_trace+0x354/0x760 [ 1371.696925] ? ovl_test_flag+0x12/0x20 [ 1371.700799] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1371.705806] ovl_iterate+0x899/0xe60 [ 1371.709514] ? ovl_iterate_real+0xd70/0xd70 [ 1371.713822] ? down_read_killable+0x150/0x150 [ 1371.718308] ? security_file_permission+0x94/0x320 [ 1371.723224] iterate_dir+0x20d/0x5f0 [ 1371.726932] ksys_getdents64+0x245/0x4a0 [ 1371.730984] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1371.736600] ? __ia32_sys_getdents+0x520/0x520 [ 1371.741175] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1371.745741] ? iterate_dir+0x5f0/0x5f0 [ 1371.749623] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1371.754980] ? trace_hardirqs_off_caller+0x300/0x300 [ 1371.760071] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1371.764816] __x64_sys_getdents64+0x73/0xb0 [ 1371.769126] do_syscall_64+0x1a3/0x800 [ 1371.773005] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1371.777922] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1371.782931] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1371.787789] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1371.792974] RIP: 0033:0x457e39 [ 1371.796161] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1371.815056] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1371.822853] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1371.830108] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1371.837360] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1371.844611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 20:25:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4800000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:47 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:47 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:47 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:47 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1371.851890] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 20:25:47 executing program 0 (fault-call:10 fault-nth:7): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:47 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:47 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:47 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1371.940668] binder: 7231:7234 got transaction with too large buffer [ 1371.950091] overlayfs: failed to resolve './file': -2 [ 1371.973799] binder: 7231:7234 transaction failed 29201/-22, size 40-8 line 3192 20:25:47 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(0x0, 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1372.021919] FAULT_INJECTION: forcing a failure. [ 1372.021919] name failslab, interval 1, probability 0, space 0, times 0 [ 1372.036345] binder_alloc: binder_alloc_mmap_handler: 7231 20ffc000-20ffe000 already mapped failed -16 [ 1372.057172] CPU: 1 PID: 7238 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1372.064375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1372.073723] Call Trace: [ 1372.073748] dump_stack+0x1db/0x2d0 [ 1372.073768] ? dump_stack_print_info.cold+0x20/0x20 [ 1372.073794] should_fail.cold+0xa/0x15 [ 1372.073813] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1372.085007] ? ___might_sleep+0x1e7/0x310 [ 1372.098120] ? arch_local_save_flags+0x50/0x50 [ 1372.102714] __should_failslab+0x121/0x190 [ 1372.107039] should_failslab+0x9/0x14 [ 1372.110146] binder_alloc: 7231: binder_alloc_buf, no vma [ 1372.110841] __kmalloc+0x2dc/0x740 [ 1372.110856] ? next_positive.isra.0+0x2b5/0x490 [ 1372.110871] ? find_held_lock+0x35/0x120 [ 1372.126871] binder: 7231:7243 transaction failed 29189/-3, size 40-8 line 3035 [ 1372.128865] ? ovl_cache_entry_new+0x3f/0x550 [ 1372.128884] ovl_cache_entry_new+0x3f/0x550 [ 1372.128903] ovl_fill_merge+0x56c/0xea0 [ 1372.128918] ? rcu_read_unlock_special+0x340/0x380 [ 1372.128933] ? ovl_fill_plain+0x340/0x340 [ 1372.139840] binder: undelivered TRANSACTION_ERROR: 29201 [ 1372.140781] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1372.140795] ? next_positive.isra.0+0x33c/0x490 [ 1372.140813] ? simple_lookup+0x120/0x120 [ 1372.145584] binder: undelivered TRANSACTION_ERROR: 29189 [ 1372.149080] ? ovl_fill_plain+0x340/0x340 [ 1372.149099] dcache_readdir+0x404/0x640 [ 1372.149117] ? down_write+0x130/0x130 [ 1372.149140] iterate_dir+0x489/0x5f0 [ 1372.198815] ovl_dir_read_merged+0x42b/0xcf0 [ 1372.203211] ? ovl_dir_open+0x310/0x310 [ 1372.207167] ? __lock_is_held+0xb6/0x140 [ 1372.211220] ? ovl_fill_plain+0x340/0x340 [ 1372.215354] ? rcu_read_lock_sched_held+0x110/0x130 [ 1372.220353] ? kmem_cache_alloc_trace+0x354/0x760 [ 1372.225187] ? ovl_test_flag+0x12/0x20 [ 1372.229055] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1372.234054] ovl_iterate+0x899/0xe60 [ 1372.237763] ? ovl_iterate_real+0xd70/0xd70 [ 1372.242098] ? down_read_killable+0x150/0x150 [ 1372.246591] ? security_file_permission+0x94/0x320 [ 1372.251530] iterate_dir+0x20d/0x5f0 [ 1372.255230] ksys_getdents64+0x245/0x4a0 [ 1372.259292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1372.264827] ? __ia32_sys_getdents+0x520/0x520 [ 1372.269395] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1372.273957] ? iterate_dir+0x5f0/0x5f0 [ 1372.277829] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1372.283177] ? trace_hardirqs_off_caller+0x300/0x300 [ 1372.288266] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1372.293018] __x64_sys_getdents64+0x73/0xb0 [ 1372.297335] do_syscall_64+0x1a3/0x800 [ 1372.301210] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1372.306144] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1372.311170] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1372.316018] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1372.321189] RIP: 0033:0x457e39 [ 1372.324479] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1372.343360] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1372.351167] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1372.358426] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1372.365676] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 20:25:48 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1372.372927] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1372.380195] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 20:25:48 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(0x0, 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x4c00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:48 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:48 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:48 executing program 0 (fault-call:10 fault-nth:8): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:48 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1372.479622] binder: 7248:7249 got transaction with too large buffer [ 1372.506124] binder: 7248:7249 transaction failed 29201/-22, size 40-8 line 3192 20:25:48 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:48 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1372.561882] binder_alloc: binder_alloc_mmap_handler: 7248 20ffc000-20ffe000 already mapped failed -16 [ 1372.594983] binder: BINDER_SET_CONTEXT_MGR already set [ 1372.626552] binder: 7248:7249 ioctl 40046207 0 returned -16 [ 1372.633659] FAULT_INJECTION: forcing a failure. [ 1372.633659] name failslab, interval 1, probability 0, space 0, times 0 [ 1372.649157] binder: undelivered TRANSACTION_ERROR: 29201 [ 1372.674914] CPU: 0 PID: 7256 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1372.682123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1372.691572] Call Trace: [ 1372.694165] dump_stack+0x1db/0x2d0 [ 1372.697898] ? dump_stack_print_info.cold+0x20/0x20 [ 1372.702926] should_fail.cold+0xa/0x15 [ 1372.706830] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1372.711944] ? ___might_sleep+0x1e7/0x310 [ 1372.716187] ? arch_local_save_flags+0x50/0x50 [ 1372.720777] __should_failslab+0x121/0x190 [ 1372.725120] should_failslab+0x9/0x14 [ 1372.728940] __kmalloc+0x2dc/0x740 [ 1372.732485] ? next_positive.isra.0+0x2b5/0x490 [ 1372.737278] ? find_held_lock+0x35/0x120 [ 1372.741352] ? ovl_cache_entry_new+0x3f/0x550 [ 1372.745859] ovl_cache_entry_new+0x3f/0x550 [ 1372.750193] ovl_fill_merge+0x56c/0xea0 [ 1372.754174] ? rcu_read_unlock_special+0x340/0x380 [ 1372.759125] ? ovl_fill_plain+0x340/0x340 [ 1372.763279] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1372.768820] ? next_positive.isra.0+0x33c/0x490 20:25:48 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(0x0, 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:48 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:48 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1372.773506] ? simple_lookup+0x120/0x120 [ 1372.777588] ? ovl_fill_plain+0x340/0x340 [ 1372.781741] dcache_readdir+0x404/0x640 [ 1372.785728] ? down_write+0x130/0x130 [ 1372.789565] iterate_dir+0x489/0x5f0 [ 1372.793313] ovl_dir_read_merged+0x42b/0xcf0 [ 1372.797743] ? ovl_dir_open+0x310/0x310 [ 1372.801765] ? __lock_is_held+0xb6/0x140 [ 1372.805832] ? ovl_fill_plain+0x340/0x340 [ 1372.809995] ? rcu_read_lock_sched_held+0x110/0x130 [ 1372.815011] ? kmem_cache_alloc_trace+0x354/0x760 [ 1372.815036] ovl_iterate+0x899/0xe60 [ 1372.823810] ? ovl_iterate_real+0xd70/0xd70 [ 1372.828140] ? down_read_killable+0x150/0x150 [ 1372.832643] ? security_file_permission+0x94/0x320 [ 1372.832662] iterate_dir+0x20d/0x5f0 [ 1372.841415] ksys_getdents64+0x245/0x4a0 [ 1372.845597] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1372.851142] ? __ia32_sys_getdents+0x520/0x520 [ 1372.855726] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1372.860307] ? iterate_dir+0x5f0/0x5f0 [ 1372.864203] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1372.869648] ? trace_hardirqs_off_caller+0x300/0x300 20:25:48 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1372.874758] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1372.879522] __x64_sys_getdents64+0x73/0xb0 [ 1372.883880] do_syscall_64+0x1a3/0x800 [ 1372.887793] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1372.892734] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1372.897852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1372.902707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1372.907903] RIP: 0033:0x457e39 20:25:48 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:48 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400006f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:48 executing program 0 (fault-call:10 fault-nth:9): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1372.911101] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1372.930002] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1372.930017] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1372.930025] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1372.930034] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1372.930042] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1372.930050] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 20:25:48 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1373.000793] binder: 7271:7272 got transaction with too large buffer [ 1373.014189] binder: 7271:7272 transaction failed 29201/-22, size 40-8 line 3192 20:25:48 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1373.070653] binder_alloc: binder_alloc_mmap_handler: 7271 20ffc000-20ffe000 already mapped failed -16 [ 1373.119539] FAULT_INJECTION: forcing a failure. [ 1373.119539] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.139081] binder: BINDER_SET_CONTEXT_MGR already set [ 1373.139087] binder_alloc: 7271: binder_alloc_buf, no vma [ 1373.139120] binder: 7271:7281 transaction failed 29189/-3, size 40-8 line 3035 [ 1373.144413] binder: 7271:7272 ioctl 40046207 0 returned -16 [ 1373.147312] CPU: 1 PID: 7280 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1373.170103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.170110] Call Trace: [ 1373.170132] dump_stack+0x1db/0x2d0 [ 1373.170150] ? dump_stack_print_info.cold+0x20/0x20 [ 1373.170176] should_fail.cold+0xa/0x15 [ 1373.194600] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1373.199711] ? ___might_sleep+0x1e7/0x310 [ 1373.199728] ? arch_local_save_flags+0x50/0x50 [ 1373.199772] __should_failslab+0x121/0x190 [ 1373.199789] should_failslab+0x9/0x14 [ 1373.208493] kmem_cache_alloc_trace+0x2d1/0x760 [ 1373.208521] ? __might_sleep+0x95/0x190 [ 1373.208542] apparmor_file_alloc_security+0x172/0xad0 [ 1373.216550] ? __lock_is_held+0xb6/0x140 [ 1373.234396] ? apparmor_path_rename+0xcb0/0xcb0 [ 1373.239081] ? __alloc_file+0x93/0x480 [ 1373.242975] ? __alloc_file+0x93/0x480 [ 1373.246886] ? rcu_read_lock_sched_held+0x110/0x130 [ 1373.251906] ? kmem_cache_alloc+0x341/0x710 [ 1373.256237] security_file_alloc+0x69/0xb0 [ 1373.260486] __alloc_file+0x128/0x480 [ 1373.264297] ? file_free_rcu+0xe0/0xe0 [ 1373.268192] ? kick_process+0xef/0x180 [ 1373.272078] ? task_work_add+0x124/0x1f0 [ 1373.276145] alloc_empty_file+0x72/0x170 [ 1373.280221] dentry_open+0x70/0x1d0 [ 1373.283864] ovl_path_open+0x56/0x70 [ 1373.287582] ovl_dir_read_merged+0x2a1/0xcf0 [ 1373.292003] ? ovl_dir_open+0x310/0x310 [ 1373.295982] ? __lock_is_held+0xb6/0x140 [ 1373.300048] ? ovl_fill_plain+0x340/0x340 [ 1373.304209] ? rcu_read_lock_sched_held+0x110/0x130 [ 1373.309227] ? kmem_cache_alloc_trace+0x354/0x760 [ 1373.314072] ? ovl_test_flag+0x12/0x20 [ 1373.317959] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1373.322981] ovl_iterate+0x899/0xe60 [ 1373.326709] ? ovl_iterate_real+0xd70/0xd70 [ 1373.331057] ? down_read_killable+0x150/0x150 [ 1373.335559] ? security_file_permission+0x94/0x320 [ 1373.340529] iterate_dir+0x20d/0x5f0 [ 1373.344251] ksys_getdents64+0x245/0x4a0 [ 1373.348351] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1373.353891] ? __ia32_sys_getdents+0x520/0x520 [ 1373.358584] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1373.363252] ? iterate_dir+0x5f0/0x5f0 [ 1373.367150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1373.372520] ? trace_hardirqs_off_caller+0x300/0x300 [ 1373.377642] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1373.382402] __x64_sys_getdents64+0x73/0xb0 [ 1373.386726] do_syscall_64+0x1a3/0x800 [ 1373.390615] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1373.395556] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1373.400583] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1373.405461] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1373.410646] RIP: 0033:0x457e39 [ 1373.413929] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1373.432831] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1373.440537] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1373.447891] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1373.455171] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1373.462439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 20:25:49 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400016f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:49 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1373.469706] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1373.499070] binder: undelivered TRANSACTION_ERROR: 29201 [ 1373.512753] binder: undelivered TRANSACTION_ERROR: 29189 20:25:49 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6800000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:49 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400026f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 0 (fault-call:10 fault-nth:10): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:49 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1373.625803] binder: 7295:7299 got transaction with too large buffer [ 1373.642443] binder: 7295:7299 transaction failed 29201/-22, size 40-8 line 3192 20:25:49 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1373.692346] binder_alloc: binder_alloc_mmap_handler: 7295 20ffc000-20ffe000 already mapped failed -16 [ 1373.715144] FAULT_INJECTION: forcing a failure. [ 1373.715144] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.732685] CPU: 0 PID: 7303 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1373.733462] binder: BINDER_SET_CONTEXT_MGR already set [ 1373.739799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.739806] Call Trace: [ 1373.739828] dump_stack+0x1db/0x2d0 [ 1373.739849] ? dump_stack_print_info.cold+0x20/0x20 [ 1373.739869] ? security_file_alloc+0x69/0xb0 [ 1373.739884] ? __alloc_file+0x128/0x480 [ 1373.739897] ? alloc_empty_file+0x72/0x170 [ 1373.739906] ? dentry_open+0x70/0x1d0 [ 1373.739917] ? ovl_path_open+0x56/0x70 [ 1373.739932] ? ovl_iterate+0x899/0xe60 [ 1373.754563] should_fail.cold+0xa/0x15 [ 1373.754583] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1373.754606] ? ___might_sleep+0x1e7/0x310 [ 1373.761231] binder: 7295:7299 ioctl 40046207 0 returned -16 [ 1373.765811] ? arch_local_save_flags+0x50/0x50 [ 1373.765835] ? apparmor_file_alloc_security+0x172/0xad0 [ 1373.765855] __should_failslab+0x121/0x190 [ 1373.765871] should_failslab+0x9/0x14 [ 1373.826890] kmem_cache_alloc+0x2be/0x710 [ 1373.831065] ? refcount_inc_not_zero_checked+0x2e0/0x2e0 [ 1373.836528] __d_alloc+0xae/0xbe0 [ 1373.839999] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 1373.845022] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1373.850562] ? __fsnotify_parent+0xe2/0x450 [ 1373.854887] ? fsnotify_first_mark+0x350/0x350 [ 1373.859490] ? apparmor_capable+0x6d0/0x6d0 [ 1373.863823] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1373.869363] ? errseq_sample+0xe6/0x140 [ 1373.873354] d_alloc_cursor+0x3f/0xe0 [ 1373.877184] dcache_dir_open+0x37/0x90 [ 1373.881087] do_dentry_open+0x48a/0x1210 [ 1373.885160] ? file_free_rcu+0xe0/0xe0 [ 1373.889057] ? empty_dir_getattr+0x70/0x70 [ 1373.893303] ? chown_common+0x740/0x740 [ 1373.897279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1373.902835] ? percpu_counter_add_batch+0x13c/0x190 [ 1373.907892] dentry_open+0x132/0x1d0 [ 1373.911614] ovl_path_open+0x56/0x70 [ 1373.915339] ovl_dir_read_merged+0x2a1/0xcf0 [ 1373.919759] ? ovl_dir_open+0x310/0x310 [ 1373.923726] ? __lock_is_held+0xb6/0x140 [ 1373.927776] ? ovl_fill_plain+0x340/0x340 [ 1373.931922] ? rcu_read_lock_sched_held+0x110/0x130 [ 1373.936928] ? kmem_cache_alloc_trace+0x354/0x760 [ 1373.941757] ? ovl_test_flag+0x12/0x20 [ 1373.945635] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1373.951135] ovl_iterate+0x899/0xe60 [ 1373.954843] ? ovl_iterate_real+0xd70/0xd70 [ 1373.959155] ? down_read_killable+0x150/0x150 [ 1373.963648] ? security_file_permission+0x94/0x320 [ 1373.968567] iterate_dir+0x20d/0x5f0 [ 1373.972272] ksys_getdents64+0x245/0x4a0 [ 1373.976321] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1373.981850] ? __ia32_sys_getdents+0x520/0x520 [ 1373.986422] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1373.991007] ? iterate_dir+0x5f0/0x5f0 [ 1373.994884] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1374.000242] ? trace_hardirqs_off_caller+0x300/0x300 [ 1374.005361] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1374.010107] __x64_sys_getdents64+0x73/0xb0 [ 1374.014417] do_syscall_64+0x1a3/0x800 [ 1374.018299] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1374.023219] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1374.028228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1374.033066] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1374.038243] RIP: 0033:0x457e39 [ 1374.041424] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1374.060324] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1374.068017] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1374.075274] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1374.082530] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 20:25:49 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:49 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400036f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1374.089788] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1374.097134] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1374.106177] binder: undelivered TRANSACTION_ERROR: 29201 20:25:49 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x6c00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:49 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:49 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1374.280682] binder: 7322:7323 got transaction with too large buffer [ 1374.315681] binder_alloc: binder_alloc_mmap_handler: 7322 20ffc000-20ffe000 already mapped failed -16 [ 1374.329234] binder: BINDER_SET_CONTEXT_MGR already set [ 1374.348491] binder_alloc: 7322: binder_alloc_buf, no vma [ 1374.355780] binder: 7322:7323 ioctl 40046207 0 returned -16 20:25:50 executing program 0 (fault-call:10 fault-nth:11): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:50 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, 0x0, r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:50 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7400000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:50 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1374.474395] binder: 7332:7333 got transaction with too large buffer 20:25:50 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1374.514832] binder_alloc: binder_alloc_mmap_handler: 7332 20ffc000-20ffe000 already mapped failed -16 [ 1374.544645] binder: BINDER_SET_CONTEXT_MGR already set 20:25:50 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, 0x0, r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1374.565907] binder: 7332:7333 ioctl 40046207 0 returned -16 [ 1374.585878] binder_alloc: 7332: binder_alloc_buf, no vma 20:25:50 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003701e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1374.712820] FAULT_INJECTION: forcing a failure. [ 1374.712820] name failslab, interval 1, probability 0, space 0, times 0 [ 1374.738989] CPU: 1 PID: 7351 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1374.746117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1374.755466] Call Trace: [ 1374.755490] dump_stack+0x1db/0x2d0 [ 1374.755510] ? dump_stack_print_info.cold+0x20/0x20 [ 1374.755537] should_fail.cold+0xa/0x15 [ 1374.761728] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1374.761753] ? ___might_sleep+0x1e7/0x310 [ 1374.779867] ? arch_local_save_flags+0x50/0x50 [ 1374.784459] ? mark_held_locks+0x100/0x100 [ 1374.788694] ? rcu_read_unlock_special+0x380/0x380 [ 1374.793644] __should_failslab+0x121/0x190 [ 1374.797888] should_failslab+0x9/0x14 [ 1374.801915] __kmalloc+0x2dc/0x740 [ 1374.805466] ? next_positive.isra.0+0x2b5/0x490 [ 1374.810159] ? find_held_lock+0x35/0x120 [ 1374.814223] ? ovl_cache_entry_new+0x3f/0x550 [ 1374.818727] ovl_cache_entry_new+0x3f/0x550 [ 1374.823061] ovl_fill_merge+0x56c/0xea0 [ 1374.827043] ? rcu_read_unlock_special+0x340/0x380 [ 1374.831981] ? ovl_fill_plain+0x340/0x340 [ 1374.836136] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1374.841674] ? next_positive.isra.0+0x33c/0x490 [ 1374.846451] ? simple_lookup+0x120/0x120 [ 1374.850517] ? ovl_fill_plain+0x340/0x340 [ 1374.854683] dcache_readdir+0x404/0x640 [ 1374.858654] ? down_write+0x130/0x130 [ 1374.862553] iterate_dir+0x489/0x5f0 [ 1374.866277] ovl_dir_read_merged+0x42b/0xcf0 [ 1374.870703] ? ovl_dir_open+0x310/0x310 [ 1374.874678] ? __lock_is_held+0xb6/0x140 [ 1374.878830] ? ovl_fill_plain+0x340/0x340 [ 1374.882995] ? rcu_read_lock_sched_held+0x110/0x130 [ 1374.888020] ? kmem_cache_alloc_trace+0x354/0x760 [ 1374.892863] ? ovl_test_flag+0x12/0x20 [ 1374.896762] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1374.901797] ovl_iterate+0x899/0xe60 [ 1374.905528] ? ovl_iterate_real+0xd70/0xd70 [ 1374.909847] ? down_read_killable+0x150/0x150 [ 1374.914350] ? security_file_permission+0x94/0x320 [ 1374.919297] iterate_dir+0x20d/0x5f0 [ 1374.923023] ksys_getdents64+0x245/0x4a0 [ 1374.927088] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1374.932629] ? __ia32_sys_getdents+0x520/0x520 [ 1374.937212] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1374.941809] ? iterate_dir+0x5f0/0x5f0 [ 1374.945703] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1374.951068] ? trace_hardirqs_off_caller+0x300/0x300 [ 1374.956176] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1374.960937] __x64_sys_getdents64+0x73/0xb0 [ 1374.965262] do_syscall_64+0x1a3/0x800 [ 1374.969156] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1374.974088] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1374.979113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1374.983963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1374.989244] RIP: 0033:0x457e39 [ 1374.992438] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1375.011336] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1375.019139] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1375.026405] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1375.033675] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1375.040943] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1375.048219] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1375.058908] net_ratelimit: 30 callbacks suppressed [ 1375.058916] protocol 88fb is buggy, dev hsr_slave_0 [ 1375.069095] protocol 88fb is buggy, dev hsr_slave_1 20:25:50 executing program 0 (fault-call:10 fault-nth:12): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x7a00000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:50 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, 0x0, r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:50 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:50 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1375.158501] binder: 7361:7363 got transaction with too large buffer [ 1375.185908] binder_alloc: binder_alloc_mmap_handler: 7361 20ffc000-20ffe000 already mapped failed -16 20:25:50 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1375.229514] binder_alloc: 7361: binder_alloc_buf, no vma [ 1375.234204] binder: BINDER_SET_CONTEXT_MGR already set [ 1375.246067] FAULT_INJECTION: forcing a failure. [ 1375.246067] name failslab, interval 1, probability 0, space 0, times 0 20:25:50 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1375.274366] binder: 7361:7363 ioctl 40046207 0 returned -16 [ 1375.301427] CPU: 1 PID: 7366 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1375.308560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.318001] Call Trace: [ 1375.320602] dump_stack+0x1db/0x2d0 [ 1375.324243] ? dump_stack_print_info.cold+0x20/0x20 [ 1375.329273] ? rcu_read_unlock_special+0x380/0x380 [ 1375.334214] ? add_lock_to_list.isra.0+0x450/0x450 [ 1375.339158] should_fail.cold+0xa/0x15 [ 1375.343061] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1375.348179] ? ___might_sleep+0x1e7/0x310 [ 1375.352338] ? arch_local_save_flags+0x50/0x50 [ 1375.356931] ? iterate_dir+0x397/0x5f0 [ 1375.360839] __should_failslab+0x121/0x190 [ 1375.365100] should_failslab+0x9/0x14 [ 1375.368905] kmem_cache_alloc+0x2be/0x710 [ 1375.373063] ? lock_downgrade+0x910/0x910 [ 1375.377215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1375.382752] ? fsnotify+0x4f5/0xed0 [ 1375.386387] __alloc_file+0x93/0x480 [ 1375.390108] ? file_free_rcu+0xe0/0xe0 [ 1375.393996] ? __fsnotify_parent+0xe2/0x450 [ 1375.398334] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1375.403871] ? task_work_add+0x124/0x1f0 [ 1375.407943] alloc_empty_file+0x72/0x170 [ 1375.412007] dentry_open+0x70/0x1d0 [ 1375.415637] ovl_path_open+0x56/0x70 [ 1375.419366] ovl_dir_read_merged+0x65c/0xcf0 [ 1375.423792] ? ovl_dir_open+0x310/0x310 [ 1375.427767] ? __lock_is_held+0xb6/0x140 [ 1375.431827] ? ovl_fill_plain+0x340/0x340 [ 1375.435994] ? rcu_read_lock_sched_held+0x110/0x130 [ 1375.441012] ? kmem_cache_alloc_trace+0x354/0x760 [ 1375.445860] ? ovl_test_flag+0x12/0x20 [ 1375.449749] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1375.454771] ovl_iterate+0x899/0xe60 [ 1375.458495] ? ovl_iterate_real+0xd70/0xd70 [ 1375.462820] ? down_read_killable+0x150/0x150 [ 1375.467338] ? security_file_permission+0x94/0x320 [ 1375.472278] iterate_dir+0x20d/0x5f0 [ 1375.476003] ksys_getdents64+0x245/0x4a0 [ 1375.480066] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1375.485630] ? __ia32_sys_getdents+0x520/0x520 [ 1375.490216] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1375.494798] ? iterate_dir+0x5f0/0x5f0 [ 1375.498706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1375.504076] ? trace_hardirqs_off_caller+0x300/0x300 [ 1375.509184] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1375.513946] __x64_sys_getdents64+0x73/0xb0 [ 1375.518272] do_syscall_64+0x1a3/0x800 [ 1375.522164] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1375.527095] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1375.532122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1375.536979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1375.542185] RIP: 0033:0x457e39 [ 1375.545385] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1375.564837] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1375.572551] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1375.579825] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1375.587104] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1375.594373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 20:25:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0x8000000000000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:51 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1375.601642] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1375.609361] protocol 88fb is buggy, dev hsr_slave_0 [ 1375.614444] protocol 88fb is buggy, dev hsr_slave_1 [ 1375.619592] protocol 88fb is buggy, dev hsr_slave_0 [ 1375.624669] protocol 88fb is buggy, dev hsr_slave_1 [ 1375.697127] binder: 7375:7378 got transaction with too large buffer [ 1375.714625] binder_transaction: 6 callbacks suppressed [ 1375.714641] binder: 7375:7378 transaction failed 29201/-22, size 40-8 line 3192 [ 1375.735094] binder_alloc: binder_alloc_mmap_handler: 7375 20ffc000-20ffe000 already mapped failed -16 20:25:51 executing program 0 (fault-call:10 fault-nth:13): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:51 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:51 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:51 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:51 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xfdfdffff00000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 1375.750900] binder: BINDER_SET_CONTEXT_MGR already set [ 1375.761319] binder: 7375:7378 ioctl 40046207 0 returned -16 [ 1375.767380] binder_alloc: 7375: binder_alloc_buf, no vma [ 1375.767416] binder: 7375:7379 transaction failed 29189/-3, size 40-8 line 3035 [ 1375.862372] binder: 7382:7388 got transaction with too large buffer [ 1375.879073] binder: 7382:7388 transaction failed 29201/-22, size 40-8 line 3192 20:25:51 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003711e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:51 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:51 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1375.918397] FAULT_INJECTION: forcing a failure. [ 1375.918397] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.944296] binder_alloc: binder_alloc_mmap_handler: 7382 20ffc000-20ffe000 already mapped failed -16 [ 1375.967600] CPU: 1 PID: 7391 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1375.974719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.984061] Call Trace: [ 1375.984084] dump_stack+0x1db/0x2d0 [ 1375.984104] ? dump_stack_print_info.cold+0x20/0x20 [ 1375.984131] should_fail.cold+0xa/0x15 [ 1375.995337] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1375.995363] ? ___might_sleep+0x1e7/0x310 [ 1375.995385] ? arch_local_save_flags+0x50/0x50 [ 1376.004367] __should_failslab+0x121/0x190 [ 1376.004387] should_failslab+0x9/0x14 [ 1376.004401] kmem_cache_alloc_trace+0x2d1/0x760 [ 1376.004420] ? __might_sleep+0x95/0x190 [ 1376.013216] apparmor_file_alloc_security+0x172/0xad0 [ 1376.013231] ? __lock_is_held+0xb6/0x140 [ 1376.013252] ? apparmor_path_rename+0xcb0/0xcb0 [ 1376.013268] ? __alloc_file+0x93/0x480 [ 1376.021292] ? __alloc_file+0x93/0x480 [ 1376.021308] ? rcu_read_lock_sched_held+0x110/0x130 [ 1376.021324] ? kmem_cache_alloc+0x341/0x710 [ 1376.021347] security_file_alloc+0x69/0xb0 [ 1376.021365] __alloc_file+0x128/0x480 [ 1376.021381] ? file_free_rcu+0xe0/0xe0 [ 1376.021396] ? __fsnotify_parent+0xe2/0x450 [ 1376.077275] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1376.082817] ? task_work_add+0x124/0x1f0 [ 1376.086892] alloc_empty_file+0x72/0x170 [ 1376.090956] dentry_open+0x70/0x1d0 [ 1376.094587] ovl_path_open+0x56/0x70 [ 1376.098417] ovl_dir_read_merged+0x65c/0xcf0 [ 1376.102842] ? ovl_dir_open+0x310/0x310 [ 1376.106822] ? __lock_is_held+0xb6/0x140 [ 1376.110968] ? ovl_fill_plain+0x340/0x340 [ 1376.115129] ? rcu_read_lock_sched_held+0x110/0x130 [ 1376.120715] ? kmem_cache_alloc_trace+0x354/0x760 [ 1376.125565] ? ovl_test_flag+0x12/0x20 [ 1376.129453] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1376.134483] ovl_iterate+0x899/0xe60 [ 1376.138208] ? ovl_iterate_real+0xd70/0xd70 [ 1376.142536] ? down_read_killable+0x150/0x150 [ 1376.147057] ? security_file_permission+0x94/0x320 [ 1376.151993] iterate_dir+0x20d/0x5f0 [ 1376.155716] ksys_getdents64+0x245/0x4a0 [ 1376.159783] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1376.165335] ? __ia32_sys_getdents+0x520/0x520 [ 1376.169921] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1376.174512] ? iterate_dir+0x5f0/0x5f0 [ 1376.178405] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.183779] ? trace_hardirqs_off_caller+0x300/0x300 [ 1376.188890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1376.193651] __x64_sys_getdents64+0x73/0xb0 [ 1376.197984] do_syscall_64+0x1a3/0x800 [ 1376.201876] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1376.206819] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1376.211844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1376.216696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.221883] RIP: 0033:0x457e39 [ 1376.225076] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1376.243975] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1376.251682] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1376.258949] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 20:25:51 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1376.266217] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1376.273503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1376.280855] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1376.288488] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.293619] protocol 88fb is buggy, dev hsr_slave_1 [ 1376.298805] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.303881] protocol 88fb is buggy, dev hsr_slave_1 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1376.348110] binder: BINDER_SET_CONTEXT_MGR already set [ 1376.348132] binder_alloc: 7382: binder_alloc_buf, no vma [ 1376.375697] binder: 7382:7388 ioctl 40046207 0 returned -16 [ 1376.393787] binder_release_work: 8 callbacks suppressed [ 1376.393794] binder: undelivered TRANSACTION_ERROR: 29201 [ 1376.405061] binder: 7382:7392 transaction failed 29189/-3, size 40-8 line 3035 [ 1376.448390] binder: undelivered TRANSACTION_ERROR: 29189 20:25:52 executing program 0 (fault-call:10 fault-nth:14): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:52 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, 0x0) getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:52 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2, 0x0, 0xffffffff00000000}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1376.577292] binder: 7408:7410 got transaction with too large buffer [ 1376.614187] FAULT_INJECTION: forcing a failure. [ 1376.614187] name failslab, interval 1, probability 0, space 0, times 0 20:25:52 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1376.614274] binder: 7408:7410 transaction failed 29201/-22, size 40-8 line 3192 [ 1376.660264] CPU: 1 PID: 7416 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1376.667492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.676843] Call Trace: [ 1376.676866] dump_stack+0x1db/0x2d0 [ 1376.676887] ? dump_stack_print_info.cold+0x20/0x20 [ 1376.676905] ? security_file_alloc+0x69/0xb0 [ 1376.676921] ? __alloc_file+0x128/0x480 [ 1376.676936] ? alloc_empty_file+0x72/0x170 [ 1376.676950] ? dentry_open+0x70/0x1d0 [ 1376.676963] ? ovl_path_open+0x56/0x70 [ 1376.676976] ? ovl_iterate+0x899/0xe60 [ 1376.676996] should_fail.cold+0xa/0x15 [ 1376.677013] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1376.716327] ? ___might_sleep+0x1e7/0x310 [ 1376.716345] ? arch_local_save_flags+0x50/0x50 [ 1376.716365] ? apparmor_file_alloc_security+0x172/0xad0 [ 1376.716384] __should_failslab+0x121/0x190 [ 1376.730185] should_failslab+0x9/0x14 [ 1376.730202] kmem_cache_alloc+0x2be/0x710 [ 1376.747722] ? refcount_inc_not_zero_checked+0x2e0/0x2e0 [ 1376.753186] __d_alloc+0xae/0xbe0 [ 1376.756747] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 1376.761772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1376.767304] ? __fsnotify_parent+0xe2/0x450 [ 1376.767322] ? fsnotify_first_mark+0x350/0x350 [ 1376.767341] ? apparmor_capable+0x6d0/0x6d0 [ 1376.767360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1376.786184] ? errseq_sample+0xe6/0x140 [ 1376.786215] d_alloc_cursor+0x3f/0xe0 [ 1376.786231] dcache_dir_open+0x37/0x90 [ 1376.786247] do_dentry_open+0x48a/0x1210 [ 1376.801936] ? file_free_rcu+0xe0/0xe0 [ 1376.805829] ? empty_dir_getattr+0x70/0x70 [ 1376.810068] ? chown_common+0x740/0x740 [ 1376.814047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1376.819587] ? percpu_counter_add_batch+0x13c/0x190 [ 1376.819613] dentry_open+0x132/0x1d0 [ 1376.819630] ovl_path_open+0x56/0x70 [ 1376.819646] ovl_dir_read_merged+0x65c/0xcf0 [ 1376.819670] ? ovl_dir_open+0x310/0x310 [ 1376.832062] ? __lock_is_held+0xb6/0x140 [ 1376.832077] ? ovl_fill_plain+0x340/0x340 [ 1376.832102] ? rcu_read_lock_sched_held+0x110/0x130 [ 1376.832119] ? kmem_cache_alloc_trace+0x354/0x760 [ 1376.858488] ? ovl_test_flag+0x12/0x20 [ 1376.862380] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1376.867408] ovl_iterate+0x899/0xe60 [ 1376.871134] ? ovl_iterate_real+0xd70/0xd70 [ 1376.875490] ? down_read_killable+0x150/0x150 [ 1376.879993] ? security_file_permission+0x94/0x320 [ 1376.885026] iterate_dir+0x20d/0x5f0 [ 1376.885049] ksys_getdents64+0x245/0x4a0 [ 1376.885064] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1376.885082] ? __ia32_sys_getdents+0x520/0x520 [ 1376.892856] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1376.892870] ? iterate_dir+0x5f0/0x5f0 [ 1376.892891] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.892905] ? trace_hardirqs_off_caller+0x300/0x300 [ 1376.892922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1376.926813] __x64_sys_getdents64+0x73/0xb0 [ 1376.931143] do_syscall_64+0x1a3/0x800 [ 1376.935034] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1376.939980] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1376.945087] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1376.949940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.955128] RIP: 0033:0x457e39 [ 1376.958325] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:25:52 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003a91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1376.977352] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1376.985062] RAX: ffffffffffffffda RBX: 00007f698c864c90 RCX: 0000000000457e39 [ 1376.992327] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000004 [ 1376.999680] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1377.007035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1377.014305] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000005 [ 1377.059772] binder_alloc: binder_alloc_mmap_handler: 7408 20ffc000-20ffe000 already mapped failed -16 [ 1377.082810] binder: BINDER_SET_CONTEXT_MGR already set [ 1377.088337] binder: 7408:7410 ioctl 40046207 0 returned -16 [ 1377.098937] binder_alloc: 7408: binder_alloc_buf, no vma 20:25:52 executing program 0 (fault-call:10 fault-nth:15): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, 0x0) getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:52 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1377.119429] binder: 7408:7429 transaction failed 29189/-3, size 40-8 line 3035 [ 1377.130210] binder: undelivered TRANSACTION_ERROR: 29201 [ 1377.135709] binder: undelivered TRANSACTION_ERROR: 29189 20:25:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x2]}}}], 0x0, 0x0, 0x0}) 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003aa1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003721e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:52 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, 0x0) getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) 20:25:52 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1377.238036] binder: 7439:7440 got transaction with invalid offset (2, min 0 max 40) or object. 20:25:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1377.294752] binder: 7439:7440 transaction failed 29201/-22, size 40-8 line 3097 [ 1377.328283] binder_alloc: binder_alloc_mmap_handler: 7439 20ffc000-20ffe000 already mapped failed -16 20:25:53 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1377.370484] FAULT_INJECTION: forcing a failure. [ 1377.370484] name failslab, interval 1, probability 0, space 0, times 0 [ 1377.394167] binder: BINDER_SET_CONTEXT_MGR already set [ 1377.408567] CPU: 0 PID: 7446 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1377.415811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.419432] binder: 7439:7440 ioctl 40046207 0 returned -16 [ 1377.425170] Call Trace: [ 1377.433495] dump_stack+0x1db/0x2d0 [ 1377.437235] ? dump_stack_print_info.cold+0x20/0x20 [ 1377.442258] ? ovl_dir_read_merged+0x2a1/0xcf0 [ 1377.443693] binder_alloc: 7439: binder_alloc_buf, no vma [ 1377.446838] ? ovl_iterate+0x899/0xe60 [ 1377.446853] ? iterate_dir+0x20d/0x5f0 [ 1377.446879] ? ksys_getdents64+0x245/0x4a0 [ 1377.462739] binder: 7439:7456 transaction failed 29189/-3, size 40-8 line 3035 [ 1377.464295] ? __x64_sys_getdents64+0x73/0xb0 [ 1377.464319] should_fail.cold+0xa/0x15 [ 1377.476271] binder: undelivered TRANSACTION_ERROR: 29201 [ 1377.480036] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1377.480059] ? ___might_sleep+0x1e7/0x310 [ 1377.480076] ? arch_local_save_flags+0x50/0x50 [ 1377.480092] ? mark_held_locks+0x100/0x100 [ 1377.480107] ? rcu_read_unlock_special+0x380/0x380 [ 1377.480130] __should_failslab+0x121/0x190 [ 1377.512685] should_failslab+0x9/0x14 [ 1377.516489] kmem_cache_alloc_trace+0x2d1/0x760 [ 1377.521176] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1377.526758] ext4_readdir+0x2268/0x3590 [ 1377.530726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1377.536271] ? __lock_is_held+0xb6/0x140 [ 1377.540324] ? apparmor_capable+0x6d0/0x6d0 [ 1377.544724] ? __ext4_check_dir_entry+0x350/0x350 [ 1377.549558] ? ___might_sleep+0x1e7/0x310 [ 1377.553696] ? lock_release+0xc40/0xc40 [ 1377.557685] ? down_read_killable+0x90/0x150 [ 1377.562305] ? iterate_dir+0xd8/0x5f0 [ 1377.566093] ? down_write+0x130/0x130 [ 1377.569885] ? security_file_permission+0x94/0x320 [ 1377.574800] iterate_dir+0x489/0x5f0 [ 1377.578519] ovl_dir_read_merged+0x42b/0xcf0 [ 1377.582923] ? ovl_dir_open+0x310/0x310 [ 1377.586887] ? __lock_is_held+0xb6/0x140 [ 1377.590933] ? ovl_fill_plain+0x340/0x340 [ 1377.595084] ? rcu_read_lock_sched_held+0x110/0x130 [ 1377.600103] ? kmem_cache_alloc_trace+0x354/0x760 [ 1377.604931] ? ovl_test_flag+0x12/0x20 [ 1377.608803] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1377.613807] ovl_iterate+0x899/0xe60 [ 1377.617511] ? ovl_iterate_real+0xd70/0xd70 [ 1377.621833] ? down_read_killable+0x150/0x150 [ 1377.626323] ? security_file_permission+0x94/0x320 [ 1377.631253] iterate_dir+0x20d/0x5f0 [ 1377.634960] ksys_getdents64+0x245/0x4a0 [ 1377.639011] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1377.644538] ? __ia32_sys_getdents+0x520/0x520 [ 1377.649104] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1377.653679] ? iterate_dir+0x5f0/0x5f0 [ 1377.657554] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1377.662905] ? trace_hardirqs_off_caller+0x300/0x300 [ 1377.668015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1377.672766] __x64_sys_getdents64+0x73/0xb0 [ 1377.677075] do_syscall_64+0x1a3/0x800 [ 1377.680950] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1377.685952] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1377.690990] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1377.695822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1377.700997] RIP: 0033:0x457e39 [ 1377.704284] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1377.723185] RSP: 002b:00007f698c843c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1377.730886] RAX: ffffffffffffffda RBX: 00007f698c843c90 RCX: 0000000000457e39 [ 1377.738151] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000003 [ 1377.745406] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1377.752665] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8446d4 [ 1377.759923] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:25:53 executing program 0 (fault-call:10 fault-nth:16): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:53 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:53 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:53 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x3]}}}], 0x0, 0x0, 0x0}) 20:25:53 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1377.818663] binder: undelivered TRANSACTION_ERROR: 29189 20:25:53 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1377.905096] binder: 7458:7463 got transaction with invalid offset (3, min 0 max 40) or object. [ 1377.939472] binder: 7458:7463 transaction failed 29201/-22, size 40-8 line 3097 20:25:53 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:53 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) [ 1377.982084] binder_alloc: binder_alloc_mmap_handler: 7458 20ffc000-20ffe000 already mapped failed -16 20:25:53 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:53 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ab1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1378.027508] binder: BINDER_SET_CONTEXT_MGR already set [ 1378.067817] binder: 7458:7463 ioctl 40046207 0 returned -16 [ 1378.098975] binder_alloc: 7458: binder_alloc_buf, no vma [ 1378.105151] binder: 7458:7477 transaction failed 29189/-3, size 40-8 line 3035 20:25:53 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1378.127206] binder: undelivered TRANSACTION_ERROR: 29201 [ 1378.134213] binder: undelivered TRANSACTION_ERROR: 29189 [ 1378.246609] FAULT_INJECTION: forcing a failure. [ 1378.246609] name failslab, interval 1, probability 0, space 0, times 0 [ 1378.269745] CPU: 1 PID: 7472 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1378.276867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1378.286220] Call Trace: [ 1378.288819] dump_stack+0x1db/0x2d0 [ 1378.292451] ? dump_stack_print_info.cold+0x20/0x20 [ 1378.297527] ? ext4_issue_zeroout+0x170/0x170 [ 1378.302035] should_fail.cold+0xa/0x15 [ 1378.305929] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1378.311043] ? ___might_sleep+0x1e7/0x310 [ 1378.315205] ? arch_local_save_flags+0x50/0x50 [ 1378.319823] __should_failslab+0x121/0x190 [ 1378.324059] should_failslab+0x9/0x14 [ 1378.327864] __kmalloc+0x2dc/0x740 [ 1378.331408] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1378.336092] ? ext4_htree_store_dirent+0x8a/0x650 [ 1378.340944] ext4_htree_store_dirent+0x8a/0x650 [ 1378.345671] htree_dirblock_to_tree+0x391/0x840 [ 1378.350353] ? dx_probe+0x1120/0x1120 [ 1378.354241] ? __x64_sys_getdents64+0x73/0xb0 [ 1378.358738] ? ovl_path_open+0x56/0x70 [ 1378.362628] ? iterate_dir+0x20d/0x5f0 [ 1378.366526] ? ksys_getdents64+0x245/0x4a0 [ 1378.370766] ? print_usage_bug+0xd0/0xd0 [ 1378.374836] ext4_htree_fill_tree+0x2c3/0xd60 [ 1378.379332] ? add_lock_to_list.isra.0+0x450/0x450 [ 1378.384274] ? do_split+0x2070/0x2070 [ 1378.388080] ? ext4_readdir+0x2268/0x3590 [ 1378.392234] ? __lock_is_held+0xb6/0x140 [ 1378.396298] ? ext4_readdir+0x2268/0x3590 [ 1378.400446] ? rcu_read_lock_sched_held+0x110/0x130 [ 1378.405469] ? kmem_cache_alloc_trace+0x354/0x760 [ 1378.410337] ext4_readdir+0x1916/0x3590 [ 1378.414313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1378.419870] ? __ext4_check_dir_entry+0x350/0x350 [ 1378.424714] ? ___might_sleep+0x1e7/0x310 [ 1378.428875] ? lock_release+0xc40/0xc40 [ 1378.432869] ? iterate_dir+0xd8/0x5f0 [ 1378.436670] ? down_write+0x130/0x130 [ 1378.440474] ? security_file_permission+0x94/0x320 [ 1378.445427] iterate_dir+0x489/0x5f0 [ 1378.449150] ovl_dir_read_merged+0x42b/0xcf0 [ 1378.453576] ? ovl_dir_open+0x310/0x310 [ 1378.457552] ? __lock_is_held+0xb6/0x140 [ 1378.461613] ? ovl_fill_plain+0x340/0x340 [ 1378.465769] ? rcu_read_lock_sched_held+0x110/0x130 [ 1378.470808] ? kmem_cache_alloc_trace+0x354/0x760 [ 1378.475651] ? ovl_test_flag+0x12/0x20 [ 1378.479555] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1378.484592] ovl_iterate+0x899/0xe60 [ 1378.488317] ? ovl_iterate_real+0xd70/0xd70 [ 1378.492654] ? down_read_killable+0x150/0x150 [ 1378.497156] ? security_file_permission+0x94/0x320 [ 1378.502095] iterate_dir+0x20d/0x5f0 [ 1378.505810] ksys_getdents64+0x245/0x4a0 [ 1378.509868] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1378.515421] ? __ia32_sys_getdents+0x520/0x520 [ 1378.520001] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1378.524677] ? iterate_dir+0x5f0/0x5f0 [ 1378.528574] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1378.533935] ? trace_hardirqs_off_caller+0x300/0x300 [ 1378.539067] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1378.543841] __x64_sys_getdents64+0x73/0xb0 [ 1378.548170] do_syscall_64+0x1a3/0x800 [ 1378.552066] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1378.557005] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1378.562025] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1378.566880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1378.572070] RIP: 0033:0x457e39 [ 1378.575286] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1378.594202] RSP: 002b:00007f698c843c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1378.601995] RAX: ffffffffffffffda RBX: 00007f698c843c90 RCX: 0000000000457e39 [ 1378.609261] RDX: 000000000000001c RSI: 0000000020000280 RDI: 0000000000000003 [ 1378.616698] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.623963] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8446d4 [ 1378.631233] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:25:54 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 0 (fault-call:10 fault-nth:17): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:54 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x4]}}}], 0x0, 0x0, 0x0}) 20:25:54 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/28, 0x1c) 20:25:54 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003731e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1378.700144] binder: 7484:7485 got transaction with invalid offset (4, min 0 max 40) or object. 20:25:54 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1378.764083] binder_alloc: binder_alloc_mmap_handler: 7484 20ffc000-20ffe000 already mapped failed -16 20:25:54 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) [ 1378.804723] binder: BINDER_SET_CONTEXT_MGR already set [ 1378.818120] binder: 7484:7485 ioctl 40046207 0 returned -16 [ 1378.841003] binder_alloc: 7484: binder_alloc_buf, no vma 20:25:54 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:54 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x5]}}}], 0x0, 0x0, 0x0}) [ 1378.875988] binder: undelivered TRANSACTION_ERROR: 29201 [ 1378.889346] binder: undelivered TRANSACTION_ERROR: 29189 20:25:54 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1378.970546] binder: 7508:7509 got transaction with invalid offset (5, min 0 max 40) or object. 20:25:54 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x18) 20:25:54 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.041549] binder_alloc: binder_alloc_mmap_handler: 7508 20ffc000-20ffe000 already mapped failed -16 20:25:54 executing program 2 (fault-call:6 fault-nth:0): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:54 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ac1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.088056] binder: BINDER_SET_CONTEXT_MGR already set 20:25:54 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003741e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.149070] binder: 7508:7509 ioctl 40046207 0 returned -16 20:25:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6]}}}], 0x0, 0x0, 0x0}) 20:25:54 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:54 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x2000029c) [ 1379.249238] FAULT_INJECTION: forcing a failure. [ 1379.249238] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.285720] binder: 7534:7537 got transaction with invalid offset (6, min 0 max 40) or object. [ 1379.291390] CPU: 0 PID: 7527 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1379.301598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1379.310951] Call Trace: [ 1379.313547] dump_stack+0x1db/0x2d0 [ 1379.317279] ? dump_stack_print_info.cold+0x20/0x20 [ 1379.322322] should_fail.cold+0xa/0x15 [ 1379.326241] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1379.331362] ? ___might_sleep+0x1e7/0x310 [ 1379.335516] ? arch_local_save_flags+0x50/0x50 [ 1379.340192] ? __lock_is_held+0xb6/0x140 [ 1379.344287] __should_failslab+0x121/0x190 20:25:55 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.348523] should_failslab+0x9/0x14 [ 1379.352329] kmem_cache_alloc_trace+0x2d1/0x760 [ 1379.357015] ? ovl_test_flag+0x12/0x20 [ 1379.360905] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1379.361250] binder: BINDER_SET_CONTEXT_MGR already set [ 1379.365927] ovl_iterate+0x7a2/0xe60 [ 1379.365946] ? ovl_iterate_real+0xd70/0xd70 [ 1379.379222] ? down_read_killable+0x150/0x150 [ 1379.383725] ? security_file_permission+0x94/0x320 [ 1379.388677] iterate_dir+0x20d/0x5f0 [ 1379.392398] ksys_getdents64+0x245/0x4a0 [ 1379.396470] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1379.396487] ? __ia32_sys_getdents+0x520/0x520 [ 1379.396500] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1379.396512] ? iterate_dir+0x5f0/0x5f0 [ 1379.415071] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1379.420437] ? trace_hardirqs_off_caller+0x300/0x300 [ 1379.420455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1379.420484] __x64_sys_getdents64+0x73/0xb0 [ 1379.420499] do_syscall_64+0x1a3/0x800 [ 1379.420515] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1379.420531] ? prepare_exit_to_usermode+0x232/0x3b0 20:25:55 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.420548] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1379.420568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1379.446389] binder: 7534:7537 ioctl 40046207 0 returned -16 [ 1379.448490] RIP: 0033:0x457e39 [ 1379.448505] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1379.448513] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 20:25:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x7]}}}], 0x0, 0x0, 0x0}) [ 1379.494260] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1379.501554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1379.501563] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1379.501571] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1379.501579] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1379.581123] binder: 7546:7549 got transaction with invalid offset (7, min 0 max 40) or object. [ 1379.618207] binder_alloc: binder_alloc_mmap_handler: 7546 20ffc000-20ffe000 already mapped failed -16 20:25:55 executing program 2 (fault-call:6 fault-nth:1): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:55 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.630456] overlayfs: filesystem on './file0' not supported as upperdir [ 1379.664089] binder: BINDER_SET_CONTEXT_MGR already set 20:25:55 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003751e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000380)='./file0/f.le.\x00', 0xfffffffffffffffa) keyctl$join(0x1, &(0x7f00000003c0)={'syz', 0x0}) symlink(&(0x7f0000000340)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000002c0)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) chmod(&(0x7f0000000180)='./file0\x00', 0x8) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c078d65726469723d2e3a66696c65302c776f726b6469723d2e2f9a696c6531871b7e35dc97b8f5cd02d9af579d8dfc3f049b022c59e3685ae00898b2ab8db17e872a68698533de8803b16f91ba3d3f1081625485754bf33445ecd05657b5cbb836f1744e481c1bf7923abd2515f04dfc5c"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') ioctl$CAPI_GET_PROFILE(r0, 0xc0404309, &(0x7f0000000000)=0xfffffffffffffff9) ustat(0x465, &(0x7f0000000200)) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x2) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0xffffffffffffffff, 0x2, 0x9, 0x1, 0xfff}}) 20:25:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ad1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.711153] binder: 7546:7549 ioctl 40046207 0 returned -16 20:25:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0xa]}}}], 0x0, 0x0, 0x0}) 20:25:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.803129] overlayfs: unrecognized mount option "lerdir=.:file0" or missing value 20:25:55 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1379.848224] FAULT_INJECTION: forcing a failure. [ 1379.848224] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.861305] overlayfs: unrecognized mount option "lerdir=.:file0" or missing value [ 1379.872808] binder: 7573:7574 got transaction with invalid offset (10, min 0 max 40) or object. [ 1379.899308] CPU: 0 PID: 7571 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1379.906426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1379.915475] binder_alloc: binder_alloc_mmap_handler: 7573 20ffc000-20ffe000 already mapped failed -16 [ 1379.915776] Call Trace: [ 1379.927703] dump_stack+0x1db/0x2d0 [ 1379.931338] ? dump_stack_print_info.cold+0x20/0x20 [ 1379.936366] ? is_bpf_text_address+0xac/0x170 [ 1379.937657] binder: BINDER_SET_CONTEXT_MGR already set [ 1379.940869] should_fail.cold+0xa/0x15 [ 1379.940890] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1379.940913] ? ___might_sleep+0x1e7/0x310 [ 1379.940929] ? arch_local_save_flags+0x50/0x50 [ 1379.940969] __should_failslab+0x121/0x190 [ 1379.957226] binder: 7573:7574 ioctl 40046207 0 returned -16 [ 1379.959978] should_failslab+0x9/0x14 [ 1379.959996] kmem_cache_alloc+0x2be/0x710 [ 1379.960011] ? __save_stack_trace+0x8a/0xf0 [ 1379.960033] __alloc_file+0x93/0x480 [ 1379.960048] ? file_free_rcu+0xe0/0xe0 [ 1379.960064] ? save_stack+0xa9/0xd0 [ 1379.973962] binder_alloc: 7573: binder_alloc_buf, no vma [ 1379.974550] ? save_stack+0x45/0xd0 [ 1380.007002] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1380.012112] ? kasan_kmalloc+0x9/0x10 [ 1380.015903] ? ovl_path_upper+0x71/0x230 [ 1380.019992] ? iterate_dir+0x20d/0x5f0 [ 1380.023871] alloc_empty_file+0x72/0x170 [ 1380.027932] dentry_open+0x70/0x1d0 [ 1380.031566] ovl_path_open+0x56/0x70 [ 1380.035305] ovl_dir_read_merged+0x2a1/0xcf0 [ 1380.039703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1380.045224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1380.050748] ? check_preemption_disabled+0x48/0x290 [ 1380.055840] ? ovl_iterate+0x7a2/0xe60 [ 1380.059819] ? ovl_dir_open+0x310/0x310 [ 1380.063780] ? __lock_is_held+0xb6/0x140 [ 1380.067915] ? ovl_fill_plain+0x340/0x340 [ 1380.072073] ? rcu_read_lock_sched_held+0x110/0x130 [ 1380.077074] ? kmem_cache_alloc_trace+0x354/0x760 [ 1380.081919] ? ovl_test_flag+0x12/0x20 [ 1380.085826] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1380.090829] ovl_iterate+0x899/0xe60 [ 1380.094538] ? ovl_iterate_real+0xd70/0xd70 [ 1380.098959] ? down_read_killable+0x150/0x150 [ 1380.103533] ? security_file_permission+0x94/0x320 [ 1380.108449] iterate_dir+0x20d/0x5f0 [ 1380.112158] ksys_getdents64+0x245/0x4a0 [ 1380.116564] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1380.122114] ? __ia32_sys_getdents+0x520/0x520 [ 1380.126697] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1380.131263] ? iterate_dir+0x5f0/0x5f0 [ 1380.135142] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1380.140491] ? trace_hardirqs_off_caller+0x300/0x300 [ 1380.145580] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1380.150435] __x64_sys_getdents64+0x73/0xb0 [ 1380.154745] do_syscall_64+0x1a3/0x800 [ 1380.158634] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1380.163569] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1380.168576] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1380.173423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1380.178597] RIP: 0033:0x457e39 [ 1380.181777] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1380.200666] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1380.208358] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1380.215615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1380.222869] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1380.230138] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1380.237396] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:25:55 executing program 2 (fault-call:6 fault-nth:2): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2e2f76696c65302c6c6f7765726469f829e3c1c2eb987e302c776f726b6469723d2e2f66696c6531"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) 20:25:55 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x24]}}}], 0x0, 0x0, 0x0}) [ 1380.357721] overlayfs: unrecognized mount option "lowerdiø)ãÁÂë˜~0" or missing value 20:25:56 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="f5707065723d2e2f66bf02cc33248bd05cc11872f364"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:56 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1380.399526] overlayfs: unrecognized mount option "lowerdiø)ãÁÂë˜~0" or missing value [ 1380.490485] FAULT_INJECTION: forcing a failure. [ 1380.490485] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.519490] CPU: 1 PID: 7595 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1380.526619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1380.535969] Call Trace: [ 1380.538567] dump_stack+0x1db/0x2d0 [ 1380.542291] ? dump_stack_print_info.cold+0x20/0x20 [ 1380.547438] should_fail.cold+0xa/0x15 [ 1380.551349] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1380.556488] ? ___might_sleep+0x1e7/0x310 [ 1380.560772] ? arch_local_save_flags+0x50/0x50 [ 1380.565359] __should_failslab+0x121/0x190 [ 1380.569701] should_failslab+0x9/0x14 [ 1380.573517] kmem_cache_alloc_trace+0x2d1/0x760 [ 1380.578173] ? __might_sleep+0x95/0x190 [ 1380.582228] apparmor_file_alloc_security+0x172/0xad0 [ 1380.587406] ? __lock_is_held+0xb6/0x140 [ 1380.591459] ? apparmor_path_rename+0xcb0/0xcb0 [ 1380.596114] ? __alloc_file+0x93/0x480 [ 1380.599991] ? __alloc_file+0x93/0x480 [ 1380.603864] ? rcu_read_lock_sched_held+0x110/0x130 [ 1380.608873] ? kmem_cache_alloc+0x341/0x710 [ 1380.613194] security_file_alloc+0x69/0xb0 [ 1380.617417] __alloc_file+0x128/0x480 [ 1380.621209] ? file_free_rcu+0xe0/0xe0 [ 1380.625104] ? save_stack+0xa9/0xd0 [ 1380.628717] ? save_stack+0x45/0xd0 [ 1380.632336] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1380.637436] ? kasan_kmalloc+0x9/0x10 [ 1380.641255] ? ovl_path_upper+0x71/0x230 [ 1380.645305] ? iterate_dir+0x20d/0x5f0 [ 1380.649187] alloc_empty_file+0x72/0x170 [ 1380.653237] dentry_open+0x70/0x1d0 [ 1380.656854] ovl_path_open+0x56/0x70 [ 1380.660564] ovl_dir_read_merged+0x2a1/0xcf0 [ 1380.664970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1380.670505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1380.676034] ? check_preemption_disabled+0x48/0x290 [ 1380.681058] ? ovl_iterate+0x7a2/0xe60 [ 1380.684937] ? ovl_dir_open+0x310/0x310 [ 1380.688903] ? __lock_is_held+0xb6/0x140 [ 1380.692965] ? ovl_fill_plain+0x340/0x340 [ 1380.697109] ? rcu_read_lock_sched_held+0x110/0x130 [ 1380.702222] ? kmem_cache_alloc_trace+0x354/0x760 [ 1380.707053] ? ovl_test_flag+0x12/0x20 [ 1380.710930] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1380.715939] ovl_iterate+0x899/0xe60 [ 1380.719649] ? ovl_iterate_real+0xd70/0xd70 [ 1380.723959] ? down_read_killable+0x150/0x150 [ 1380.728445] ? security_file_permission+0x94/0x320 [ 1380.733389] iterate_dir+0x20d/0x5f0 [ 1380.737095] ksys_getdents64+0x245/0x4a0 [ 1380.741144] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1380.746688] ? __ia32_sys_getdents+0x520/0x520 [ 1380.751259] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1380.755828] ? iterate_dir+0x5f0/0x5f0 [ 1380.759707] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1380.765056] ? trace_hardirqs_off_caller+0x300/0x300 [ 1380.770148] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1380.774898] __x64_sys_getdents64+0x73/0xb0 [ 1380.779209] do_syscall_64+0x1a3/0x800 [ 1380.783108] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1380.788038] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1380.793057] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1380.797898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1380.803096] RIP: 0033:0x457e39 [ 1380.806278] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1380.825179] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1380.832883] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 20:25:56 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ae1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x30]}}}], 0x0, 0x0, 0x0}) [ 1380.840140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1380.847407] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1380.854663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1380.861922] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1380.869516] net_ratelimit: 20 callbacks suppressed [ 1380.869523] protocol 88fb is buggy, dev hsr_slave_0 [ 1380.879557] protocol 88fb is buggy, dev hsr_slave_1 [ 1380.884702] protocol 88fb is buggy, dev hsr_slave_0 [ 1380.889833] protocol 88fb is buggy, dev hsr_slave_1 [ 1380.892764] binder: 7607:7608 got transaction with invalid offset (48, min 0 max 40) or object. [ 1380.895083] protocol 88fb is buggy, dev hsr_slave_0 [ 1380.909035] protocol 88fb is buggy, dev hsr_slave_1 [ 1380.912351] binder_transaction: 8 callbacks suppressed [ 1380.912366] binder: 7607:7608 transaction failed 29201/-22, size 40-8 line 3097 [ 1380.934483] overlayfs: unrecognized mount option "õpper=./f¿Ì3$‹Ð\Áród" or missing value [ 1380.955878] overlayfs: unrecognized mount option "õpper=./f¿Ì3$‹Ð\Áród" or missing value [ 1380.992949] binder: BINDER_SET_CONTEXT_MGR already set [ 1381.004192] binder: 7607:7611 got transaction with invalid offset (48, min 0 max 40) or object. [ 1381.023400] binder: 7607:7608 ioctl 40046207 0 returned -16 20:25:56 executing program 2 (fault-call:6 fault-nth:3): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:56 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003761e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x440, 0x0) unlinkat(r0, &(0x7f0000000180)='./file0\x00', 0x200) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000380)='./file0/f.le.\x00', r0, &(0x7f00000007c0)='./file1\x00') inotify_add_watch(r1, &(0x7f0000000240)='./file1\x00', 0x100) getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) [ 1381.148391] binder: 7607:7611 transaction failed 29201/-22, size 40-8 line 3097 20:25:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x48]}}}], 0x0, 0x0, 0x0}) 20:25:56 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:56 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1381.268882] protocol 88fb is buggy, dev hsr_slave_0 [ 1381.270512] overlayfs: filesystem on './file0' not supported as upperdir [ 1381.273984] protocol 88fb is buggy, dev hsr_slave_1 20:25:57 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1381.315766] binder: 7622:7625 got transaction with invalid offset (72, min 0 max 40) or object. 20:25:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469f23d2e2f66696c65302c6c6f77657264697a3d2e3a66694965302c776f726b6469723d2e2f66696c6531"]) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x2, [0x0, 0x0]}, &(0x7f0000000180)=0xc) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000340)={0x3, 0x200, 0x1, 0x9, 0x1, 0x2, 0x0, 0xfffffffffffffffd, r1}, 0x20) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) 20:25:57 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:57 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1381.398871] binder: 7622:7625 transaction failed 29201/-22, size 40-8 line 3097 [ 1381.420763] binder_alloc: binder_alloc_mmap_handler: 7622 20ffc000-20ffe000 already mapped failed -16 [ 1381.438974] binder: BINDER_SET_CONTEXT_MGR already set [ 1381.444384] binder: 7622:7625 ioctl 40046207 0 returned -16 [ 1381.484181] binder_alloc: 7622: binder_alloc_buf, no vma [ 1381.485955] overlayfs: unrecognized mount option "upperdiò=./file0" or missing value [ 1381.499033] binder_release_work: 8 callbacks suppressed [ 1381.499040] binder: undelivered TRANSACTION_ERROR: 29201 [ 1381.510718] binder: 7622:7635 transaction failed 29189/-3, size 40-8 line 3035 [ 1381.523151] overlayfs: unrecognized mount option "upperdiò=./file0" or missing value [ 1381.524110] binder: undelivered TRANSACTION_ERROR: 29189 [ 1381.616033] FAULT_INJECTION: forcing a failure. [ 1381.616033] name failslab, interval 1, probability 0, space 0, times 0 [ 1381.634249] CPU: 0 PID: 7645 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1381.641359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1381.650721] Call Trace: [ 1381.653307] dump_stack+0x1db/0x2d0 [ 1381.656939] ? dump_stack_print_info.cold+0x20/0x20 [ 1381.662042] ? ovl_dir_read_merged+0x2a1/0xcf0 [ 1381.666623] ? ovl_iterate+0x899/0xe60 [ 1381.670505] ? iterate_dir+0x20d/0x5f0 [ 1381.674505] ? ksys_getdents64+0x245/0x4a0 [ 1381.678827] ? __x64_sys_getdents64+0x73/0xb0 [ 1381.683323] should_fail.cold+0xa/0x15 [ 1381.687220] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1381.692354] ? ___might_sleep+0x1e7/0x310 [ 1381.696506] ? arch_local_save_flags+0x50/0x50 [ 1381.701092] ? mark_held_locks+0x100/0x100 [ 1381.705327] ? rcu_read_unlock_special+0x380/0x380 [ 1381.710277] __should_failslab+0x121/0x190 [ 1381.714522] should_failslab+0x9/0x14 [ 1381.718329] kmem_cache_alloc_trace+0x2d1/0x760 [ 1381.723006] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1381.728549] ext4_readdir+0x2268/0x3590 [ 1381.732535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1381.738079] ? __lock_is_held+0xb6/0x140 [ 1381.742162] ? apparmor_capable+0x6d0/0x6d0 [ 1381.746496] ? __ext4_check_dir_entry+0x350/0x350 [ 1381.751359] ? ___might_sleep+0x1e7/0x310 [ 1381.755514] ? lock_release+0xc40/0xc40 [ 1381.759512] ? down_read_killable+0x90/0x150 [ 1381.763920] ? iterate_dir+0xd8/0x5f0 [ 1381.767720] ? down_write+0x130/0x130 [ 1381.771544] ? security_file_permission+0x94/0x320 [ 1381.776481] iterate_dir+0x489/0x5f0 [ 1381.780202] ovl_dir_read_merged+0x42b/0xcf0 [ 1381.784621] ? ovl_dir_open+0x310/0x310 [ 1381.788598] ? __lock_is_held+0xb6/0x140 [ 1381.792657] ? ovl_fill_plain+0x340/0x340 [ 1381.796823] ? rcu_read_lock_sched_held+0x110/0x130 [ 1381.801841] ? kmem_cache_alloc_trace+0x354/0x760 [ 1381.806682] ? ovl_test_flag+0x12/0x20 [ 1381.810573] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1381.815595] ovl_iterate+0x899/0xe60 [ 1381.819331] ? ovl_iterate_real+0xd70/0xd70 [ 1381.823669] ? down_read_killable+0x150/0x150 [ 1381.828168] ? security_file_permission+0x94/0x320 [ 1381.828845] protocol 88fb is buggy, dev hsr_slave_0 [ 1381.833114] iterate_dir+0x20d/0x5f0 [ 1381.838152] protocol 88fb is buggy, dev hsr_slave_1 [ 1381.841811] ksys_getdents64+0x245/0x4a0 [ 1381.841825] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1381.841842] ? __ia32_sys_getdents+0x520/0x520 [ 1381.841857] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1381.865541] ? iterate_dir+0x5f0/0x5f0 [ 1381.869559] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1381.874926] ? trace_hardirqs_off_caller+0x300/0x300 [ 1381.880035] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1381.884894] __x64_sys_getdents64+0x73/0xb0 [ 1381.889240] do_syscall_64+0x1a3/0x800 [ 1381.893138] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1381.898077] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1381.903107] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1381.907959] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1381.913144] RIP: 0033:0x457e39 [ 1381.916683] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1381.935699] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1381.943425] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1381.951245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1381.958611] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1381.965882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1381.973152] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:25:57 executing program 2 (fault-call:6 fault-nth:4): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:57 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:57 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:57 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x4c]}}}], 0x0, 0x0, 0x0}) 20:25:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065e06469723d2e2f66696c65302c6c6f2cfc28d369515c0aa57765726469723d2e3a26696c65302c776f726b6469"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1382.060794] overlayfs: unrecognized mount option "uppeàdir=./file0" or missing value [ 1382.090737] binder: 7654:7656 transaction failed 29201/-22, size 40-8 line 3097 20:25:57 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003af1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.112635] overlayfs: unrecognized mount option "uppeàdir=./file0" or missing value [ 1382.129845] binder_alloc: binder_alloc_mmap_handler: 7654 20ffc000-20ffe000 already mapped failed -16 20:25:57 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:57 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003771e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.164107] binder: BINDER_SET_CONTEXT_MGR already set 20:25:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000000340)=""/67) mount$overlay(0x400000, &(0x7f0000000000)='.//ile0\x00', &(0x7f0000000180)='overlay\x00', 0x3fffffffffc, &(0x7f0000001dc0)=ANY=[@ANYRESHEX, @ANYPTR64=&(0x7f0000001f00)=ANY=[@ANYRES16=r0, @ANYRESHEX=r0, @ANYPTR64=&(0x7f0000001e40)=ANY=[@ANYBLOB="165d0ad38cfdb10198782f4fc121c1d0b89839d9cebc6bc3a62dfc77f977e6f73e894c42fae55bf1a8e9fdaec58a3823baba7c0f84101d2d441d96932b85cab599aaef823c77d9e90f1c7be1eb3302bcc577c2fd46ab4ed3357689f9cea04695faaf43b1cd8f9816cb1b33e589bdb34066881a7024d27e0d0ecf4880c8c5a0b8354ec3cec3298c6b078627ac6b5dfb483f05", @ANYRES64=r0, @ANYRES16, @ANYPTR64], @ANYRES16=r0, @ANYRESHEX=r0], @ANYRESDEC=r0, @ANYPTR64=&(0x7f00000019c0)=ANY=[@ANYRESHEX=r0, @ANYRESDEC=r0, @ANYRES64, @ANYRESOCT=r0, @ANYBLOB="f4088adf2d8d9a5a2d5dde425bc5da5d25a69a80d7bff9a8f55ebbfe6b26bbc5551c9c5eb646d2f6b27bfcd764a905e23d816b3cfb0268789f9a856b43478036d086acd052bed591f5f24af0e73eb8bd6b93ed5921587bf1f7e4849c031e56b7baa72e08753b5feec2e80cea5d65c3ca35b19d0ab9f05191cfd91f6665a3c42c1ac48d5d921faffec9539de98e867c8d481988d5a802cf4db1c8604074a42a09ca9fde7fbf595bd0eacf5a2cfd310b95623a2b0131087732fcefaf307078a40a82645cfc84ab", @ANYPTR=&(0x7f0000001940)=ANY=[@ANYBLOB="29c9ac4e580df70d423dcead8545d4f79821caeba631caf0029b381cb05c0c2fcc77826abb180fb9fada878f6815b59fb07fb3539e9941b58d3d0e1045b12f9989e9a176a5ed81307c86a95ccffc78240115ca498c0c2b0e3ea86dc1b350da83c493dbd1233da96a", @ANYPTR, @ANYPTR]], @ANYPTR64, @ANYPTR=&(0x7f0000001b00)=ANY=[@ANYPTR], @ANYPTR=&(0x7f0000001c40)=ANY=[@ANYRES32=r0, @ANYRES64=r0, @ANYPTR64=&(0x7f0000001bc0)=ANY=[@ANYRESOCT=r0, @ANYRES32=r0, @ANYRESDEC=0x0, @ANYRES64=0x0, @ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRES16], @ANYRES32=r0]]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1382.184614] binder: 7654:7656 ioctl 40046207 0 returned -16 [ 1382.193805] FAULT_INJECTION: forcing a failure. [ 1382.193805] name failslab, interval 1, probability 0, space 0, times 0 [ 1382.215212] binder: undelivered TRANSACTION_ERROR: 29201 20:25:57 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.259217] CPU: 1 PID: 7662 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1382.266430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1382.266436] Call Trace: [ 1382.266457] dump_stack+0x1db/0x2d0 [ 1382.266477] ? dump_stack_print_info.cold+0x20/0x20 [ 1382.266494] ? ext4_issue_zeroout+0x170/0x170 [ 1382.266516] should_fail.cold+0xa/0x15 [ 1382.291551] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1382.291573] ? ___might_sleep+0x1e7/0x310 [ 1382.291589] ? arch_local_save_flags+0x50/0x50 20:25:57 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.291614] __should_failslab+0x121/0x190 [ 1382.291631] should_failslab+0x9/0x14 [ 1382.291646] __kmalloc+0x2dc/0x740 [ 1382.321272] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1382.325944] ? ext4_htree_store_dirent+0x8a/0x650 [ 1382.330789] ext4_htree_store_dirent+0x8a/0x650 [ 1382.330813] htree_dirblock_to_tree+0x391/0x840 [ 1382.330839] ? dx_probe+0x1120/0x1120 [ 1382.330854] ? __x64_sys_getdents64+0x73/0xb0 [ 1382.330868] ? ovl_path_open+0x56/0x70 [ 1382.340182] ? iterate_dir+0x20d/0x5f0 [ 1382.340196] ? ksys_getdents64+0x245/0x4a0 [ 1382.340212] ? print_usage_bug+0xd0/0xd0 [ 1382.340243] ext4_htree_fill_tree+0x2c3/0xd60 [ 1382.340258] ? add_lock_to_list.isra.0+0x450/0x450 [ 1382.340278] ? do_split+0x2070/0x2070 [ 1382.340289] ? ext4_readdir+0x2268/0x3590 [ 1382.340305] ? __lock_is_held+0xb6/0x140 [ 1382.386188] ? ext4_readdir+0x2268/0x3590 [ 1382.390342] ? rcu_read_lock_sched_held+0x110/0x130 [ 1382.395365] ? kmem_cache_alloc_trace+0x354/0x760 [ 1382.400244] ext4_readdir+0x1916/0x3590 [ 1382.404254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1382.404289] ? __ext4_check_dir_entry+0x350/0x350 [ 1382.404305] ? ___might_sleep+0x1e7/0x310 [ 1382.404323] ? lock_release+0xc40/0xc40 [ 1382.404350] ? iterate_dir+0xd8/0x5f0 [ 1382.414690] ? down_write+0x130/0x130 [ 1382.414713] ? security_file_permission+0x94/0x320 [ 1382.414737] iterate_dir+0x489/0x5f0 [ 1382.414755] ovl_dir_read_merged+0x42b/0xcf0 [ 1382.414784] ? ovl_dir_open+0x310/0x310 [ 1382.414800] ? __lock_is_held+0xb6/0x140 [ 1382.414814] ? ovl_fill_plain+0x340/0x340 [ 1382.455610] ? rcu_read_lock_sched_held+0x110/0x130 [ 1382.460642] ? kmem_cache_alloc_trace+0x354/0x760 [ 1382.465488] ? ovl_test_flag+0x12/0x20 [ 1382.469378] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1382.474399] ovl_iterate+0x899/0xe60 [ 1382.478121] ? ovl_iterate_real+0xd70/0xd70 [ 1382.482441] ? down_read_killable+0x150/0x150 [ 1382.486941] ? security_file_permission+0x94/0x320 [ 1382.491874] iterate_dir+0x20d/0x5f0 [ 1382.495591] ksys_getdents64+0x245/0x4a0 [ 1382.499653] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1382.505189] ? __ia32_sys_getdents+0x520/0x520 [ 1382.509769] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1382.514434] ? iterate_dir+0x5f0/0x5f0 [ 1382.518319] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1382.523675] ? trace_hardirqs_off_caller+0x300/0x300 [ 1382.528774] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1382.533646] __x64_sys_getdents64+0x73/0xb0 [ 1382.537981] do_syscall_64+0x1a3/0x800 [ 1382.541871] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1382.546804] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1382.551826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1382.556673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1382.561962] RIP: 0033:0x457e39 [ 1382.565149] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1382.584127] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1382.591845] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1382.599117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1382.606500] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1382.613766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1382.621032] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:25:58 executing program 2 (fault-call:6 fault-nth:5): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:58 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x60]}}}], 0x0, 0x0, 0x0}) 20:25:58 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:58 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = openat(r0, &(0x7f0000000000)='./file1\x00', 0x400002, 0x120) getsockopt$nfc_llcp(r1, 0x118, 0x1, &(0x7f0000000340)=""/196, 0xc4) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000180)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) 20:25:58 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.716264] binder_transaction: 1 callbacks suppressed [ 1382.716276] binder: 7678:7679 got transaction with invalid offset (96, min 0 max 40) or object. 20:25:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:58 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.768493] binder: 7678:7679 transaction failed 29201/-22, size 40-8 line 3097 [ 1382.791522] binder_alloc: binder_alloc_mmap_handler: 7678 20ffc000-20ffe000 already mapped failed -16 [ 1382.805053] overlayfs: workdir and upperdir must reside under the same mount 20:25:58 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = syz_open_dev$amidi(&(0x7f00000004c0)='/dev/amidi#\x00', 0x4d8, 0x24480) write$P9_RREADLINK(r0, &(0x7f0000000500)={0x10, 0x17, 0x2, {0x7, './file1'}}, 0x10) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000400)={0x0, 0x9, 0x80, 0x8}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000480)={0x9, 0x200, 0x8, 0x1, r2}, 0x10) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getresuid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)=0x0) mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000180)='overlay\x00', 0x1000000, &(0x7f0000000580)=ANY=[@ANYBLOB="78696e6f3d6f66662c78696e6f3d6f6e2c78696e6f3d6f66662c72656469726563745f6469723d2e2f66696c65312c75707065726469723d2e2f2f696c65302c736d61636b66736465663d6f7665726c6179002c646f6e745f686173682c736d61636b66736465663d2c7375626a5f747970653d2c666f776e65723e537874ee4dbc1d4c33e3df6e9a2512098e55fab48d3f02b7f6083c14dbfcf5511fad0be65414e71ae44466298a0f46f7ad11e7d3d80e97a43bb26f7c6b54fd6c8f07e5d354236a2b479fad0d8cd22595485dbc516a2e2a07c6c1ce0019904c541d2389f62ca69ee24b5d9865c0528c805f3cd81be553f6bac6e61ebdf02a0d940b60962f209cb67c15e80d99efe45a205a6cddd101f95d414a0b0ff465defa5f1138680426ebc1b8c0d83e41ef500867a4d066fe923895a484d1c551eb5676feda6eac99bcf4f203e1e3aadb9d", @ANYRESDEC=r4, @ANYBLOB=',defcontext=root,\x00']) renameat(r3, &(0x7f0000000240)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r3, &(0x7f0000000280)=""/28, 0x1c) 20:25:58 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1382.827890] binder: BINDER_SET_CONTEXT_MGR already set [ 1382.836746] FAULT_INJECTION: forcing a failure. [ 1382.836746] name failslab, interval 1, probability 0, space 0, times 0 [ 1382.848228] binder: 7678:7679 ioctl 40046207 0 returned -16 [ 1382.859096] binder_alloc: 7678: binder_alloc_buf, no vma [ 1382.864590] binder: 7678:7690 transaction failed 29189/-3, size 40-8 line 3035 [ 1382.904006] binder: undelivered TRANSACTION_ERROR: 29201 [ 1382.911791] CPU: 0 PID: 7693 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1382.919025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1382.919161] binder: undelivered TRANSACTION_ERROR: 29189 [ 1382.928369] Call Trace: [ 1382.936381] dump_stack+0x1db/0x2d0 [ 1382.940007] ? dump_stack_print_info.cold+0x20/0x20 [ 1382.945126] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1382.945142] ? print_usage_bug+0xd0/0xd0 [ 1382.954542] should_fail.cold+0xa/0x15 [ 1382.958433] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1382.963527] ? ___might_sleep+0x1e7/0x310 [ 1382.967657] ? arch_local_save_flags+0x50/0x50 [ 1382.972235] __should_failslab+0x121/0x190 [ 1382.976541] should_failslab+0x9/0x14 [ 1382.980322] __kmalloc+0x2dc/0x740 [ 1382.983846] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1382.988498] ? ext4_htree_store_dirent+0x8a/0x650 [ 1382.993326] ext4_htree_store_dirent+0x8a/0x650 [ 1382.997979] htree_dirblock_to_tree+0x391/0x840 [ 1383.002751] ? dx_probe+0x1120/0x1120 [ 1383.006533] ? __x64_sys_getdents64+0x73/0xb0 [ 1383.011015] ? ovl_path_open+0x56/0x70 [ 1383.014973] ? iterate_dir+0x20d/0x5f0 [ 1383.018842] ? ksys_getdents64+0x245/0x4a0 [ 1383.023056] ? print_usage_bug+0xd0/0xd0 [ 1383.027103] ext4_htree_fill_tree+0x2c3/0xd60 [ 1383.031578] ? add_lock_to_list.isra.0+0x450/0x450 [ 1383.036488] ? do_split+0x2070/0x2070 [ 1383.040285] ? ext4_readdir+0x2268/0x3590 [ 1383.044434] ? __lock_is_held+0xb6/0x140 [ 1383.048483] ? ext4_readdir+0x2268/0x3590 [ 1383.052622] ? rcu_read_lock_sched_held+0x110/0x130 [ 1383.057622] ? kmem_cache_alloc_trace+0x354/0x760 [ 1383.062467] ext4_readdir+0x1916/0x3590 [ 1383.066423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1383.071963] ? __ext4_check_dir_entry+0x350/0x350 [ 1383.076789] ? ___might_sleep+0x1e7/0x310 [ 1383.080921] ? lock_release+0xc40/0xc40 [ 1383.084883] ? iterate_dir+0xd8/0x5f0 [ 1383.088675] ? down_write+0x130/0x130 [ 1383.092459] ? security_file_permission+0x94/0x320 [ 1383.097368] iterate_dir+0x489/0x5f0 [ 1383.101065] ovl_dir_read_merged+0x42b/0xcf0 [ 1383.105458] ? ovl_dir_open+0x310/0x310 [ 1383.109437] ? __lock_is_held+0xb6/0x140 [ 1383.113493] ? ovl_fill_plain+0x340/0x340 [ 1383.117638] ? rcu_read_lock_sched_held+0x110/0x130 [ 1383.122666] ? kmem_cache_alloc_trace+0x354/0x760 [ 1383.127513] ? ovl_test_flag+0x12/0x20 [ 1383.131387] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1383.136394] ovl_iterate+0x899/0xe60 [ 1383.140101] ? ovl_iterate_real+0xd70/0xd70 [ 1383.144423] ? down_read_killable+0x150/0x150 [ 1383.148910] ? security_file_permission+0x94/0x320 [ 1383.153832] iterate_dir+0x20d/0x5f0 [ 1383.157554] ksys_getdents64+0x245/0x4a0 [ 1383.161701] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1383.167231] ? __ia32_sys_getdents+0x520/0x520 [ 1383.171802] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1383.176370] ? iterate_dir+0x5f0/0x5f0 [ 1383.180251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.185605] ? trace_hardirqs_off_caller+0x300/0x300 [ 1383.190696] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1383.195444] __x64_sys_getdents64+0x73/0xb0 [ 1383.199767] do_syscall_64+0x1a3/0x800 [ 1383.203667] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1383.208611] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1383.213619] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1383.218454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.223632] RIP: 0033:0x457e39 [ 1383.226827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1383.246000] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 20:25:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x68]}}}], 0x0, 0x0, 0x0}) [ 1383.253707] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1383.261052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1383.268309] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1383.275564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1383.282820] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1383.335017] binder: 7702:7703 got transaction with invalid offset (104, min 0 max 40) or object. [ 1383.366765] overlayfs: unrecognized mount option "smackfsdef=overlay" or missing value [ 1383.376597] binder: 7702:7703 transaction failed 29201/-22, size 40-8 line 3097 20:25:59 executing program 2 (fault-call:6 fault-nth:6): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:59 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1383.394376] binder_alloc: binder_alloc_mmap_handler: 7702 20ffc000-20ffe000 already mapped failed -16 [ 1383.408098] binder: BINDER_SET_CONTEXT_MGR already set [ 1383.413703] binder: 7702:7703 ioctl 40046207 0 returned -16 [ 1383.414798] overlayfs: filesystem on './file0' not supported as upperdir [ 1383.420345] overlayfs: unrecognized mount option "smackfsdef=overlay" or missing value [ 1383.435405] binder_alloc: 7702: binder_alloc_buf, no vma [ 1383.441212] binder: 7702:7708 transaction failed 29189/-3, size 40-8 line 3035 20:25:59 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6c]}}}], 0x0, 0x0, 0x0}) [ 1383.485913] binder: undelivered TRANSACTION_ERROR: 29189 [ 1383.492009] binder: undelivered TRANSACTION_ERROR: 29201 20:25:59 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x2001, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000340)=r1) sendto$inet6(r0, &(0x7f0000000800)="10ab745c4a132ec7ce7097ec5143b505625e37dc1f4dd4376c1b3317dce315f2853221e79469ebc644b7ecc4b4dc69a2e85e15f842e9a83210babf3102b3e1b8f7999f517e2ea9d7164a80a5e12385658e73d035bdeee1363b0388ba3f50fdcc75c5e6633e9f142f0e9f87bce272f7a6b0c67114bd14dc17142e3ca767434e35c2adfd7fa5c28fb40104b221e5d4859fb132c7a81c2dd6f3e81597f4d3f086a1d56377038fe7ca7ba820e880bf53773ccc3982ffd788635c06e5ff98e668f5eb6ee69ed1b5b94caa531d518ec073d8858f8361b1071eb1c371925fbfe55b2dd9606440b93717be34b538ac922d5db6b89a8cce3209c7078c995e08b6dc846c9ecf96da9e20b1e591fd14072acf169b6e70cca067602bf6d9a36cecd98d86a3ad233926516482bc4ae07b50ec32564d34dd5db9e6e5b405ae4c14d08d4e6482815046db805e9a5d9d3ed6b4c2302f5c0705809532a971daf27e6e0491b09fa5586e2f3504f22cc7a0a8bffcb89fd5dc05c8c2cb55b5b7b7de3cdb13bd8b024e10753d488373d16f07757c4298315ad5bc0e3e6f0ac50f887a473729832ed674abb2c9a481a673f93f56904b599ca4b0be4837eb210f82e18e076eb13bca5a1ce999f8dbb2988874078a675594d53456cbda55e825aef93ee5087796960c7951b729cc7347e94df93a8840d007e8c9df262239ed61c2e4bfc58de9a3e1e6df33c394fb810c38cd682c38a4c4116fefd66de9aa90cd04ac4612b87e3f6fa2be77fd336b57a930160399540830ed9a8a1506f5802ff4058a428f1778489b6983ecb3174fadc015320b7466fa89b02a8635852359c207912a46854ff1a7f0eff2066cb37adde045d739a863155a55d465a508b7a50b5452c76333bbdcd7d89cb5c86237e9a960bfa17efb9528a0c799f5a5366e8a358a6c1b0380c234ae444c1213cd55ae8fee386ee69fc4c8dd0aa7b33b021e82fe616f88aa3443df4a8baa9a7125842e9a29c023b1f02d8e2b94adc100ccaf0b0d99c675a08935c60ebdd7246a1878d8d48de83dad3fe9bb997b6a921803e9f0748f74bf40e24f2034a3f86f6bb58a9a3c7c498d6067e6766a62355e1bfffc16fb59959c2a6f12373caa7a65db4453887c45875057992f0a0d00e27a430680941d5ec8e1da752bb4c81548c763766b353a660cc4bff7c7c30b75f81f3c863fe681b7881dbea5d36eb065349625041bfef7e3b876bc4399561b77078a60763953e13e0b3cb1dc144feee8dc7813c941def770d70e1144ae0bc80a2ee9e9a6c0f1cf8e14c450cb1066b6ef2b1c77f57c490b9425c9b9415776f7de73a91a184eebe0395f1361640ec8598daa4c0caa325386f18d372852f43f98ea61879f39e84f8450e17801edcc404bb696fbd1760af78e806a367c1606775f4018ade17957e8e2999d71b8f577133ec752de3ecbcc8d721b036dfe97729b7ad148a92eb4ec75bb4cfe2b1b67d698b134bd5247b5f8d8c993e209a3b4d668cc12dfd130b6993bae2a3fc5355f10c5a11a7933316cd3f4db06acc11c63b6fcbcb1df28ee86af5897fd4bcb894ce16aa5f2552ce3d182c0f2ba84f04af74a977f20540a030fafaccbfc90ff8975c2d9c6bd367e8893e191fd12550fd506e4453d8972f27f084970d2fcfa199e28bdf7a7328e1b9d01f56eb2e5c12038b6c59916e07560a19a4e3f519cbf6b4e0833ff67e6d07a16cd932bcb261198bbc47a681e2ef34f55c4503da8d8b8f16ae32ecb17349f29ead62292b043f2607397166d08e5ab3b3240003f82fa9c6eb73f4bb4bbac522b7a3627e7d61b0883117cbd551de67b8ee15c4ecbefe1a3aea24277bc26256bb9ceb2e2879f7c6fb01b49f6012c5ef6be1ff7c005728f088293d97be525a43749eaa98e6ec99667ed051f1baa410bac92371b5d48844fc5eca36c84ea9fb5204bdd7920ecd4e08aab3370c24bcdda51702be0e87d1a8756af5f5c2f8742f986304e57972bf2534ce798b87fcfd9a83879850928fff0c6f42f8501bbad5a8650d669ea3e83d7dec0ba1165ecc86da052caa2dce777253a0380c60c2476ff4a779b65bd9845220a137bafe85f4f766e7131f050217569d763c274d0146951fba7061897a247ad7fe7ca3619eff7d6461d89d0aac8f221c507432b84fdcd5c34012331ae8a0cd4a7c456b00eb542932f556c44c8220820352e69e81f4517e2c733873813b0d5bd7d18cb0197810fa688ad0bf2b70266d881f4719ee78a42b8c35ac83429ef4f86dcc685999950db253e5118c24192700867081fe27d325a7294eaea5d03a9cf6388bdc4841507febce85e4fffcaefdc38d30ca6130a0874808a2d982624b8b111fc91fa6435c5fb9a21cbb7e6e893455531198247a97e21e953dc69e658fe03069c8710923bfd785e3aae3f5d1843d68023aa4a07f3cf91bbc2cc359b249dda31aa2b4d7710a3a49654557baa146a6442b3099cf171c2250dadedfac5d2e11f87bfe638c8591552f2c3ee260f61087444a89986f2f41197296462bb8bc5187ad7e2e540f9f01d14aed194a3bd7feddca89413135fe40d1c2964a96b3ad7f4ed2e31ceea2e63886446d517884b895058ad756e83af2f63994346b297e21549b3aacae26808b454922763ff8c083569714a224b7dc4e44e0c877869cc4fea29698c10ea199ca0d25040ed22cb47abcf98b106366006fbd22e2427a12d02e2518f58a88327ef090b34d376484c90e72a2a41197f24d3e01beaa0d16bb56074575ddbbd1e1ea26353c02d96e6138443a08253cc882b7d16269d2d7f858cb87e0517b70bceddbaca3f9d6c0c33f81583a2b76188598aaaa797e69e1c84a3d241405cb78f9aa15571409cce45267303edd1d1e57cee6b3a840670d8439a57104ee5df530562aaebdebd7e377b2f0498733c3db5db63ab4c1e661c5f256dfa6156c510e6bc0fc3fcbe33848b9a959abb5c4d5ec492f442ba42ccd960eddc2f1fedd0fed8953fa59d9e2739e061cf8241aa076a78b10e0dec0682b1c62887303b93413d190e79fc8b7a27e23bdce5ae9571f24a9fba7ad338e2b8b51873755bdff8808c15cad137f8880b79b6d13294e4054929114d19220f794bc4f82d3f7c757f36b007079f18be24bb4029f1ea2ef6f3e55fc4e4dd019cd5bdc654178043172e13040b11900d418415e2858bce8456a85a3eebc3b1e1e8c33ebf2799a5591dce35b3b4f282bec06fa3310769d36a8c6686968dd012e24bd4922aefabaf0dcb02f1d86d6d8c81a738fc65aa8682f77053246602fd4f699ebb70784004b0ca29354d6de8e028dbbcf0c3fd71b4a1170fcbbb07c3f0580134bee4403179955b6c9d7bd51dabcbbd9cd095be9d4e13ec91286214a7711b3299ae35509d421c5a475a24df4d5df208fe0a1a30835bcc44b0296fe9d22d22d8e099965046e5481f868a5f217c6da4a836c047fe8b2ffcc1e430502e02844d80675b224fbf686814a92eb8f3f4f3b521d6640c7228f7ba48b1dff181d3538463fc0c3043b892be3a18205c7270aefd7aa16e25feb477e3c8efe6c6c40a4171970814b33a0a27b8d066a737b2e66feba1eaf3f8113670e6354147f976cd3317569fdb5a4303721e34dfe3c36253acefb4459e94bfc0d5be34506c8444a4f6990a98cdd629e42f133b75756bdb71d1db0a33dd58dd8474fcc64ecbedaef5426ad38253d7611af55873584f2772965e92ae72755ab38658ec99483e6e61510c170541a2406d0237a5243a7607b519091b0711562c6dcbcc47b5cd8397dabbb1093f2665277a56f0552d9b753956a6e2f01e97141d22eadc7f047bd3e823b370b05feb029aa7eb675f1cafb52e28c44229eb1f8e9502b08feaa9bfb19930a40200a2285915d29baf28f6dbf31d0b8f4c4f10dd24ef6c209d4153ab0a6afc2ceb81355c5a243e7229d3c2c07073dc8edc79691f148d690b3dbb9cd5afd148ff0091fa1b36b8f03f75ed5cb577f7017d6c4bd57a5a1c8334eda01527c543874731ae8b890364e9d64119d66263708f553403da8eadaf5bb4b2b469e3cfb4579e23b3c3cd729c807729cd1994847fa1a178002b432585decaee5fe5dadfe5b543a840dd82049f4a5e3565b89b3916dccede8dbe3e3d07ebf4842f15785edd0ab36973bac282ce6d717c9770ea1bf17fbae48cc630e962982ef70764f9567dfd46ffe325dc7c544e9c7f37eca1f7a806cf7e2d4c2f80c137f5ff54f04411cad59ae075c39955df3245cdea3203e491e78e970afeac4289982e67f3d81f4addef38b22530a97474365268bdc7dd0b2be669d194b8f6a358af6d6eebb7f2119f7660dc5de1c542634cd2735265ca8ea2c63bb522685f27a8e0e8fabd9f3ba6f8cb5402d048e2aa9ed416f328b8358437b43644ab50faaf021960ba0909bd29287bd1c7cc0cee41e7ba826c831b111b829bc789c59eb7c583d2f05d5f0e618dfa4cd4b9ce9f079d688851e9223fc89d423962325d867c16c360201c69b525207dbad267e8258b1466ec1b07c0a58be4394edc8f73a7971b5f53e16d42e63cd8cae7c125b70f1a074b7c8d876b60b420c9145bd9ad559b362fdba68819802a1058fa12e6846eef70eec36f9b238e674cc7e3dfb6e78619c6c2abff8c82b8b69bbe4c9898d63163d4bddf8983958f4e58a083d129d0bc44c7975f12d16d399ac62fdf56193080ba904a4417cc8b9a6d213a64b88ac87c705a4414dbbd1d111764be47c93c574ac175fa448f10f0989259b28817a412ae6cd117be725746d4c3a080649fb87a07aa1eed7442347dca7a3005b7574b31eb207babf3f73e0959cae364829b5884e0d46fb5c248deba1486588e77b9208e48fa23219d76f2fe4a040c24896a10bee789e1009aa13af3cb1996b0d3efd54277d33b701a9fcf70a375403bd87290524119339bd77daf87d66abb7a6b5fc250fa349fe5166aed6c45409ad60cbd9cb62f593a818d100b41b4b940ec27d8a0a5c2acf75ce2489eb19bec44577b4d5270aa09e834332797fd6dd3a71b7830255e061bc66cebd790e88ee6cb55e782b44fac39991633df4abd0f3043ccfe5d846660017cc740436bbdcfac37f7d4442d4d62d14f8d8ae2c5f021f5a84b4cdfd43b048d4b0e28ab83e80fe36f48ea3b3cd5bc23e00769262f1f24dfef86ea35347070ab03cd5be32dec70db19a66693b52cf62e84c87e6649a3d4e76da9a038bec1e3087d4f9dbc057df6bb7f23e37a896971f398f738919eab34cf3cc15ace1560b8968bfa6154ab43b0f44211819bbbe231b9bbf5f38722ea82bff7db0262372e09069d068c35dcbee86465084f242e6257989d2837008d2d35e282d3383e1a2233461c9ba1aa79c167d437fbbe8ec0c531d612e377e908443d7f2693330ac1fa07c5683c16a06a7e3a469d8fdd9de834780d6743fa7342f09dafafe0b1c0300aeae36874bcbcf8cbe81f893ddfe5e1f355d1ef4037db67f9241c741bd68a2cb4672994fa8d17657da6bdb3f5e3e4b5059ed84a2b97ac4112376884f21a140bf91983ba401a3b9468b9eb0ecedd0366b42b01f547e5286ec85991157d5ff05b319c517298a33c845aba38a5b572dc8f08835803c1deaead9e104f6d083b888d38d5420a566990d7726ed44fa06112481d0ad683003d95d175bde1faf969cdcca702ac64aeec31907cb565237a775be6170379bc604e6aeff14541f3ddc16fb3765d7bb93b9f29fed73241070c3e49fd02ac1447b73cdb9d44dbfd840beb94d137996c462d82475aacb97dbbff05c45c02133b6140b9c62841e9f6c0", 0x1000, 0x10, &(0x7f00000002c0)={0xa, 0x4e20, 0xe9, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, 0x1c) r2 = getuid() r3 = getgid() fchownat(r1, &(0x7f00000003c0)='.//ile0\x00', r2, r3, 0x1000) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r4) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='./file0\x00') ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000380)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302e6c7a7765726469723d2e3a661f0000e2ac74e7896aeeff723d2e2f66696c91524931d8f181385169c5eb933625d00cf09f25131771bafe57cc6963a736c1a7d170953d4eeed5efe70187dc4484995e2478447db9dedea43df0e53745da88c5ce3da728ec84f948d83d06c4a024ac0b6509b91352004adafaf3668c952c27812b6777ee6062c4fb8a09c8b6d8a37b65c400c0fc8e62475cf5cdb325c0d2cd97cd4b7d509665e37150072f4d576fb7ad74df9c38d003a108"]) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r5, &(0x7f0000000240)='.//ile0\x00', r5, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r5, &(0x7f0000000280)=""/28, 0x1c) 20:25:59 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003781e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1383.537207] binder: 7718:7719 got transaction with invalid offset (108, min 0 max 40) or object. [ 1383.571077] binder: 7718:7719 transaction failed 29201/-22, size 40-8 line 3097 [ 1383.594093] FAULT_INJECTION: forcing a failure. [ 1383.594093] name failslab, interval 1, probability 0, space 0, times 0 [ 1383.620539] binder_alloc: binder_alloc_mmap_handler: 7718 20ffc000-20ffe000 already mapped failed -16 [ 1383.629633] CPU: 1 PID: 7723 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 20:25:59 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1383.637035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1383.646391] Call Trace: [ 1383.648994] dump_stack+0x1db/0x2d0 [ 1383.652645] ? dump_stack_print_info.cold+0x20/0x20 [ 1383.657703] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.659286] binder: BINDER_SET_CONTEXT_MGR already set [ 1383.663087] ? print_usage_bug+0xd0/0xd0 [ 1383.663111] should_fail.cold+0xa/0x15 [ 1383.663142] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1383.663168] ? ___might_sleep+0x1e7/0x310 [ 1383.675440] binder_alloc: 7718: binder_alloc_buf, no vma 20:25:59 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1383.676377] ? arch_local_save_flags+0x50/0x50 [ 1383.676406] __should_failslab+0x121/0x190 [ 1383.676425] should_failslab+0x9/0x14 [ 1383.676439] __kmalloc+0x2dc/0x740 [ 1383.676457] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1383.695321] binder: 7718:7725 ioctl 40046207 0 returned -16 [ 1383.695727] ? ext4_htree_store_dirent+0x8a/0x650 [ 1383.709349] binder: undelivered TRANSACTION_ERROR: 29201 [ 1383.711936] ext4_htree_store_dirent+0x8a/0x650 [ 1383.711959] htree_dirblock_to_tree+0x391/0x840 [ 1383.711985] ? dx_probe+0x1120/0x1120 [ 1383.712000] ? __x64_sys_getdents64+0x73/0xb0 [ 1383.712014] ? ovl_path_open+0x56/0x70 [ 1383.722288] binder: undelivered TRANSACTION_ERROR: 29189 [ 1383.722542] ? iterate_dir+0x20d/0x5f0 [ 1383.722555] ? ksys_getdents64+0x245/0x4a0 [ 1383.722569] ? print_usage_bug+0xd0/0xd0 [ 1383.722589] ext4_htree_fill_tree+0x2c3/0xd60 [ 1383.722602] ? add_lock_to_list.isra.0+0x450/0x450 [ 1383.776785] ? do_split+0x2070/0x2070 [ 1383.780573] ? ext4_readdir+0x2268/0x3590 [ 1383.784709] ? __lock_is_held+0xb6/0x140 [ 1383.788765] ? ext4_readdir+0x2268/0x3590 [ 1383.792916] ? rcu_read_lock_sched_held+0x110/0x130 [ 1383.797928] ? kmem_cache_alloc_trace+0x354/0x760 [ 1383.802768] ext4_readdir+0x1916/0x3590 [ 1383.806725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1383.812275] ? __ext4_check_dir_entry+0x350/0x350 [ 1383.817118] ? ___might_sleep+0x1e7/0x310 [ 1383.821249] ? lock_release+0xc40/0xc40 [ 1383.825231] ? iterate_dir+0xd8/0x5f0 [ 1383.829013] ? down_write+0x130/0x130 [ 1383.832813] ? security_file_permission+0x94/0x320 [ 1383.837744] iterate_dir+0x489/0x5f0 [ 1383.841467] ovl_dir_read_merged+0x42b/0xcf0 [ 1383.845870] ? ovl_dir_open+0x310/0x310 [ 1383.849831] ? __lock_is_held+0xb6/0x140 [ 1383.853875] ? ovl_fill_plain+0x340/0x340 [ 1383.858025] ? rcu_read_lock_sched_held+0x110/0x130 [ 1383.863029] ? kmem_cache_alloc_trace+0x354/0x760 [ 1383.867864] ? ovl_test_flag+0x12/0x20 [ 1383.871740] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1383.876742] ovl_iterate+0x899/0xe60 [ 1383.880446] ? ovl_iterate_real+0xd70/0xd70 [ 1383.884765] ? down_read_killable+0x150/0x150 [ 1383.889246] ? security_file_permission+0x94/0x320 [ 1383.894175] iterate_dir+0x20d/0x5f0 [ 1383.897898] ksys_getdents64+0x245/0x4a0 [ 1383.901941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1383.907462] ? __ia32_sys_getdents+0x520/0x520 [ 1383.912043] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1383.916635] ? iterate_dir+0x5f0/0x5f0 [ 1383.920512] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.925859] ? trace_hardirqs_off_caller+0x300/0x300 [ 1383.930955] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1383.935702] __x64_sys_getdents64+0x73/0xb0 [ 1383.940013] do_syscall_64+0x1a3/0x800 [ 1383.943887] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1383.949061] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1383.954065] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1383.958895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1383.964065] RIP: 0033:0x457e39 [ 1383.967241] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1383.986330] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1383.994018] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1384.001355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1384.008614] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1384.015964] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1384.023215] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:25:59 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="24000ec01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 2 (fault-call:6 fault-nth:7): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:25:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x74]}}}], 0x0, 0x0, 0x0}) 20:25:59 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) syz_init_net_socket$x25(0x9, 0x5, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) openat$cgroup_ro(r0, &(0x7f0000000000)='cgroup.events\x00', 0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:Zile0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:25:59 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1384.201784] overlayfs: failed to resolve 'Zile0': -2 [ 1384.216058] binder: 7746:7747 got transaction with invalid offset (116, min 0 max 40) or object. 20:25:59 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1384.276973] overlayfs: failed to resolve 'Zile0': -2 [ 1384.280249] binder_alloc: binder_alloc_mmap_handler: 7746 20ffc000-20ffe000 already mapped failed -16 20:25:59 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:25:59 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:00 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file4,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1384.320218] binder: BINDER_SET_CONTEXT_MGR already set [ 1384.326767] binder: 7746:7747 ioctl 40046207 0 returned -16 [ 1384.339753] binder_alloc: 7746: binder_alloc_buf, no vma [ 1384.345521] binder: undelivered TRANSACTION_ERROR: 29201 20:26:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x7a]}}}], 0x0, 0x0, 0x0}) 20:26:00 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1384.456752] overlayfs: failed to resolve 'file4': -2 [ 1384.485406] FAULT_INJECTION: forcing a failure. [ 1384.485406] name failslab, interval 1, probability 0, space 0, times 0 [ 1384.508477] binder: 7767:7768 got transaction with invalid offset (122, min 0 max 40) or object. [ 1384.509365] overlayfs: failed to resolve 'file4': -2 [ 1384.521047] CPU: 0 PID: 7762 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1384.530025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1384.539599] Call Trace: [ 1384.542190] dump_stack+0x1db/0x2d0 [ 1384.545825] ? dump_stack_print_info.cold+0x20/0x20 [ 1384.550844] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1384.556210] ? print_usage_bug+0xd0/0xd0 [ 1384.560276] should_fail.cold+0xa/0x15 [ 1384.564169] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1384.569281] ? ___might_sleep+0x1e7/0x310 [ 1384.573430] ? arch_local_save_flags+0x50/0x50 [ 1384.578028] __should_failslab+0x121/0x190 [ 1384.582272] should_failslab+0x9/0x14 [ 1384.586073] __kmalloc+0x2dc/0x740 [ 1384.589616] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1384.594295] ? ext4_htree_store_dirent+0x8a/0x650 [ 1384.599141] ext4_htree_store_dirent+0x8a/0x650 [ 1384.603816] htree_dirblock_to_tree+0x391/0x840 [ 1384.608499] ? dx_probe+0x1120/0x1120 [ 1384.612307] ? __x64_sys_getdents64+0x73/0xb0 [ 1384.616803] ? ovl_path_open+0x56/0x70 [ 1384.620695] ? iterate_dir+0x20d/0x5f0 [ 1384.624630] ? ksys_getdents64+0x245/0x4a0 [ 1384.628878] ? print_usage_bug+0xd0/0xd0 [ 1384.632945] ext4_htree_fill_tree+0x2c3/0xd60 [ 1384.637444] ? add_lock_to_list.isra.0+0x450/0x450 [ 1384.642401] ? do_split+0x2070/0x2070 [ 1384.646208] ? ext4_readdir+0x2268/0x3590 [ 1384.650362] ? __lock_is_held+0xb6/0x140 [ 1384.654436] ? ext4_readdir+0x2268/0x3590 [ 1384.658592] ? rcu_read_lock_sched_held+0x110/0x130 [ 1384.663621] ? kmem_cache_alloc_trace+0x354/0x760 [ 1384.668477] ext4_readdir+0x1916/0x3590 [ 1384.672466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1384.678020] ? __ext4_check_dir_entry+0x350/0x350 [ 1384.682894] ? ___might_sleep+0x1e7/0x310 [ 1384.687046] ? lock_release+0xc40/0xc40 [ 1384.691053] ? iterate_dir+0xd8/0x5f0 [ 1384.694859] ? down_write+0x130/0x130 [ 1384.698671] ? security_file_permission+0x94/0x320 [ 1384.703606] iterate_dir+0x489/0x5f0 [ 1384.707329] ovl_dir_read_merged+0x42b/0xcf0 [ 1384.711750] ? ovl_dir_open+0x310/0x310 [ 1384.715724] ? __lock_is_held+0xb6/0x140 [ 1384.719846] ? ovl_fill_plain+0x340/0x340 [ 1384.724005] ? rcu_read_lock_sched_held+0x110/0x130 [ 1384.729023] ? kmem_cache_alloc_trace+0x354/0x760 [ 1384.733871] ? ovl_test_flag+0x12/0x20 [ 1384.737758] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1384.742805] ovl_iterate+0x899/0xe60 [ 1384.746543] ? ovl_iterate_real+0xd70/0xd70 [ 1384.750876] ? down_read_killable+0x150/0x150 [ 1384.755374] ? security_file_permission+0x94/0x320 [ 1384.760302] iterate_dir+0x20d/0x5f0 [ 1384.764018] ksys_getdents64+0x245/0x4a0 [ 1384.768074] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1384.773613] ? __ia32_sys_getdents+0x520/0x520 [ 1384.778310] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1384.782887] ? iterate_dir+0x5f0/0x5f0 [ 1384.786780] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1384.792142] ? trace_hardirqs_off_caller+0x300/0x300 [ 1384.797247] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1384.802201] __x64_sys_getdents64+0x73/0xb0 [ 1384.806540] do_syscall_64+0x1a3/0x800 [ 1384.810447] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1384.815374] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1384.820394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1384.825244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1384.830556] RIP: 0033:0x457e39 [ 1384.833750] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1384.852658] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1384.860367] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1384.867635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1384.874904] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1384.882172] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1384.889639] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1384.926902] binder_alloc: binder_alloc_mmap_handler: 7767 20ffc000-20ffe000 already mapped failed -16 20:26:00 executing program 2 (fault-call:6 fault-nth:8): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:00 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:00 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:00 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:00 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x2200, 0x0) getsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000180)) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) lsetxattr$security_evm(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='security.evm\x00', &(0x7f00000004c0)=ANY=[@ANYBLOB="041236ba6463230ee8e5acc565d7574bd8246af572f2cc3ed433a76e0262da53aab598380ea80be71f4d391e0f06a6a77602f055623ab5a56608b041ed75968410a64efe0f2e1d02467b06402a7d3b15146ab30bbefab8e36f2ca5d94d9b9b2856ab1730e1c270aba680fe8a6580bc24ca3fd745bc7ab230a5ba911aca830dfca7f92923019d268b74688ca34f19ee0000000000000000005f74ee41a5e797e66b075233dad36614dfe7d263045867d6494cb66ce0fafed8ae74ce240672b26c4e7177cd16f665af110169e760"], 0x8, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowe2dir=.:file0,workdir=.?file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) [ 1384.937201] binder: BINDER_SET_CONTEXT_MGR already set [ 1384.950784] binder: 7767:7768 ioctl 40046207 0 returned -16 [ 1384.982398] binder_alloc: 7767: binder_alloc_buf, no vma [ 1384.985806] Unknown ioctl -1073457625 20:26:00 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:00 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1385.025928] overlayfs: unrecognized mount option "lowe2dir=.:file0" or missing value [ 1385.064351] Unknown ioctl -1073457625 20:26:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x300]}}}], 0x0, 0x0, 0x0}) 20:26:00 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003791e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1385.083791] overlayfs: unrecognized mount option "lowe2dir=.:file0" or missing value 20:26:00 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:00 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1385.133257] FAULT_INJECTION: forcing a failure. [ 1385.133257] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.155464] binder: 7804:7805 got transaction with invalid offset (768, min 0 max 40) or object. [ 1385.188044] CPU: 1 PID: 7788 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1385.195201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1385.204646] Call Trace: [ 1385.207242] dump_stack+0x1db/0x2d0 [ 1385.210902] ? dump_stack_print_info.cold+0x20/0x20 [ 1385.215940] ? __lock_is_held+0xb6/0x140 [ 1385.220025] should_fail.cold+0xa/0x15 [ 1385.223926] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1385.229043] ? ___might_sleep+0x1e7/0x310 [ 1385.233197] ? arch_local_save_flags+0x50/0x50 [ 1385.237816] ? ext4_htree_store_dirent+0x445/0x650 [ 1385.237840] __should_failslab+0x121/0x190 [ 1385.237856] should_failslab+0x9/0x14 [ 1385.249859] binder: BINDER_SET_CONTEXT_MGR already set [ 1385.250787] __kmalloc+0x2dc/0x740 [ 1385.259692] ? dx_probe+0x1120/0x1120 [ 1385.259707] ? __x64_sys_getdents64+0x73/0xb0 [ 1385.259721] ? ovl_cache_entry_new+0x3f/0x550 [ 1385.259739] ovl_cache_entry_new+0x3f/0x550 [ 1385.276807] ? print_usage_bug+0xd0/0xd0 [ 1385.278993] binder: 7804:7813 got transaction with invalid offset (768, min 0 max 40) or object. [ 1385.280876] ovl_fill_merge+0x56c/0xea0 [ 1385.280893] ? ext4_htree_fill_tree+0x240/0xd60 [ 1385.280909] ? ovl_fill_plain+0x340/0x340 [ 1385.302584] ? do_split+0x2070/0x2070 [ 1385.306387] ? ext4_readdir+0x2268/0x3590 [ 1385.306710] binder: 7804:7805 ioctl 40046207 0 returned -16 [ 1385.310537] ? __lock_is_held+0xb6/0x140 [ 1385.310557] ? ext4_readdir+0x2268/0x3590 [ 1385.310576] call_filldir+0x398/0x630 [ 1385.310597] ext4_readdir+0x2816/0x3590 [ 1385.332266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1385.337823] ? __ext4_check_dir_entry+0x350/0x350 [ 1385.342668] ? ___might_sleep+0x1e7/0x310 [ 1385.346813] ? lock_release+0xc40/0xc40 [ 1385.346841] ? iterate_dir+0xd8/0x5f0 [ 1385.346855] ? down_write+0x130/0x130 [ 1385.358433] ? security_file_permission+0x94/0x320 [ 1385.363373] iterate_dir+0x489/0x5f0 [ 1385.367090] ovl_dir_read_merged+0x42b/0xcf0 [ 1385.371521] ? ovl_dir_open+0x310/0x310 [ 1385.375502] ? __lock_is_held+0xb6/0x140 [ 1385.379563] ? ovl_fill_plain+0x340/0x340 [ 1385.383720] ? rcu_read_lock_sched_held+0x110/0x130 [ 1385.388739] ? kmem_cache_alloc_trace+0x354/0x760 [ 1385.393575] ? ovl_test_flag+0x12/0x20 [ 1385.397458] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1385.402485] ovl_iterate+0x899/0xe60 [ 1385.406199] ? ovl_iterate_real+0xd70/0xd70 [ 1385.410522] ? down_read_killable+0x150/0x150 [ 1385.415019] ? security_file_permission+0x94/0x320 [ 1385.419945] iterate_dir+0x20d/0x5f0 [ 1385.423662] ksys_getdents64+0x245/0x4a0 [ 1385.427716] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1385.433253] ? __ia32_sys_getdents+0x520/0x520 [ 1385.437866] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1385.442447] ? iterate_dir+0x5f0/0x5f0 [ 1385.446342] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1385.451812] ? trace_hardirqs_off_caller+0x300/0x300 [ 1385.456919] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1385.461691] __x64_sys_getdents64+0x73/0xb0 [ 1385.466012] do_syscall_64+0x1a3/0x800 [ 1385.469904] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1385.474836] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1385.479860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1385.484840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1385.490028] RIP: 0033:0x457e39 [ 1385.493221] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1385.512118] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1385.519825] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1385.527092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 20:26:00 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1385.534356] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1385.541648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1385.548913] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:01 executing program 2 (fault-call:6 fault-nth:9): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:01 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x141000, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:01 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x500]}}}], 0x0, 0x0, 0x0}) 20:26:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1385.645868] binder: 7824:7828 got transaction with invalid offset (1280, min 0 max 40) or object. 20:26:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1385.690012] binder_alloc: binder_alloc_mmap_handler: 7824 20ffc000-20ffe000 already mapped failed -16 20:26:01 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f0000000000)='.//ile0\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1385.751740] binder: BINDER_SET_CONTEXT_MGR already set [ 1385.757066] binder: 7824:7828 ioctl 40046207 0 returned -16 [ 1385.782158] FAULT_INJECTION: forcing a failure. [ 1385.782158] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.793802] binder_alloc: 7824: binder_alloc_buf, no vma [ 1385.816798] CPU: 0 PID: 7841 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1385.823937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1385.823943] Call Trace: [ 1385.823977] dump_stack+0x1db/0x2d0 [ 1385.823996] ? dump_stack_print_info.cold+0x20/0x20 [ 1385.844545] ? __lock_is_held+0xb6/0x140 [ 1385.848627] should_fail.cold+0xa/0x15 [ 1385.852530] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1385.852551] ? ___might_sleep+0x1e7/0x310 [ 1385.852565] ? arch_local_save_flags+0x50/0x50 [ 1385.866504] ? ext4_htree_store_dirent+0x445/0x650 [ 1385.871453] __should_failslab+0x121/0x190 [ 1385.875692] should_failslab+0x9/0x14 [ 1385.879500] __kmalloc+0x2dc/0x740 [ 1385.883162] ? dx_probe+0x1120/0x1120 [ 1385.886960] ? __x64_sys_getdents64+0x73/0xb0 [ 1385.891468] ? ovl_cache_entry_new+0x3f/0x550 [ 1385.896094] ovl_cache_entry_new+0x3f/0x550 [ 1385.900416] ? print_usage_bug+0xd0/0xd0 [ 1385.904493] ovl_fill_merge+0x56c/0xea0 [ 1385.904509] ? ext4_htree_fill_tree+0x240/0xd60 [ 1385.904524] ? ovl_fill_plain+0x340/0x340 [ 1385.917403] ? do_split+0x2070/0x2070 [ 1385.921219] ? ext4_readdir+0x2268/0x3590 [ 1385.925378] ? __lock_is_held+0xb6/0x140 [ 1385.925393] ? ext4_readdir+0x2268/0x3590 [ 1385.925409] call_filldir+0x398/0x630 [ 1385.937455] ext4_readdir+0x2816/0x3590 [ 1385.941443] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1385.947491] ? __ext4_check_dir_entry+0x350/0x350 [ 1385.952333] ? ___might_sleep+0x1e7/0x310 [ 1385.956483] ? lock_release+0xc40/0xc40 [ 1385.960482] ? iterate_dir+0xd8/0x5f0 [ 1385.964287] ? down_write+0x130/0x130 [ 1385.968104] ? security_file_permission+0x94/0x320 [ 1385.973039] iterate_dir+0x489/0x5f0 [ 1385.976756] ovl_dir_read_merged+0x42b/0xcf0 [ 1385.981183] ? ovl_dir_open+0x310/0x310 [ 1385.985164] ? __lock_is_held+0xb6/0x140 [ 1385.989228] ? ovl_fill_plain+0x340/0x340 [ 1385.993391] ? rcu_read_lock_sched_held+0x110/0x130 [ 1385.998466] ? kmem_cache_alloc_trace+0x354/0x760 [ 1386.003326] ovl_iterate+0x899/0xe60 [ 1386.007054] ? ovl_iterate_real+0xd70/0xd70 [ 1386.011371] ? down_read_killable+0x150/0x150 20:26:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.011393] ? security_file_permission+0x94/0x320 [ 1386.011433] iterate_dir+0x20d/0x5f0 [ 1386.011457] ksys_getdents64+0x245/0x4a0 [ 1386.028613] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1386.034160] ? __ia32_sys_getdents+0x520/0x520 [ 1386.038744] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1386.043330] ? iterate_dir+0x5f0/0x5f0 [ 1386.047222] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1386.052589] ? trace_hardirqs_off_caller+0x300/0x300 [ 1386.057701] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1386.062469] __x64_sys_getdents64+0x73/0xb0 [ 1386.066796] do_syscall_64+0x1a3/0x800 [ 1386.070684] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1386.070701] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1386.070722] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1386.070744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1386.070755] RIP: 0033:0x457e39 [ 1386.070769] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:26:01 executing program 2 (fault-call:6 fault-nth:10): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:01 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x8, 0x280a00) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b64692e2f66696c65311190586487ca52992bc07fe1945fc13442df537c13485671c04908f7ba1dbfee37fce23e43666305c70f5f100e0000"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x600]}}}], 0x0, 0x0, 0x0}) 20:26:01 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.070777] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1386.070790] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1386.070798] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1386.070805] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1386.070810] net_ratelimit: 22 callbacks suppressed [ 1386.070816] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1386.070820] protocol 88fb is buggy, dev hsr_slave_0 [ 1386.070826] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1386.070876] protocol 88fb is buggy, dev hsr_slave_1 [ 1386.070978] protocol 88fb is buggy, dev hsr_slave_0 [ 1386.071027] protocol 88fb is buggy, dev hsr_slave_1 [ 1386.155266] binder: 7861:7866 got transaction with invalid offset (1536, min 0 max 40) or object. [ 1386.176635] overlayfs: unrecognized mount option "workdi./file1Xd‡ÊR™+Àá”_Á4BßS|HVqÀI÷º¿î7üâ>CfcÇ_" or missing value 20:26:01 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:01 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.208363] overlayfs: unrecognized mount option "workdi./file1Xd‡ÊR™+Àá”_Á4BßS|HVqÀI÷º¿î7üâ>CfcÇ_" or missing value 20:26:01 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) close(r0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdorkdir=./bile1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.279863] binder_transaction: 9 callbacks suppressed [ 1386.279880] binder: 7861:7866 transaction failed 29201/-22, size 40-8 line 3097 20:26:02 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.334579] overlayfs: unrecognized mount option "lowerdorkdir=./bile1" or missing value [ 1386.372314] binder_alloc: binder_alloc_mmap_handler: 7861 20ffc000-20ffe000 already mapped failed -16 20:26:02 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.388726] overlayfs: unrecognized mount option "lowerdorkdir=./bile1" or missing value [ 1386.407557] FAULT_INJECTION: forcing a failure. [ 1386.407557] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.418961] binder: BINDER_SET_CONTEXT_MGR already set [ 1386.431773] binder: 7861:7866 ioctl 40046207 0 returned -16 [ 1386.433209] CPU: 1 PID: 7880 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1386.444595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1386.444602] Call Trace: [ 1386.444622] dump_stack+0x1db/0x2d0 [ 1386.444641] ? dump_stack_print_info.cold+0x20/0x20 [ 1386.465189] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1386.470552] ? __lock_is_held+0xb6/0x140 [ 1386.470567] ? print_usage_bug+0xd0/0xd0 [ 1386.470588] should_fail.cold+0xa/0x15 [ 1386.470607] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1386.470628] ? ___might_sleep+0x1e7/0x310 [ 1386.470643] ? arch_local_save_flags+0x50/0x50 [ 1386.478753] __should_failslab+0x121/0x190 [ 1386.478772] should_failslab+0x9/0x14 [ 1386.478787] __kmalloc+0x2dc/0x740 [ 1386.478806] ? dx_probe+0x1120/0x1120 [ 1386.478822] ? ovl_cache_entry_new+0x3f/0x550 [ 1386.516278] ovl_cache_entry_new+0x3f/0x550 [ 1386.520609] ovl_fill_merge+0x56c/0xea0 [ 1386.524591] ? ovl_fill_plain+0x340/0x340 [ 1386.528748] ? do_split+0x2070/0x2070 [ 1386.532550] ? ext4_readdir+0x2268/0x3590 [ 1386.536705] ? __lock_is_held+0xb6/0x140 [ 1386.540776] ? ext4_readdir+0x2268/0x3590 [ 1386.544932] call_filldir+0x398/0x630 [ 1386.548748] ext4_readdir+0x2816/0x3590 [ 1386.552726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1386.558280] ? __ext4_check_dir_entry+0x350/0x350 [ 1386.563124] ? ___might_sleep+0x1e7/0x310 [ 1386.567279] ? lock_release+0xc40/0xc40 [ 1386.571274] ? iterate_dir+0xd8/0x5f0 [ 1386.575080] ? down_write+0x130/0x130 [ 1386.578891] ? security_file_permission+0x94/0x320 [ 1386.583828] iterate_dir+0x489/0x5f0 [ 1386.587550] ovl_dir_read_merged+0x42b/0xcf0 [ 1386.591974] ? ovl_dir_open+0x310/0x310 [ 1386.595951] ? __lock_is_held+0xb6/0x140 [ 1386.600017] ? ovl_fill_plain+0x340/0x340 [ 1386.604176] ? rcu_read_lock_sched_held+0x110/0x130 [ 1386.609200] ? kmem_cache_alloc_trace+0x354/0x760 [ 1386.614049] ? ovl_test_flag+0x12/0x20 [ 1386.617939] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1386.622965] ovl_iterate+0x899/0xe60 [ 1386.626689] ? ovl_iterate_real+0xd70/0xd70 [ 1386.631014] ? down_read_killable+0x150/0x150 [ 1386.635521] ? security_file_permission+0x94/0x320 [ 1386.640455] iterate_dir+0x20d/0x5f0 [ 1386.644181] ksys_getdents64+0x245/0x4a0 [ 1386.648247] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1386.653787] ? __ia32_sys_getdents+0x520/0x520 [ 1386.658377] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1386.662960] ? iterate_dir+0x5f0/0x5f0 [ 1386.666857] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1386.672232] ? trace_hardirqs_off_caller+0x300/0x300 [ 1386.677342] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1386.682113] __x64_sys_getdents64+0x73/0xb0 [ 1386.686439] do_syscall_64+0x1a3/0x800 [ 1386.690329] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1386.695269] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1386.700295] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1386.705147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1386.710334] RIP: 0033:0x457e39 [ 1386.713546] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1386.732451] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1386.740161] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1386.747428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1386.754696] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1386.761964] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1386.769235] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:02 executing program 2 (fault-call:6 fault-nth:11): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:02 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:02 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:02 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x800, 0x40) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="75707065726469723ddd0dca08e4a90164106c6530ac6c6f7765726469723d2e3a66696c65302c776f726b6469723d2e2f666906653171d79ff53173ced713886ec6fef4305f089028b238203c317f701a056d1bb116fd25d17e3c5fe570aa15d006a42b670515cba8b59a669f6c589aa702ff5684f4e0daec91a76ab770830c585c50164c40e1f320fb6dc7b7d5d46f8a4fae099f867677cc721118bd2edf65b2"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000180)='./file0/f.le.\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:02 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x700]}}}], 0x0, 0x0, 0x0}) [ 1386.791030] binder_alloc: 7861: binder_alloc_buf, no vma [ 1386.798242] binder: 7861:7887 transaction failed 29189/-3, size 40-8 line 3035 [ 1386.811846] binder_release_work: 7 callbacks suppressed [ 1386.811860] binder: undelivered TRANSACTION_ERROR: 29201 [ 1386.827524] binder: undelivered TRANSACTION_ERROR: 29189 20:26:02 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.906740] overlayfs: missing 'lowerdir' [ 1386.910689] binder: 7892:7895 got transaction with invalid offset (1792, min 0 max 40) or object. 20:26:02 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:02 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1386.955069] binder: 7892:7895 transaction failed 29201/-22, size 40-8 line 3097 [ 1386.970579] overlayfs: missing 'lowerdir' [ 1386.992930] binder_alloc: binder_alloc_mmap_handler: 7892 20ffc000-20ffe000 already mapped failed -16 20:26:02 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:02 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000380)) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x8000000000000, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1387.037479] binder: BINDER_SET_CONTEXT_MGR already set [ 1387.051929] FAULT_INJECTION: forcing a failure. [ 1387.051929] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.066641] binder: 7892:7895 ioctl 40046207 0 returned -16 [ 1387.096868] binder_alloc: 7892: binder_alloc_buf, no vma [ 1387.104298] CPU: 0 PID: 7904 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1387.108851] protocol 88fb is buggy, dev hsr_slave_0 [ 1387.111439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1387.116489] protocol 88fb is buggy, dev hsr_slave_1 [ 1387.125783] Call Trace: [ 1387.125808] dump_stack+0x1db/0x2d0 [ 1387.125828] ? dump_stack_print_info.cold+0x20/0x20 [ 1387.125846] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1387.125863] ? __lock_is_held+0xb6/0x140 [ 1387.130971] protocol 88fb is buggy, dev hsr_slave_0 [ 1387.133434] ? print_usage_bug+0xd0/0xd0 [ 1387.137066] protocol 88fb is buggy, dev hsr_slave_1 [ 1387.142044] should_fail.cold+0xa/0x15 [ 1387.142063] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1387.142082] ? ___might_sleep+0x1e7/0x310 [ 1387.142098] ? arch_local_save_flags+0x50/0x50 [ 1387.147505] protocol 88fb is buggy, dev hsr_slave_0 [ 1387.151497] __should_failslab+0x121/0x190 [ 1387.151515] should_failslab+0x9/0x14 [ 1387.151528] __kmalloc+0x2dc/0x740 [ 1387.151548] ? dx_probe+0x1120/0x1120 [ 1387.156571] protocol 88fb is buggy, dev hsr_slave_1 [ 1387.160584] ? ovl_cache_entry_new+0x3f/0x550 [ 1387.160603] ovl_cache_entry_new+0x3f/0x550 [ 1387.160624] ovl_fill_merge+0x56c/0xea0 [ 1387.190048] binder: undelivered TRANSACTION_ERROR: 29201 [ 1387.192541] ? ovl_fill_plain+0x340/0x340 [ 1387.192561] ? do_split+0x2070/0x2070 [ 1387.196914] binder: 7892:7909 transaction failed 29189/-3, size 40-8 line 3035 [ 1387.199889] ? ext4_readdir+0x2268/0x3590 [ 1387.199909] ? __lock_is_held+0xb6/0x140 [ 1387.199926] ? ext4_readdir+0x2268/0x3590 [ 1387.199944] call_filldir+0x398/0x630 [ 1387.199967] ext4_readdir+0x2816/0x3590 [ 1387.199982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1387.200011] ? __ext4_check_dir_entry+0x350/0x350 [ 1387.200029] ? ___might_sleep+0x1e7/0x310 [ 1387.276669] ? lock_release+0xc40/0xc40 [ 1387.280645] ? iterate_dir+0xd8/0x5f0 [ 1387.284435] ? down_write+0x130/0x130 [ 1387.288228] ? security_file_permission+0x94/0x320 [ 1387.293147] iterate_dir+0x489/0x5f0 [ 1387.296858] ovl_dir_read_merged+0x42b/0xcf0 [ 1387.301264] ? ovl_dir_open+0x310/0x310 [ 1387.305227] ? __lock_is_held+0xb6/0x140 [ 1387.309275] ? ovl_fill_plain+0x340/0x340 [ 1387.313431] ? rcu_read_lock_sched_held+0x110/0x130 [ 1387.318436] ? kmem_cache_alloc_trace+0x354/0x760 [ 1387.323269] ? ovl_test_flag+0x12/0x20 [ 1387.327143] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1387.332151] ovl_iterate+0x899/0xe60 [ 1387.335858] ? ovl_iterate_real+0xd70/0xd70 [ 1387.340168] ? down_read_killable+0x150/0x150 [ 1387.344653] ? security_file_permission+0x94/0x320 [ 1387.349571] iterate_dir+0x20d/0x5f0 [ 1387.353276] ksys_getdents64+0x245/0x4a0 [ 1387.357336] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1387.362889] ? __ia32_sys_getdents+0x520/0x520 [ 1387.367483] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1387.372054] ? iterate_dir+0x5f0/0x5f0 [ 1387.375932] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1387.381284] ? trace_hardirqs_off_caller+0x300/0x300 [ 1387.386389] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1387.391136] __x64_sys_getdents64+0x73/0xb0 [ 1387.395449] do_syscall_64+0x1a3/0x800 [ 1387.399341] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1387.404434] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1387.409441] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1387.414306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1387.419484] RIP: 0033:0x457e39 [ 1387.422667] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:26:02 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1387.441555] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1387.449249] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1387.456508] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1387.463764] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1387.471018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1387.478274] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:03 executing program 2 (fault-call:6 fault-nth:12): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:03 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0xa00]}}}], 0x0, 0x0, 0x0}) 20:26:03 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:03 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000003c0)='./file0\x00', 0xa0) mount$overlay(0x400000, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYRESOCT=r0]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) lstat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000800), &(0x7f0000000840)=0x0, &(0x7f0000000880)) lstat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x5, &(0x7f0000000680)=[{&(0x7f0000000180)="6e73a210a9b3ce", 0x7}, {&(0x7f00000004c0)="0d6739708e1ad42042debcb09cebdfe1054fc15538db67db7806343ab17017b795549df9f90f44406389f30d070469087db9c0a1eff53a01a486f3a8bdbeca56f44b0e9af52fe96fef10714a393ef821383a62ee87ee584641c5b0b74b72e12869e3ae618bc5f35863c1bca620c849b47f53aa8bfd1a19480e880b007a360f43939790a3d000dd59f0b194468ef44ddc18e473611aaf5ca5c85569b967294434cbb429d34b72ef822ca23ee017cbf8ecbd8189f3cc66ae96daeb408dee", 0xbd, 0x200}, {&(0x7f0000000340)="e34191110129d02636172242fc1bebf994ef0091044e651f1374353ce73eb3b9bfa5f5f8c368895199aaf61846c1e8655ac77e4fb04bc06e708d96706c205d6d86da55d20c1ce2a8b64299462a6a6caad0933ff09374454183ad192a4fe58f5260a886fd10858d8f764ecb0aca461927f485", 0x72, 0x9}, {&(0x7f00000002c0)="c10e7c0ff4c8fe1363b15e3c4c7d585b7d", 0x11, 0x7fff}, {&(0x7f0000000580)="6c94e456a7f5ce33376eeeea1c457738eb4a50b4bab13fe59dcc2c4d67a1b2fad79c018f46b2a3b3ec00bf7281ab57e5458681c3d9703e924055c3aa02ac87683523c3df9f1da915458bafcd4bb24d0f4194d92f3866f1a52edaaa8c130723faf8ca3bd31259a5c28c784de48ca8ed37d601f5df8d605bcc096eb320ab9fe0ca08cda4602f8d267ebde63ba1f1ccb9e6eb201a0a2a25c9a9c428519d0d3229c398df10f05c08ad1838ceb04a10c2d83629cb9bca9fcefac29166c938f549fd75de35dab851c8fae8313d42246f1aba2d31059c132acf6b1264986f22e8067778ce8bf45780b0ba2502a38297411fcdbe08e676024ef1a1c87cefb205", 0xfc, 0x80000000}], 0x40000, &(0x7f0000000980)=ANY=[@ANYBLOB='quiet,quiet,fowner<', @ANYRESDEC=r2, @ANYBLOB, @ANYRESDEC=r3, @ANYBLOB=',defcontext=user_u,fowner>', @ANYRESDEC=r4, @ANYBLOB=',\x00']) open(&(0x7f0000000a00)='.//ile0\x00', 0x0, 0x40) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:03 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1387.551645] binder: undelivered TRANSACTION_ERROR: 29189 20:26:03 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1387.640733] binder: 7923:7924 transaction failed 29201/-22, size 40-8 line 3097 [ 1387.648257] overlayfs: unrecognized mount option "00000000000000000000003" or missing value [ 1387.655328] binder_alloc: binder_alloc_mmap_handler: 7923 20ffc000-20ffe000 already mapped failed -16 20:26:03 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:03 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1387.706835] binder: BINDER_SET_CONTEXT_MGR already set [ 1387.729093] binder: 7923:7924 ioctl 40046207 0 returned -16 [ 1387.739108] binder_alloc: 7923: binder_alloc_buf, no vma 20:26:03 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1387.772566] overlayfs: unrecognized mount option "00000000000000000000005" or missing value [ 1387.786182] binder: undelivered TRANSACTION_ERROR: 29201 [ 1387.796789] binder: 7923:7934 transaction failed 29189/-3, size 40-8 line 3035 20:26:03 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:03 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1387.831673] binder: undelivered TRANSACTION_ERROR: 29189 [ 1388.009825] FAULT_INJECTION: forcing a failure. [ 1388.009825] name failslab, interval 1, probability 0, space 0, times 0 [ 1388.027168] CPU: 1 PID: 7947 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1388.034278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1388.043631] Call Trace: [ 1388.046222] dump_stack+0x1db/0x2d0 [ 1388.049873] ? dump_stack_print_info.cold+0x20/0x20 [ 1388.054895] ? is_bpf_text_address+0xd3/0x170 [ 1388.059405] should_fail.cold+0xa/0x15 [ 1388.063312] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1388.068424] ? ___might_sleep+0x1e7/0x310 [ 1388.072574] ? arch_local_save_flags+0x50/0x50 [ 1388.077161] ? save_stack+0xa9/0xd0 [ 1388.080795] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1388.085897] ? kasan_kmalloc+0x9/0x10 [ 1388.089701] __should_failslab+0x121/0x190 [ 1388.093939] should_failslab+0x9/0x14 [ 1388.097738] kmem_cache_alloc+0x2be/0x710 [ 1388.101895] ? print_usage_bug+0xd0/0xd0 [ 1388.105965] __d_alloc+0xae/0xbe0 [ 1388.109419] ? add_lock_to_list.isra.0+0x450/0x450 [ 1388.114827] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 1388.119852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1388.125399] ? mark_held_locks+0x100/0x100 [ 1388.129633] ? __lock_is_held+0xb6/0x140 [ 1388.133704] d_alloc+0x99/0x420 [ 1388.136986] ? rcu_read_lock_sched_held+0x110/0x130 [ 1388.142007] ? __kmalloc+0x5d5/0x740 [ 1388.145721] ? __d_alloc+0xbe0/0xbe0 [ 1388.149446] ? add_lock_to_list.isra.0+0x450/0x450 [ 1388.154382] d_alloc_parallel+0x11b/0x1f10 [ 1388.158620] ? __d_lookup+0x560/0x960 [ 1388.162430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1388.167973] ? __d_lookup_rcu+0x990/0x990 [ 1388.172126] ? lock_downgrade+0x910/0x910 [ 1388.176285] ? kasan_check_read+0x11/0x20 [ 1388.180438] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 1388.185721] ? rcu_read_unlock_special+0x380/0x380 [ 1388.190656] ? lockdep_init_map+0x10c/0x5b0 [ 1388.194977] ? lockdep_init_map+0x10c/0x5b0 [ 1388.199305] ? __init_waitqueue_head+0x92/0x150 [ 1388.203974] ? init_wait_entry+0x1c0/0x1c0 [ 1388.208241] ? d_lookup+0x163/0x360 [ 1388.211877] __lookup_slow+0x1fa/0x560 [ 1388.215767] ? trace_hardirqs_off_caller+0x300/0x300 [ 1388.220871] ? vfs_unlink+0x500/0x500 [ 1388.224679] ? d_lookup+0x23c/0x360 [ 1388.228333] lookup_one_len+0x1de/0x230 [ 1388.232312] ? lookup_one_len_unlocked+0x100/0x100 [ 1388.237251] ? down_write_killable+0x8d/0x150 [ 1388.241750] ? down_read_killable+0x150/0x150 [ 1388.246264] ovl_check_whiteouts.isra.0+0x100/0x220 [ 1388.251313] ovl_dir_read_merged+0x9da/0xcf0 [ 1388.255738] ? ovl_dir_open+0x310/0x310 [ 1388.259711] ? __lock_is_held+0xb6/0x140 [ 1388.263774] ? ovl_fill_plain+0x340/0x340 [ 1388.267936] ? rcu_read_lock_sched_held+0x110/0x130 [ 1388.272956] ? kmem_cache_alloc_trace+0x354/0x760 [ 1388.277803] ? ovl_test_flag+0x12/0x20 [ 1388.281694] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1388.286720] ovl_iterate+0x899/0xe60 [ 1388.290448] ? ovl_iterate_real+0xd70/0xd70 [ 1388.294768] ? down_read_killable+0x150/0x150 [ 1388.299273] ? security_file_permission+0x94/0x320 [ 1388.304210] iterate_dir+0x20d/0x5f0 [ 1388.307940] ksys_getdents64+0x245/0x4a0 [ 1388.312005] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1388.317547] ? __ia32_sys_getdents+0x520/0x520 [ 1388.322132] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1388.326710] ? iterate_dir+0x5f0/0x5f0 [ 1388.330605] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1388.335967] ? trace_hardirqs_off_caller+0x300/0x300 [ 1388.341075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1388.345834] __x64_sys_getdents64+0x73/0xb0 [ 1388.350159] do_syscall_64+0x1a3/0x800 [ 1388.354051] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1388.358986] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1388.364011] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1388.368861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1388.374051] RIP: 0033:0x457e39 [ 1388.377252] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1388.396148] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1388.403858] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 20:26:04 executing program 2 (fault-call:6 fault-nth:13): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x2000]}}}], 0x0, 0x0, 0x0}) 20:26:04 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) statx(r0, &(0x7f0000000000)='.//ile0\x00', 0x6800, 0x800, &(0x7f0000000340)) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,w\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) 20:26:04 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1388.411123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1388.418388] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1388.425655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1388.432926] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1388.524356] overlayfs: unrecognized mount option "w" or missing value [ 1388.534269] binder_transaction: 1 callbacks suppressed [ 1388.534284] binder: 7955:7957 got transaction with invalid offset (8192, min 0 max 40) or object. [ 1388.557567] binder: 7955:7957 transaction failed 29201/-22, size 40-8 line 3097 20:26:04 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1388.570520] overlayfs: unrecognized mount option "w" or missing value [ 1388.599241] binder_alloc: binder_alloc_mmap_handler: 7955 20ffc000-20ffe000 already mapped failed -16 20:26:04 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x210000, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000340)={{0x2, 0x4e22, @remote}, {0x303, @local}, 0x10, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}, 'zkall\x00r0\x00'}) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file1\x00', 0x2000, 0x40) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r2) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000001a40)='./file0/f.le.\x00', &(0x7f0000001a80)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) write(r2, &(0x7f00000004c0)="1f8c4b07b4d505f7a7f48d52661e30e3bdda86f288c008afb00ea724dac79998475c2d627153e4a2266dda1cf82af97ebb8ef2b38b37193d515ecab14a2e00009d5599632d17ba5dab6c6856edc71034ad1a256a9c9c0b34ad1255f1fcfbc59b549b2d62334720574161856dc6b6222ffab65821ec96a0ec4d9e4ba6d6a428d4c0ab40031f587e", 0xfffffff5) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="757070657264697a3d2e2f66696c65304c6c6f7365df8a19483d2e6469723d2e2f66696c65310000000000000000000000"]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = fcntl$getown(r3, 0x9) fstat(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getgid() ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000640)=0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000680)={0x0, 0x0}, &(0x7f00000006c0)=0xc) r9 = getgid() ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000700)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000740)={0x0, 0x0}, &(0x7f0000000780)=0xc) stat(&(0x7f0000001800)='./file0/f.le.\x00', &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$unix(r3, &(0x7f00000019c0)={&(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000440)="358e14e7a82321ee1a087244066c4d8b96e1f149c9d04c41585b0a5194504c28714d9e44dfa11c0e9baaca3ec8e80a1e47b36d9e1979fed642688ac1e6e9b43e4472bbf1e1ed50cc94f482c7c94df9418c41bff607beddfc05ffa1724c47824a343bf13e40f5e061", 0x68}, {&(0x7f0000000800)="d63b84cc9cb11fb883da9b1e6ec7a0a9de9ebd1c2f31b206f071665a7511db5f4727255c8f0b8ff3c5e91bf92f6f28a21a380559d1790d43e3c90566bb7075176f542724be2880e61dee54e7e13879623393ea3f052a8400b7040e9213eab4fd1c4845132407bb0c3c9820aa3e12df925e66d08473e5217b1556b0beeea3f3379441f7814368d00f87796a1c570efb775b224b40978618c11978ecd88b14136b8f613238b41741351fd9c7250cebb29d8294abf492dbf4d26f1c604410cee8bbd7530d462811ba13cde60b3b330842478eb580a377ea95e997c10fdb3af279429938eef0b52dad5df8d72e168c85f20ecdf94ab9b5682c4667f1ab0a05de92fb12af835cc73b5fe2c4aa0480c854fbab1b458f2bb10e8da7cbb878e83efa13a75db924afc6f03a62b6fe198b353daa73a6a45588cee3ef321932c438f25969a65ea92bb9e408924b954293b653ec88a7b4c5ee8a52d5e2de918a56aad5a849ae104eb954dba236b8aee1821a141b68230648071b181baeaf998fff3eda22afab72bc767d1f703567e9b6d68e8c00d5597a16f926b2fa294ad57fa5f5136963b57356e7e69433b47bf56199431aed998131458362326a6f6221b67ab372ab37587426bd80b43d1cf8f2c89a84cbdc7e72136d9159505e9fc66674d51b62f3ee21ba532017eb4510b129309825ea15ef7b2676535725444194061bf81c3194f837153a47d64f975a750f373eec6361e9e38f62fcaccd15d9a3c166c7131c731f3a73034fae73657c2cc144b74e2ba684d48e476e63f439ab2c43a44fe51f29bf723df49d96150fa2e639d80fc13df1fbdcf3a52b75ed1ffad18c8a23f5a960ea5fe239918a3c718e65b92da9c4717552284cce6ae8868ea82629143cf82bf07baf4a2ca59627a80e7399b4882eae02c4cae4781548f62db41831ef1d92ff021745aea13ab74e33e046392967862e8dcc97495d96ed1118346b7f04f3ad2eceebb6c97758a769ee76abfb4260b8c5523e96be44aa3166d6b9324fa2878927be1413b30aefd5c2206d273fd0902c2a5d6b49430694b79e0307292a16082439fd817fdc59ae086e6779616dcd410508e3327accc02ed9b14469ca92707b4eba4b1cc0379da924bd8729a689cda2fa1b5fbaadeff4a7c798084e14edd020f141a5e91e0d7c372390a196a30371bbdc6b12388d6c88ad52ff415509d8e5e2159fcfec0e8b7701f2b14d02be7c910bec49a40b06a472644299c919591e3115e7bf841dafe1717e30d9c1f05e2442a07135d66421539fb4737a16da28a65dec7a8817a922731032fa5189794a5bc5a6707f87a9cc0a9d2c8c8c311172d18fd43d2f773bdce502b2729047d0e24d011f08c996f1f2fed19271c3189d103afa803ada75feb05235c2caa29b3ea3e926301389fd188e29ad31a2cfec6b43a6e4c5a4968d13dfa02bed28ea537efd8bc35a2212d27fb2c45fbbe072dec99b17e780b4b03f3ca6a18941e317cd3d5c922cf4472b39be2f2ec9f7fa835d4d8f1b5fe904ee0a8075010f0b920da9ba784486f50a063120109460d45d68d2359dbffc8eed71634a4dc7b35efce959b7644116d2457688b37c718723ce088bf1c32543a5285f69de7f0af420d7a816f5db9ed57f408e4459abf74fd5726a85ed34037428bf9bf548a116f036ca821cfd1300b61e2a6b83f39cc79e861f194b5b06d57eba4fd06ae78c059b2768fe1a96ca9f7a5445b3819f88aa50eb3900386dfaf78af94af944463c1ea368b919d18c37c5c3292f3d9f3fe229687db8f857b46f9206b92f15a143c730646480d5af32a46d0e6bf33162255d3c3619fe411ebefd017e7088f1fd88492a1d0725cee98ac5dd78a04607efd6faeb4cbaa7b9d1ff8cfe1ab51c063f4c713a1d9eba1bf1848c60ac8b13625953c47b95c7aa9514d2e48e4daa2e0888b0fd69426943c5e233a36a010296d0a3de160ef58d0f40532349d4bd658d919249eb191aace05631327b91c73ec1871916cd73b1bbb9e0f62ae3abbec6c1e5786266282f7365130129f1a6be5093d1d383b42ac343350bd726d6f9e3ccbef958917f14c991376d1c0ad797e06a04f3dc708cff6adec1321874b4fbb46114cad03181f92881c5faf197923d97fb2f215d6699dcd317e2d0f3fa3394b13db146e6c1b3f25c62cf4272a10f34397738b7bf6e4d645cf1f1b1e6210434414c9b6b6d3f0b60efa8a94612010cff2087391fe2ef871abc8fca3e6cf9c5bf5eb27bbb059f2830ad175d43f874e8b32f2d3f1a1ecd761f6bbf6da686342b71265022a17639f4f069beb2fd14115da7e86fbc01873a745d2423db218e7d4b8bebb5b2d60d4a809f50d9a5dd7dafb676c90491c650c277b411152f3ea4c04dda7acb2ccb088f18dd7f43c8629b6f6f6aa1c9cdf20688f6c7fc8cdc38489ee8ee34abc2f71b214b6888c02c8ec33c68edcb284247add40306379899c25edf2f1b3c09c96dd25b7a80204286d727f312897bf5f058247c29d1ce9aeb4ae8259a07665796246aff7c8a129e99ffce07faeab3dca9353a838952787b7c1a9d78768eef8848a29f4c74e98cc5ef0c48b1c17e8987ff1d0bf5ea5b4b29a8e2b30cf896f96b807d651e0e2b8276a99ccaa3be88e88df01afbe8c991ae660fb4f76807ef6c5e43e15de6fdda83eb951dd92ba23add1a8284c6d3762a0967ffd1bc1213dc187161ba8ad065926449f2c4ab535bc32c31bca2ac0735cc5af89276dd0aadd02ce50ad013c2fc9553cb3021c23120f9668e2e861fcd0baea42ad8dd357ffdbc14d0d155a203f138304051be6bec08e9f0cb7c65d6322f41f698017fb10c11255258bad59099ee1db318eecbf4d971f659fe90e3849fcf2b3cd9237d010b9ed1503cdb68ba8aa5584534adec73dacb5958f9286aa81f2940cd47aa7125a401ddb671d601c7b99752e3b0e99824751057f8f47c24132b4bdec84ef70780fcad75e09d52d04f8cef12dc10239a79464a9092298ddde3fffbe24265479d96fe3870c59ad4d6dcaeda25f47da88255069d4166a416034faa4b5acb759d7c3fdd5fe4867985efc4d13465d3b3ad11d2c9113363519043aa11eb22212f875ebe7013ba76a7edc142d538e3e3b73b8bebc6bdddfe6b00299e8ae16855c171b655eea34649882fa4bf13bd746c5628edee9327e62cd1d158901760165b0c61e03cb777f49fa3a189b056d2801a9b757f2f6882db2ae41f0a97084e0032e356928b41b4ebc286c999739c7c4f6f053cbeed7175409a1d2fe1f0b052a2e5216cf68a5cc8ff041af1448bf388b100fad56dae8e91cc06f9b983d6cac0ceea7d72477854914d60c2614e808dac6c214f251ffa9286286bd0f5764c785ebeadc75a0cbf144eb0e7284ef7dc5f8a0d80dc6415a591e8ec4c6fcf0f5a660053a1719746fbcc948cc9af47b550c393d81fbb81e52d005ce96b859790e5ae2d7f8e7c95611ecb5f0b9fe3cff562b83d6d98cbcb52027df9fc4766c2e8a90b67e649f26c32f3f3b5293c424d5d109c646454eade4be2f8288161cc0cf678353ec7db6c27e5ff026f3f578d8c5c29f5a9c55f4dd10d34987ba3255b454e91e6222c78ad125389dd38aec035b433cc949da1cb630419c4ac3b1a79f00de8667e4b217948e2713deb2d8a106b72d2e5e2e882e237dfd8e29346b8cb8180c777bb347e4a017a8779c0b4e425c1ce491dc5e874e7d9486721e94aeb4bf1a6e6ee50b9e84544cc272b9964d7654639af01f2d1a3f25bb4cee68b6da6aa1093f61705a058552a4e89b9a66e9e5e227096c9f1b9e4048b0abcbc0b248d8046d45ae19ca25b2617c301e2da753c86bd55e61dd4c10990b2160fa8695bf1342dc0b2f55d9b7fd3e06861503bedbe961c3d9f9684315b63f275c13990341cce52459c075bf630d9f1661d2842dcaefae6bbd1c8ac9b127a897efaae1136d390e8d0366e1417cbf4e7ac8f7e4852f24b121c8724c9c905e4b338fe1947ba371ac15f53bdaefcf3623d195a0767f385a2a995cdfc23f2b877a135d10565d1595ce1c403e946f8448f44181c905a87e55b6d0a301e493c4e19bf81a9effc9bdec844cc66526bc51b573d6cd4a9d5d50c71158b19836a9f29ed8203ba98a0d9fef495282a605394b7c45f523e2aae8b72c19b551fe99fb7a0522b97fc184b72759817a647608ac0a46177d282104d58844fe29554e88d08c3aa4b37bd946803e10d7c34a25f7b926fd1ebbfd624f619431a82259d127f6b1b5c37f50df339273a2e662b970597d8d3ccfa38708ecd1dfecc150896609b3316eb5bd6931d842b47349277a07ff52c2a8e10ea9cc50e1dd5b65fde33efab82b096bf3aaf0c77449a580dfbc6928baf13f850e62bf1cf71f679671e6fef211350dd4088fc522fe85451af9f0e033beace249f8734d374a429e7e83eedf8930c579160514cb40bfdad40a0bb9c164076b4fb2c130a8628aa5c147d7799faf00c907e5b563081e4ef4ffd7ffdf197ce8b1971cff341a5c62be96a67670e0c49d676eea43735d2706656f34163ccdb1e1d01a2cdb211bccc2f98366661c30c49fea77daadef46c5a38a476f6c883a5a2754e0877736257f83f6927462c3594311f85ca85b9a561919dc353ae793ca3b2d7c046aac1aeb361d8865d9efdf489be7bdc5ed6b7f47cb25b9e45a070e93202f7592eaf5cb86e93c1b2058978947540ffbcdda51f9305210051027712d3918a2b5590ff218beafa36dbb696ac914ac4e613056e121fbc26ec3f49bf0326cae652ec42445eb13e2edee33b0c8068bb9e4d6557a29935460a483411b81fac02105f003f3ef0d09506fd49c05d27e065e0465a68342a2d52405fc41d73d03547f6e36fce97b55e98756992f9924cfa158a8603bba7a1f8a6771f87cb2e6a5154048d65ba07c0c78f5955c1c3fe718115176c37c12376a20d57aaf8dc02ccb32fd16455e5ea7f87ca4267aab9010f4bee44cb63d00b320b0231f734fe50708c8828e8e3e41dc4e453ec045e5fa8ce62dc5a532aebdda6d9f926d6709d03e65e7f4a62dd533159c742d437ab81daf558763ac6a2a5656cf1217274cf2e3a2cd81007afd1a79c7b438a1f651bd427152452fda6878c860c14c412356441e22eb2292397b30d3edea1ecda25b855515564c2fefd3e4818d87b3669761275b2adff5de7c9db75423f5f4363dfff94efeb0e5784c1f6c079edfd48d9a15656bb23ba6b15f33fab4e601cfdc337d92c3be2c0565a47c0b05793088d80caba4199a04f350058aaa242dc756d4aa00670091c63e5605c1fc60c5374d38d0796617f9a87c28bcc6863d42efdcbb7b4bf75549bc7a33b62e2b13c1a006cba916429b7f3a71a7a5e3d33c34dd7d12e1a619c665e7dd55f9fd6881b529655ba42f89fc275a980f95bf5f79eef63a529be0dd6fec7f2a77df2e0883225c6227a79ada1495e9afaec88cf1a18c7c4ea61db9c155a6fc1092f8d7a576142dcd527e2b8c94d64b8d72abdec324d34c0769c9892033ed7b770a5fff68ac4335a5348796a59c53b8767b9572beda4d1460ff81b7c9cee4722405da4a68195d5458143b5e276a6c37d9983da52f5e204d8f77eb558ec034d6e7e5228f9adbe6d1c43e90380982f62aca6a94789050e08d2366c6405c7c2015bee8266af4d3c77227fb57fb2be8fb51e7444619b5db6dce97bd0d6c7f3895f006808e6349c8d01803e2b7cd1324689e2be86ab307a679ab375d64c8bf775b20831a07e19e4d4bcf34ef1b5e68f07b7b38163c45add49e3e2f0ab7c05f611438ac0ed31", 0x1000}], 0x2, &(0x7f00000018c0)=[@cred={0x20, 0x1, 0x2, r4, r5, r6}, @cred={0x20, 0x1, 0x2, r7, r8, r9}, @cred={0x20, 0x1, 0x2, r10, r11, r12}, @rights={0x28, 0x1, 0x1, [r2, r3, r0, r3, r3, r1]}, @rights={0x20, 0x1, 0x1, [r2, r0, r1, r2]}, @rights={0x28, 0x1, 0x1, [r3, r2, r2, r2, r2, r3]}], 0xd0, 0x4000}, 0x80) renameat(r3, &(0x7f0000000240)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r3, &(0x7f0000000280)=""/28, 0x1c) 20:26:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1388.678647] FAULT_INJECTION: forcing a failure. [ 1388.678647] name failslab, interval 1, probability 0, space 0, times 0 [ 1388.679368] binder_alloc: 7955: binder_alloc_buf, no vma [ 1388.690993] binder: BINDER_SET_CONTEXT_MGR already set [ 1388.739859] overlayfs: unrecognized mount option "upperdiz=./file0LloseߊH=.dir=./file1" or missing value [ 1388.753063] CPU: 1 PID: 7967 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1388.760196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1388.769543] Call Trace: [ 1388.769566] dump_stack+0x1db/0x2d0 [ 1388.769587] ? dump_stack_print_info.cold+0x20/0x20 [ 1388.769605] ? find_held_lock+0x35/0x120 [ 1388.773987] binder: 7955:7961 transaction failed 29189/-3, size 40-8 line 3035 [ 1388.775814] should_fail.cold+0xa/0x15 [ 1388.796097] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1388.801232] ? ___might_sleep+0x1e7/0x310 [ 1388.805398] ? arch_local_save_flags+0x50/0x50 [ 1388.809988] ? dput+0x4df/0x790 [ 1388.811261] overlayfs: unrecognized mount option "upperdiz=./file0LloseߊH=.dir=./file1" or missing value [ 1388.813275] __should_failslab+0x121/0x190 [ 1388.813291] should_failslab+0x9/0x14 [ 1388.813307] kmem_cache_alloc+0x2be/0x710 [ 1388.835240] ? lock_downgrade+0x910/0x910 [ 1388.839393] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 1388.844690] __alloc_file+0x93/0x480 [ 1388.848413] ? file_free_rcu+0xe0/0xe0 [ 1388.852311] ? kick_process+0xef/0x180 [ 1388.856214] ? task_work_add+0x124/0x1f0 [ 1388.860289] alloc_empty_file+0x72/0x170 [ 1388.864358] dentry_open+0x70/0x1d0 [ 1388.867993] ovl_path_open+0x56/0x70 [ 1388.871714] ovl_dir_read_merged+0x2a1/0xcf0 [ 1388.876136] ? ovl_dir_open+0x310/0x310 [ 1388.880122] ? __lock_is_held+0xb6/0x140 [ 1388.884186] ? ovl_fill_plain+0x340/0x340 [ 1388.888349] ? rcu_read_lock_sched_held+0x110/0x130 [ 1388.893370] ? kmem_cache_alloc_trace+0x354/0x760 [ 1388.898215] ? ovl_test_flag+0x12/0x20 [ 1388.902106] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1388.907126] ovl_iterate+0x899/0xe60 [ 1388.910851] ? ovl_iterate_real+0xd70/0xd70 [ 1388.915185] ? down_read_killable+0x150/0x150 [ 1388.919690] ? security_file_permission+0x94/0x320 [ 1388.924623] iterate_dir+0x20d/0x5f0 [ 1388.928344] ksys_getdents64+0x245/0x4a0 [ 1388.932405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1388.937944] ? __ia32_sys_getdents+0x520/0x520 [ 1388.942530] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1388.947110] ? iterate_dir+0x5f0/0x5f0 [ 1388.951002] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1388.956367] ? trace_hardirqs_off_caller+0x300/0x300 [ 1388.961475] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1388.966234] __x64_sys_getdents64+0x73/0xb0 [ 1388.970559] do_syscall_64+0x1a3/0x800 [ 1388.974448] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1388.979381] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1388.984404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1388.989255] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1388.994443] RIP: 0033:0x457e39 [ 1388.997640] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1389.016542] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1389.024252] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1389.031517] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1389.038785] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1389.046051] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1389.053317] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1389.066782] binder: 7955:7957 ioctl 40046207 0 returned -16 [ 1389.066788] binder: undelivered TRANSACTION_ERROR: 29201 [ 1389.066823] binder: undelivered TRANSACTION_ERROR: 29189 20:26:04 executing program 2 (fault-call:6 fault-nth:14): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:04 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000940)={0x0, @reserved}) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_mount_image$f2fs(&(0x7f0000000340)='f2fs\x00', &(0x7f0000000380)='./file1\x00', 0x7, 0x5, &(0x7f0000000700)=[{&(0x7f00000003c0)="543226ed8413e50726aa9aef4deaa258afc73c03821c2823f6f8104232404b04bd5789c89c8deab29a500bd22604d641313a6e204c48b93ccc58a55ae4345ddc44d4f3b20b844da9aef0a8389444a3e8189e4afd7616591e80549420dda5268ad087b86a85ad85d9ae87", 0x6a}, {&(0x7f0000000440)="40372c3db40dc36d6584bfe73612d2261b900c90fb6be6b2a270d3fb1e0d75fbde02d0d4347424993757291bc8ff9702bce75ee070c7d11dff3a412bba662737907d8831041923aaa378741330d084c11e3f55f54ff019ede847f69cd86fc1ad89848f4c6a90e0a6949845585025f3b26a6f39985dd3e3c8dfbda2b7b4a6cadfe17479e041421b398746bf3466e492010efcc1f222f3c8aa38314041dd7a8e29dbdd57", 0xa3, 0x1}, {&(0x7f0000000500)="c39cab8a504656e756d81c72e8aef7d239f8fe85201ce3a6e571cca246cc11c9374861021e6b8c39bb8ab6f81d7a416a87e654a04fa7cb7d123e3db13815dce745daf0c7deeda3d8c33b231461ea6f0d648c1e74c19b2902a1f31ba2890e8801c088af57cd95e1f616dc3caabb73ba55d1d369d3f99ee3337487e1163d966b184a3cc037293a00612eca66dd1dfea1e0e58e57c2f2ea33a1dc492735045dc44cb7867ca1769be46133fbe30ed8876faf2ee64716d824768d81af4b11558b9fc88a6c936b5171133229f4cf1c531371fdcd1284376ac94b2a24fa8e682794d1446252b36d161d", 0xe6, 0x3}, {&(0x7f0000000600)="af73424baab0a95c568d44efccf20c1f3cd94d56e45bca2f2239de765bd5ccbd8d85497e8784b4149b67b1a8a0025a61e1d3e77ea4951262a3a74ad8a3283c9a87aa965bd04d768f74007e8127976a672d113115f2", 0x55}, {&(0x7f0000000680)="1965e74c2762c6899e89b804e270bf01e6321c24a41cb059684a76fe8a37b7ec538e6cae5b348dd701b9e9c6eee22ab053a995501657eeb3ad173dc7aba968801d36d2bf752aafbc32545e8226b116bb4c4bbb713ddb47066f5fdf7a5d70e127b6f8", 0x62, 0x5}], 0x4000, &(0x7f0000000800)=ANY=[@ANYBLOB="6e6f666c7573685f6d657267652c686561702c746573745f64756d6d795f655e6372797074696f6e2c6261636b67726f756e645f67633d6f66662c6e6fadef72726965722c6e6f646973636172642c6e6f666c7573685f6d657267652c6f626a5f726f6c653d746d706673002c7065726d69745f646972656374696f2c00"]) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065721f00723d2e2fff6965726469723d2e0800696c000000006f726b6469723d2e2f66696c6531"]) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000780)) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000880)=""/163) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) ioctl$VT_WAITACTIVE(r1, 0x5607) 20:26:04 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x2400]}}}], 0x0, 0x0, 0x0}) 20:26:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1389.183687] binder: 7986:7987 got transaction with invalid offset (9216, min 0 max 40) or object. [ 1389.196321] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.223668] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock 20:26:04 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1389.233967] binder: 7986:7987 transaction failed 29201/-22, size 40-8 line 3097 [ 1389.263349] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.265875] overlayfs: unrecognized mount option "upper" or missing value 20:26:04 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1389.298290] FAULT_INJECTION: forcing a failure. [ 1389.298290] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.299965] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1389.339113] binder_alloc: binder_alloc_mmap_handler: 7986 20ffc000-20ffe000 already mapped failed -16 [ 1389.345786] CPU: 0 PID: 7990 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1389.355601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1389.364956] Call Trace: [ 1389.367565] dump_stack+0x1db/0x2d0 [ 1389.371203] ? dump_stack_print_info.cold+0x20/0x20 [ 1389.376236] should_fail.cold+0xa/0x15 [ 1389.380149] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1389.385266] ? ___might_sleep+0x1e7/0x310 [ 1389.389418] ? arch_local_save_flags+0x50/0x50 [ 1389.394013] __should_failslab+0x121/0x190 [ 1389.394910] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.398250] should_failslab+0x9/0x14 [ 1389.405331] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1389.409028] kmem_cache_alloc_trace+0x2d1/0x760 [ 1389.409050] ? __might_sleep+0x95/0x190 [ 1389.409073] apparmor_file_alloc_security+0x172/0xad0 [ 1389.409087] ? __lock_is_held+0xb6/0x140 [ 1389.409108] ? apparmor_path_rename+0xcb0/0xcb0 [ 1389.409138] ? __alloc_file+0x93/0x480 [ 1389.409154] ? __alloc_file+0x93/0x480 [ 1389.430521] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.434408] ? rcu_read_lock_sched_held+0x110/0x130 [ 1389.452734] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1389.453797] ? kmem_cache_alloc+0x341/0x710 [ 1389.453822] security_file_alloc+0x69/0xb0 [ 1389.459083] binder_alloc: 7986: binder_alloc_buf, no vma [ 1389.466251] __alloc_file+0x128/0x480 [ 1389.484006] ? file_free_rcu+0xe0/0xe0 [ 1389.487904] ? kick_process+0xef/0x180 [ 1389.491793] ? task_work_add+0x124/0x1f0 [ 1389.494007] binder: 7986:7997 transaction failed 29189/-3, size 40-8 line 3035 [ 1389.495858] alloc_empty_file+0x72/0x170 [ 1389.495878] dentry_open+0x70/0x1d0 [ 1389.510895] ovl_path_open+0x56/0x70 [ 1389.514617] ovl_dir_read_merged+0x2a1/0xcf0 [ 1389.515474] binder: undelivered TRANSACTION_ERROR: 29201 [ 1389.519034] ? ovl_dir_open+0x310/0x310 [ 1389.519051] ? __lock_is_held+0xb6/0x140 [ 1389.519065] ? ovl_fill_plain+0x340/0x340 [ 1389.519088] ? rcu_read_lock_sched_held+0x110/0x130 [ 1389.519104] ? kmem_cache_alloc_trace+0x354/0x760 [ 1389.546473] ? ovl_test_flag+0x12/0x20 [ 1389.550347] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1389.555356] ovl_iterate+0x899/0xe60 [ 1389.559067] ? ovl_iterate_real+0xd70/0xd70 [ 1389.563376] ? down_read_killable+0x150/0x150 [ 1389.567866] ? security_file_permission+0x94/0x320 [ 1389.572786] iterate_dir+0x20d/0x5f0 [ 1389.576494] ksys_getdents64+0x245/0x4a0 [ 1389.580543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1389.586069] ? __ia32_sys_getdents+0x520/0x520 [ 1389.590638] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1389.595207] ? iterate_dir+0x5f0/0x5f0 [ 1389.599086] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1389.604450] ? trace_hardirqs_off_caller+0x300/0x300 [ 1389.609544] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1389.614293] __x64_sys_getdents64+0x73/0xb0 [ 1389.618619] do_syscall_64+0x1a3/0x800 [ 1389.622512] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1389.627431] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1389.632441] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1389.637276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1389.642450] RIP: 0033:0x457e39 [ 1389.645634] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1389.664521] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1389.672213] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1389.679471] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 20:26:05 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1389.686727] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1389.693983] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1389.701242] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:05 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:05 executing program 2 (fault-call:6 fault-nth:15): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) [ 1389.858968] binder: undelivered TRANSACTION_ERROR: 29189 [ 1389.880875] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.887916] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1389.895689] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.927301] overlayfs: unrecognized mount option "upper" or missing value [ 1389.935646] FAULT_INJECTION: forcing a failure. [ 1389.935646] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.949429] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1389.957014] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.964882] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1389.972534] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1389.979757] CPU: 0 PID: 8011 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1389.980032] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1389.986861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1389.986868] Call Trace: [ 1389.986888] dump_stack+0x1db/0x2d0 [ 1389.986908] ? dump_stack_print_info.cold+0x20/0x20 [ 1390.014847] ? ovl_dir_read_merged+0x2a1/0xcf0 [ 1390.019418] ? ovl_iterate+0x899/0xe60 [ 1390.023293] ? iterate_dir+0x20d/0x5f0 [ 1390.027167] ? ksys_getdents64+0x245/0x4a0 [ 1390.031389] ? __x64_sys_getdents64+0x73/0xb0 [ 1390.035880] should_fail.cold+0xa/0x15 [ 1390.039758] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1390.044854] ? ___might_sleep+0x1e7/0x310 [ 1390.048991] ? arch_local_save_flags+0x50/0x50 [ 1390.053559] ? mark_held_locks+0x100/0x100 [ 1390.057783] ? rcu_read_unlock_special+0x380/0x380 [ 1390.062704] __should_failslab+0x121/0x190 [ 1390.066929] should_failslab+0x9/0x14 [ 1390.070720] kmem_cache_alloc_trace+0x2d1/0x760 [ 1390.075379] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1390.080908] ext4_readdir+0x2268/0x3590 [ 1390.084872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1390.090401] ? __lock_is_held+0xb6/0x140 [ 1390.094451] ? apparmor_capable+0x6d0/0x6d0 [ 1390.098775] ? __ext4_check_dir_entry+0x350/0x350 [ 1390.103606] ? ___might_sleep+0x1e7/0x310 [ 1390.107743] ? lock_release+0xc40/0xc40 [ 1390.111719] ? down_read_killable+0x90/0x150 [ 1390.116386] ? iterate_dir+0xd8/0x5f0 [ 1390.120180] ? down_write+0x130/0x130 [ 1390.123973] ? security_file_permission+0x94/0x320 [ 1390.128893] iterate_dir+0x489/0x5f0 [ 1390.132600] ovl_dir_read_merged+0x42b/0xcf0 [ 1390.137005] ? ovl_dir_open+0x310/0x310 [ 1390.140969] ? __lock_is_held+0xb6/0x140 [ 1390.145018] ? ovl_fill_plain+0x340/0x340 [ 1390.149166] ? rcu_read_lock_sched_held+0x110/0x130 [ 1390.154174] ? kmem_cache_alloc_trace+0x354/0x760 [ 1390.159003] ? ovl_test_flag+0x12/0x20 [ 1390.162879] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1390.167885] ovl_iterate+0x899/0xe60 [ 1390.171592] ? ovl_iterate_real+0xd70/0xd70 [ 1390.175900] ? down_read_killable+0x150/0x150 [ 1390.180390] ? security_file_permission+0x94/0x320 [ 1390.185312] iterate_dir+0x20d/0x5f0 [ 1390.189019] ksys_getdents64+0x245/0x4a0 [ 1390.193079] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1390.198606] ? __ia32_sys_getdents+0x520/0x520 [ 1390.203176] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1390.207745] ? iterate_dir+0x5f0/0x5f0 [ 1390.211625] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1390.216976] ? trace_hardirqs_off_caller+0x300/0x300 [ 1390.222082] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1390.226829] __x64_sys_getdents64+0x73/0xb0 [ 1390.231139] do_syscall_64+0x1a3/0x800 [ 1390.235018] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1390.239937] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1390.244965] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1390.249803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1390.254979] RIP: 0033:0x457e39 [ 1390.258160] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1390.277063] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1390.284761] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1390.292018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1390.299287] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1390.306543] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1390.313801] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x3000]}}}], 0x0, 0x0, 0x0}) 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000380)='./file0/f.le.\x00', 0x10000000150) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:06 executing program 2 (fault-call:6 fault-nth:16): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) [ 1390.439182] binder: 8018:8019 got transaction with invalid offset (12288, min 0 max 40) or object. 20:26:06 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1390.483249] binder_alloc: binder_alloc_mmap_handler: 8018 20ffc000-20ffe000 already mapped failed -16 [ 1390.514948] overlayfs: failed to resolve './file1': -2 [ 1390.522656] FAULT_INJECTION: forcing a failure. [ 1390.522656] name failslab, interval 1, probability 0, space 0, times 0 [ 1390.549180] binder: BINDER_SET_CONTEXT_MGR already set [ 1390.554492] binder: 8018:8019 ioctl 40046207 0 returned -16 [ 1390.557888] CPU: 1 PID: 8021 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1390.567307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1390.576658] Call Trace: [ 1390.579259] dump_stack+0x1db/0x2d0 [ 1390.582893] ? dump_stack_print_info.cold+0x20/0x20 [ 1390.587911] ? ext4_issue_zeroout+0x170/0x170 [ 1390.592421] should_fail.cold+0xa/0x15 [ 1390.596315] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1390.601431] ? ___might_sleep+0x1e7/0x310 [ 1390.605580] ? arch_local_save_flags+0x50/0x50 [ 1390.607889] overlayfs: failed to resolve './file1': -2 [ 1390.610178] __should_failslab+0x121/0x190 [ 1390.610199] should_failslab+0x9/0x14 [ 1390.623471] __kmalloc+0x2dc/0x740 [ 1390.627032] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1390.631692] ? ext4_htree_store_dirent+0x8a/0x650 [ 1390.636529] ext4_htree_store_dirent+0x8a/0x650 [ 1390.641194] htree_dirblock_to_tree+0x391/0x840 [ 1390.645860] ? dx_probe+0x1120/0x1120 [ 1390.649649] ? __x64_sys_getdents64+0x73/0xb0 [ 1390.654135] ? ovl_path_open+0x56/0x70 [ 1390.658019] ? iterate_dir+0x20d/0x5f0 [ 1390.661894] ? ksys_getdents64+0x245/0x4a0 [ 1390.666116] ? print_usage_bug+0xd0/0xd0 [ 1390.670170] ext4_htree_fill_tree+0x2c3/0xd60 [ 1390.674653] ? add_lock_to_list.isra.0+0x450/0x450 [ 1390.679573] ? do_split+0x2070/0x2070 [ 1390.683358] ? ext4_readdir+0x2268/0x3590 [ 1390.687494] ? __lock_is_held+0xb6/0x140 [ 1390.691546] ? ext4_readdir+0x2268/0x3590 [ 1390.695685] ? rcu_read_lock_sched_held+0x110/0x130 [ 1390.700692] ? kmem_cache_alloc_trace+0x354/0x760 [ 1390.705533] ext4_readdir+0x1916/0x3590 [ 1390.709496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1390.715044] ? __ext4_check_dir_entry+0x350/0x350 [ 1390.719878] ? ___might_sleep+0x1e7/0x310 [ 1390.724025] ? lock_release+0xc40/0xc40 [ 1390.727996] ? iterate_dir+0xd8/0x5f0 [ 1390.731796] ? down_write+0x130/0x130 [ 1390.735587] ? security_file_permission+0x94/0x320 [ 1390.740507] iterate_dir+0x489/0x5f0 [ 1390.744221] ovl_dir_read_merged+0x42b/0xcf0 [ 1390.748624] ? ovl_dir_open+0x310/0x310 [ 1390.752590] ? __lock_is_held+0xb6/0x140 [ 1390.756639] ? ovl_fill_plain+0x340/0x340 [ 1390.760784] ? rcu_read_lock_sched_held+0x110/0x130 [ 1390.765790] ? kmem_cache_alloc_trace+0x354/0x760 [ 1390.770621] ? ovl_test_flag+0x12/0x20 [ 1390.774496] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1390.779525] ovl_iterate+0x899/0xe60 [ 1390.783232] ? ovl_iterate_real+0xd70/0xd70 [ 1390.787540] ? down_read_killable+0x150/0x150 [ 1390.792034] ? security_file_permission+0x94/0x320 [ 1390.796954] iterate_dir+0x20d/0x5f0 [ 1390.800662] ksys_getdents64+0x245/0x4a0 [ 1390.804710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1390.810237] ? __ia32_sys_getdents+0x520/0x520 [ 1390.814806] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1390.819376] ? iterate_dir+0x5f0/0x5f0 [ 1390.823257] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1390.828611] ? trace_hardirqs_off_caller+0x300/0x300 [ 1390.833705] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1390.838451] __x64_sys_getdents64+0x73/0xb0 [ 1390.842764] do_syscall_64+0x1a3/0x800 [ 1390.846639] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1390.851556] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1390.856562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1390.861399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1390.866573] RIP: 0033:0x457e39 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x4800]}}}], 0x0, 0x0, 0x0}) [ 1390.869756] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1390.888643] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1390.896341] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1390.903599] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1390.910856] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1390.918110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1390.925367] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:06 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, &(0x7f0000000280)=""/28, 0x1c) [ 1391.002445] binder: 8038:8039 got transaction with invalid offset (18432, min 0 max 40) or object. [ 1391.035287] binder_alloc: binder_alloc_mmap_handler: 8038 20ffc000-20ffe000 already mapped failed -16 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1391.060514] binder: BINDER_SET_CONTEXT_MGR already set [ 1391.065973] binder_alloc: 8038: binder_alloc_buf, no vma [ 1391.098954] binder: 8038:8039 ioctl 40046207 0 returned -16 20:26:06 executing program 2 (fault-call:6 fault-nth:17): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:06 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x4c00]}}}], 0x0, 0x0, 0x0}) 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:06 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1391.263909] binder: 8051:8054 got transaction with invalid offset (19456, min 0 max 40) or object. [ 1391.273209] net_ratelimit: 18 callbacks suppressed [ 1391.273217] protocol 88fb is buggy, dev hsr_slave_0 [ 1391.273275] protocol 88fb is buggy, dev hsr_slave_1 [ 1391.273372] protocol 88fb is buggy, dev hsr_slave_0 [ 1391.273421] protocol 88fb is buggy, dev hsr_slave_1 [ 1391.273521] protocol 88fb is buggy, dev hsr_slave_0 [ 1391.273574] protocol 88fb is buggy, dev hsr_slave_1 20:26:06 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1391.330880] overlayfs: workdir and upperdir must reside under the same mount [ 1391.365881] binder_transaction: 3 callbacks suppressed [ 1391.365897] binder: 8051:8054 transaction failed 29201/-22, size 40-8 line 3097 [ 1391.383627] overlayfs: workdir and upperdir must reside under the same mount 20:26:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='.//ile0\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1391.429066] binder_alloc: binder_alloc_mmap_handler: 8051 20ffc000-20ffe000 already mapped failed -16 [ 1391.455569] FAULT_INJECTION: forcing a failure. [ 1391.455569] name failslab, interval 1, probability 0, space 0, times 0 [ 1391.473508] binder: BINDER_SET_CONTEXT_MGR already set 20:26:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1391.490820] binder: 8051:8054 ioctl 40046207 0 returned -16 [ 1391.511070] CPU: 1 PID: 8063 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1391.518191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.527539] Call Trace: [ 1391.527562] dump_stack+0x1db/0x2d0 [ 1391.527582] ? dump_stack_print_info.cold+0x20/0x20 [ 1391.527601] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1391.544156] ? print_usage_bug+0xd0/0xd0 [ 1391.545034] binder_alloc: 8051: binder_alloc_buf, no vma [ 1391.548228] should_fail.cold+0xa/0x15 [ 1391.548248] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1391.548268] ? ___might_sleep+0x1e7/0x310 [ 1391.557582] ? arch_local_save_flags+0x50/0x50 [ 1391.557609] __should_failslab+0x121/0x190 [ 1391.557626] should_failslab+0x9/0x14 [ 1391.575641] __kmalloc+0x2dc/0x740 [ 1391.575662] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1391.575679] ? ext4_htree_store_dirent+0x8a/0x650 [ 1391.575696] ext4_htree_store_dirent+0x8a/0x650 [ 1391.575718] htree_dirblock_to_tree+0x391/0x840 [ 1391.588005] binder: 8051:8074 transaction failed 29189/-3, size 40-8 line 3035 [ 1391.592532] ? dx_probe+0x1120/0x1120 [ 1391.592548] ? __x64_sys_getdents64+0x73/0xb0 [ 1391.592565] ? ovl_path_open+0x56/0x70 [ 1391.592579] ? iterate_dir+0x20d/0x5f0 [ 1391.592592] ? ksys_getdents64+0x245/0x4a0 [ 1391.592606] ? print_usage_bug+0xd0/0xd0 [ 1391.592627] ext4_htree_fill_tree+0x2c3/0xd60 [ 1391.601945] ? add_lock_to_list.isra.0+0x450/0x450 [ 1391.642941] ? do_split+0x2070/0x2070 [ 1391.646730] ? ext4_readdir+0x2268/0x3590 [ 1391.650872] ? __lock_is_held+0xb6/0x140 [ 1391.654923] ? ext4_readdir+0x2268/0x3590 [ 1391.659074] ? rcu_read_lock_sched_held+0x110/0x130 [ 1391.664082] ? kmem_cache_alloc_trace+0x354/0x760 [ 1391.668921] ext4_readdir+0x1916/0x3590 [ 1391.672895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1391.678437] ? __ext4_check_dir_entry+0x350/0x350 [ 1391.683269] ? ___might_sleep+0x1e7/0x310 [ 1391.687405] ? lock_release+0xc40/0xc40 [ 1391.691382] ? iterate_dir+0xd8/0x5f0 [ 1391.695171] ? down_write+0x130/0x130 [ 1391.698969] ? security_file_permission+0x94/0x320 [ 1391.703891] iterate_dir+0x489/0x5f0 [ 1391.707599] ovl_dir_read_merged+0x42b/0xcf0 [ 1391.712008] ? ovl_dir_open+0x310/0x310 [ 1391.715969] ? __lock_is_held+0xb6/0x140 [ 1391.720021] ? ovl_fill_plain+0x340/0x340 [ 1391.724164] ? rcu_read_lock_sched_held+0x110/0x130 [ 1391.729168] ? kmem_cache_alloc_trace+0x354/0x760 [ 1391.733999] ? ovl_test_flag+0x12/0x20 [ 1391.737873] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1391.742882] ovl_iterate+0x899/0xe60 [ 1391.746594] ? ovl_iterate_real+0xd70/0xd70 [ 1391.750905] ? down_read_killable+0x150/0x150 [ 1391.755404] ? security_file_permission+0x94/0x320 [ 1391.760328] iterate_dir+0x20d/0x5f0 [ 1391.764033] ksys_getdents64+0x245/0x4a0 [ 1391.768083] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1391.773609] ? __ia32_sys_getdents+0x520/0x520 [ 1391.778179] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1391.782749] ? iterate_dir+0x5f0/0x5f0 [ 1391.786630] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1391.791981] ? trace_hardirqs_off_caller+0x300/0x300 [ 1391.797074] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1391.801822] __x64_sys_getdents64+0x73/0xb0 [ 1391.806135] do_syscall_64+0x1a3/0x800 [ 1391.810015] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1391.814943] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1391.819962] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1391.824798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1391.829973] RIP: 0033:0x457e39 [ 1391.833157] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1391.852043] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1391.859739] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1391.866997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1391.874254] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1391.881509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 20:26:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400007f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1391.888766] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1391.898863] protocol 88fb is buggy, dev hsr_slave_0 [ 1391.903993] protocol 88fb is buggy, dev hsr_slave_1 20:26:07 executing program 2 (fault-call:6 fault-nth:18): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003b91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400017f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6000]}}}], 0x0, 0x0, 0x0}) 20:26:07 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0xf6, 0x2) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000500)=""/122) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) clock_adjtime(0x7, &(0x7f0000000400)={0x46b8, 0x20, 0x1400, 0x3, 0x5, 0xc70c, 0x81, 0x40, 0x51e, 0x80, 0x4, 0x2, 0xff, 0xf52, 0x3, 0x5, 0x7ff, 0x487, 0x3, 0x2, 0x34, 0x9, 0x1000, 0x0, 0x1, 0x4}) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) getsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000000), &(0x7f0000000280)=0x4) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000080), 0x2) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000180)=""/28, 0xfffffffffffffce9) 20:26:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1392.076114] binder: 8084:8086 got transaction with invalid offset (24576, min 0 max 40) or object. [ 1392.078449] binder_release_work: 4 callbacks suppressed [ 1392.078456] binder: undelivered TRANSACTION_ERROR: 29189 [ 1392.109058] binder: 8084:8086 transaction failed 29201/-22, size 40-8 line 3097 20:26:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1392.139408] binder_alloc: binder_alloc_mmap_handler: 8084 20ffc000-20ffe000 already mapped failed -16 [ 1392.177101] binder: BINDER_SET_CONTEXT_MGR already set 20:26:07 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400027f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1392.226138] binder: undelivered TRANSACTION_ERROR: 29201 [ 1392.231872] binder: 8084:8086 ioctl 40046207 0 returned -16 [ 1392.317189] FAULT_INJECTION: forcing a failure. [ 1392.317189] name failslab, interval 1, probability 0, space 0, times 0 [ 1392.349123] CPU: 0 PID: 8100 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1392.356256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.365606] Call Trace: [ 1392.368207] dump_stack+0x1db/0x2d0 [ 1392.371852] ? dump_stack_print_info.cold+0x20/0x20 [ 1392.376913] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1392.382287] ? print_usage_bug+0xd0/0xd0 [ 1392.386369] should_fail.cold+0xa/0x15 [ 1392.390274] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1392.395388] ? ___might_sleep+0x1e7/0x310 [ 1392.399541] ? arch_local_save_flags+0x50/0x50 [ 1392.404131] __should_failslab+0x121/0x190 [ 1392.404150] should_failslab+0x9/0x14 [ 1392.412170] __kmalloc+0x2dc/0x740 [ 1392.415716] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1392.420382] ? ext4_htree_store_dirent+0x8a/0x650 [ 1392.420401] ext4_htree_store_dirent+0x8a/0x650 [ 1392.420424] htree_dirblock_to_tree+0x391/0x840 [ 1392.420451] ? dx_probe+0x1120/0x1120 [ 1392.420465] ? __x64_sys_getdents64+0x73/0xb0 [ 1392.420480] ? ovl_path_open+0x56/0x70 [ 1392.446771] ? iterate_dir+0x20d/0x5f0 [ 1392.450664] ? ksys_getdents64+0x245/0x4a0 [ 1392.454914] ? print_usage_bug+0xd0/0xd0 [ 1392.458989] ext4_htree_fill_tree+0x2c3/0xd60 [ 1392.463490] ? add_lock_to_list.isra.0+0x450/0x450 [ 1392.468431] ? do_split+0x2070/0x2070 [ 1392.472233] ? ext4_readdir+0x2268/0x3590 [ 1392.476390] ? __lock_is_held+0xb6/0x140 [ 1392.480459] ? ext4_readdir+0x2268/0x3590 [ 1392.484615] ? rcu_read_lock_sched_held+0x110/0x130 [ 1392.489638] ? kmem_cache_alloc_trace+0x354/0x760 [ 1392.494496] ext4_readdir+0x1916/0x3590 [ 1392.498471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1392.504028] ? __ext4_check_dir_entry+0x350/0x350 [ 1392.508885] ? ___might_sleep+0x1e7/0x310 [ 1392.513043] ? lock_release+0xc40/0xc40 [ 1392.517034] ? iterate_dir+0xd8/0x5f0 [ 1392.520836] ? down_write+0x130/0x130 [ 1392.524657] ? security_file_permission+0x94/0x320 [ 1392.529590] iterate_dir+0x489/0x5f0 [ 1392.533314] ovl_dir_read_merged+0x42b/0xcf0 [ 1392.537737] ? ovl_dir_open+0x310/0x310 [ 1392.541719] ? __lock_is_held+0xb6/0x140 [ 1392.545779] ? ovl_fill_plain+0x340/0x340 [ 1392.548870] protocol 88fb is buggy, dev hsr_slave_0 [ 1392.549936] ? rcu_read_lock_sched_held+0x110/0x130 [ 1392.549953] ? kmem_cache_alloc_trace+0x354/0x760 [ 1392.554996] protocol 88fb is buggy, dev hsr_slave_1 [ 1392.559955] ? ovl_test_flag+0x12/0x20 [ 1392.559969] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1392.559989] ovl_iterate+0x899/0xe60 [ 1392.560012] ? ovl_iterate_real+0xd70/0xd70 [ 1392.586729] ? down_read_killable+0x150/0x150 [ 1392.591237] ? security_file_permission+0x94/0x320 [ 1392.596174] iterate_dir+0x20d/0x5f0 [ 1392.599905] ksys_getdents64+0x245/0x4a0 [ 1392.603967] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1392.609513] ? __ia32_sys_getdents+0x520/0x520 [ 1392.614095] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1392.618675] ? iterate_dir+0x5f0/0x5f0 [ 1392.622572] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1392.627943] ? trace_hardirqs_off_caller+0x300/0x300 [ 1392.633048] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1392.637809] __x64_sys_getdents64+0x73/0xb0 [ 1392.642154] do_syscall_64+0x1a3/0x800 [ 1392.646046] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1392.650979] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1392.656005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1392.660872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1392.666063] RIP: 0033:0x457e39 [ 1392.669258] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1392.688160] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1392.695897] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1392.703169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1392.710440] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 20:26:08 executing program 2 (fault-call:6 fault-nth:19): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6800]}}}], 0x0, 0x0, 0x0}) 20:26:08 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ba1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400037f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1392.717712] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1392.724984] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1392.819582] binder: 8115:8116 got transaction with invalid offset (26624, min 0 max 40) or object. 20:26:08 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:08 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002801e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:08 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) [ 1392.898921] binder: 8115:8116 transaction failed 29201/-22, size 40-8 line 3097 [ 1392.913342] FAULT_INJECTION: forcing a failure. [ 1392.913342] name failslab, interval 1, probability 0, space 0, times 0 [ 1392.925013] binder_alloc: binder_alloc_mmap_handler: 8115 20ffc000-20ffe000 already mapped failed -16 [ 1392.942632] CPU: 1 PID: 8122 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1392.949754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.959110] Call Trace: [ 1392.961712] dump_stack+0x1db/0x2d0 [ 1392.965358] ? dump_stack_print_info.cold+0x20/0x20 [ 1392.965377] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1392.965395] ? print_usage_bug+0xd0/0xd0 [ 1392.970590] binder: BINDER_SET_CONTEXT_MGR already set [ 1392.975767] should_fail.cold+0xa/0x15 [ 1392.975786] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1392.975807] ? ___might_sleep+0x1e7/0x310 [ 1392.985131] ? arch_local_save_flags+0x50/0x50 [ 1392.985158] __should_failslab+0x121/0x190 [ 1392.985176] should_failslab+0x9/0x14 [ 1392.994132] __kmalloc+0x2dc/0x740 [ 1392.994152] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1392.994166] ? ext4_htree_store_dirent+0x8a/0x650 [ 1392.994183] ext4_htree_store_dirent+0x8a/0x650 [ 1392.998381] binder: 8115:8116 ioctl 40046207 0 returned -16 [ 1393.002888] htree_dirblock_to_tree+0x391/0x840 [ 1393.002916] ? dx_probe+0x1120/0x1120 [ 1393.002929] ? __x64_sys_getdents64+0x73/0xb0 [ 1393.002944] ? ovl_path_open+0x56/0x70 [ 1393.010950] ? iterate_dir+0x20d/0x5f0 [ 1393.010964] ? ksys_getdents64+0x245/0x4a0 [ 1393.010979] ? print_usage_bug+0xd0/0xd0 [ 1393.011002] ext4_htree_fill_tree+0x2c3/0xd60 [ 1393.011017] ? add_lock_to_list.isra.0+0x450/0x450 [ 1393.072703] ? do_split+0x2070/0x2070 [ 1393.076503] ? ext4_readdir+0x2268/0x3590 [ 1393.080658] ? __lock_is_held+0xb6/0x140 [ 1393.084726] ? ext4_readdir+0x2268/0x3590 [ 1393.088879] ? rcu_read_lock_sched_held+0x110/0x130 [ 1393.093901] ? kmem_cache_alloc_trace+0x354/0x760 [ 1393.098757] ext4_readdir+0x1916/0x3590 [ 1393.102732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1393.108287] ? __ext4_check_dir_entry+0x350/0x350 [ 1393.113134] ? ___might_sleep+0x1e7/0x310 [ 1393.117284] ? lock_release+0xc40/0xc40 [ 1393.121281] ? iterate_dir+0xd8/0x5f0 [ 1393.125085] ? down_write+0x130/0x130 [ 1393.128899] ? security_file_permission+0x94/0x320 [ 1393.133842] iterate_dir+0x489/0x5f0 [ 1393.137568] ovl_dir_read_merged+0x42b/0xcf0 [ 1393.141990] ? ovl_dir_open+0x310/0x310 [ 1393.145971] ? __lock_is_held+0xb6/0x140 [ 1393.150031] ? ovl_fill_plain+0x340/0x340 [ 1393.154189] ? rcu_read_lock_sched_held+0x110/0x130 [ 1393.159207] ? kmem_cache_alloc_trace+0x354/0x760 [ 1393.164049] ? ovl_test_flag+0x12/0x20 [ 1393.167940] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1393.172962] ovl_iterate+0x899/0xe60 [ 1393.176690] ? ovl_iterate_real+0xd70/0xd70 [ 1393.181010] ? down_read_killable+0x150/0x150 [ 1393.185510] ? security_file_permission+0x94/0x320 [ 1393.190446] iterate_dir+0x20d/0x5f0 [ 1393.194172] ksys_getdents64+0x245/0x4a0 [ 1393.198231] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1393.203782] ? __ia32_sys_getdents+0x520/0x520 [ 1393.208379] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1393.212962] ? iterate_dir+0x5f0/0x5f0 [ 1393.216860] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1393.222224] ? trace_hardirqs_off_caller+0x300/0x300 [ 1393.227332] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1393.232093] __x64_sys_getdents64+0x73/0xb0 [ 1393.236418] do_syscall_64+0x1a3/0x800 [ 1393.240315] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1393.245251] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1393.250274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1393.255131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1393.260323] RIP: 0033:0x457e39 [ 1393.263521] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1393.282417] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1393.290123] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 20:26:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1393.297389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1393.304659] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1393.311930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1393.319197] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003801e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1393.354061] binder_alloc: 8115: binder_alloc_buf, no vma [ 1393.379552] binder: undelivered TRANSACTION_ERROR: 29201 [ 1393.387973] binder: 8115:8126 transaction failed 29189/-3, size 40-8 line 3035 20:26:09 executing program 2 (fault-call:6 fault-nth:20): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) [ 1393.415963] binder: undelivered TRANSACTION_ERROR: 29189 20:26:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6c00]}}}], 0x0, 0x0, 0x0}) 20:26:09 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file1\x00', 0x101000, 0x2) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="757070fc080000726469723f7f3a66696c65302c776f726b6469723df5bab85e2e2f66b1abf3984730ac3d15"]) r1 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 20:26:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1393.543553] FAULT_INJECTION: forcing a failure. [ 1393.543553] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.544840] overlayfs: unrecognized mount option "uppü" or missing value [ 1393.573228] binder: 8144:8146 got transaction with invalid offset (27648, min 0 max 40) or object. [ 1393.598576] binder: 8144:8146 transaction failed 29201/-22, size 40-8 line 3097 [ 1393.616815] binder_alloc: binder_alloc_mmap_handler: 8144 20ffc000-20ffe000 already mapped failed -16 [ 1393.620357] CPU: 1 PID: 8138 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1393.633294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1393.642645] Call Trace: [ 1393.645239] dump_stack+0x1db/0x2d0 [ 1393.648885] ? dump_stack_print_info.cold+0x20/0x20 [ 1393.652375] binder: BINDER_SET_CONTEXT_MGR already set [ 1393.653902] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1393.653922] ? print_usage_bug+0xd0/0xd0 [ 1393.653943] should_fail.cold+0xa/0x15 [ 1393.653960] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1393.675952] binder: 8144:8150 ioctl 40046207 0 returned -16 [ 1393.677582] ? ___might_sleep+0x1e7/0x310 [ 1393.677600] ? arch_local_save_flags+0x50/0x50 [ 1393.677626] __should_failslab+0x121/0x190 [ 1393.677643] should_failslab+0x9/0x14 [ 1393.700052] __kmalloc+0x2dc/0x740 [ 1393.703602] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1393.708278] ? ext4_htree_store_dirent+0x8a/0x650 [ 1393.713132] ext4_htree_store_dirent+0x8a/0x650 [ 1393.717819] htree_dirblock_to_tree+0x391/0x840 [ 1393.722504] ? dx_probe+0x1120/0x1120 [ 1393.726306] ? __x64_sys_getdents64+0x73/0xb0 [ 1393.730807] ? ovl_path_open+0x56/0x70 [ 1393.734696] ? iterate_dir+0x20d/0x5f0 [ 1393.738583] ? ksys_getdents64+0x245/0x4a0 [ 1393.742824] ? print_usage_bug+0xd0/0xd0 [ 1393.746897] ext4_htree_fill_tree+0x2c3/0xd60 [ 1393.751395] ? add_lock_to_list.isra.0+0x450/0x450 [ 1393.756334] ? do_split+0x2070/0x2070 [ 1393.760133] ? ext4_readdir+0x2268/0x3590 [ 1393.764293] ? __lock_is_held+0xb6/0x140 [ 1393.768359] ? ext4_readdir+0x2268/0x3590 [ 1393.772516] ? rcu_read_lock_sched_held+0x110/0x130 [ 1393.777533] ? kmem_cache_alloc_trace+0x354/0x760 [ 1393.782391] ext4_readdir+0x1916/0x3590 [ 1393.786370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1393.791928] ? __ext4_check_dir_entry+0x350/0x350 [ 1393.796779] ? ___might_sleep+0x1e7/0x310 [ 1393.800930] ? lock_release+0xc40/0xc40 [ 1393.804920] ? iterate_dir+0xd8/0x5f0 [ 1393.808726] ? down_write+0x130/0x130 [ 1393.812544] ? security_file_permission+0x94/0x320 [ 1393.817478] iterate_dir+0x489/0x5f0 [ 1393.821200] ovl_dir_read_merged+0x42b/0xcf0 [ 1393.825630] ? ovl_dir_open+0x310/0x310 [ 1393.829610] ? __lock_is_held+0xb6/0x140 [ 1393.833675] ? ovl_fill_plain+0x340/0x340 [ 1393.837834] ? rcu_read_lock_sched_held+0x110/0x130 [ 1393.842855] ? kmem_cache_alloc_trace+0x354/0x760 [ 1393.847706] ? ovl_test_flag+0x12/0x20 [ 1393.851608] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1393.856634] ovl_iterate+0x899/0xe60 [ 1393.860364] ? ovl_iterate_real+0xd70/0xd70 [ 1393.864685] ? down_read_killable+0x150/0x150 [ 1393.869187] ? security_file_permission+0x94/0x320 [ 1393.874127] iterate_dir+0x20d/0x5f0 [ 1393.877853] ksys_getdents64+0x245/0x4a0 [ 1393.881920] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1393.887462] ? __ia32_sys_getdents+0x520/0x520 [ 1393.892044] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1393.896624] ? iterate_dir+0x5f0/0x5f0 [ 1393.900524] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1393.905890] ? trace_hardirqs_off_caller+0x300/0x300 [ 1393.910996] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1393.915770] __x64_sys_getdents64+0x73/0xb0 [ 1393.920097] do_syscall_64+0x1a3/0x800 [ 1393.923990] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1393.928928] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1393.933954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1393.938811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1393.943999] RIP: 0033:0x457e39 [ 1393.947459] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1393.966359] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1393.974071] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1393.981341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1393.988873] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1393.996146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1394.003416] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1394.014748] binder_alloc: 8144: binder_alloc_buf, no vma [ 1394.037201] overlayfs: unrecognized mount option "uppü" or missing value 20:26:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f77657264697a3d2e3a66696c65303cfdc8a8bf31776f726b6469723d2e2f66696c6531"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1394.055458] binder: 8144:8156 transaction failed 29189/-3, size 40-8 line 3035 [ 1394.062871] binder: undelivered TRANSACTION_ERROR: 29201 [ 1394.121931] binder: undelivered TRANSACTION_ERROR: 29189 [ 1394.148186] overlayfs: unrecognized mount option "lowerdiz=.:file0<ýȨ¿1workdir=./file1" or missing value [ 1394.185438] overlayfs: unrecognized mount option "lowerdiz=.:file0<ýȨ¿1workdir=./file1" or missing value 20:26:09 executing program 2 (fault-call:6 fault-nth:21): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x7400]}}}], 0x0, 0x0, 0x0}) 20:26:09 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:09 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x7ff, 0x1b8f, 0x7f, 0x4, 0x5}) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:09 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000cb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1394.310182] binder: 8172:8175 got transaction with invalid offset (29696, min 0 max 40) or object. 20:26:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003811e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1394.364865] binder: 8172:8175 transaction failed 29201/-22, size 40-8 line 3097 [ 1394.391914] binder_alloc: binder_alloc_mmap_handler: 8172 20ffc000-20ffe000 already mapped failed -16 [ 1394.430379] overlayfs: filesystem on './file0' not supported as upperdir [ 1394.437558] binder: BINDER_SET_CONTEXT_MGR already set [ 1394.452572] binder: 8172:8175 ioctl 40046207 0 returned -16 [ 1394.459241] binder_alloc: 8172: binder_alloc_buf, no vma [ 1394.464755] binder: 8172:8189 transaction failed 29189/-3, size 40-8 line 3035 20:26:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001cb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1394.484164] FAULT_INJECTION: forcing a failure. [ 1394.484164] name failslab, interval 1, probability 0, space 0, times 0 20:26:10 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000340)={0x0, @in6={{0xa, 0x4e21, 0x5, @mcast1, 0x7f}}}, &(0x7f0000000180)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000400)={r1, 0x5}, &(0x7f0000000440)=0x8) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r2) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) fcntl$getown(r2, 0x9) renameat(r3, &(0x7f0000000240)='.//ile0\x00', r3, &(0x7f0000000480)='./file0/f.le.\x00') setsockopt$netlink_NETLINK_PKTINFO(r3, 0x10e, 0x3, &(0x7f00000004c0)=0x8, 0x4) getdents64(r3, &(0x7f0000000280)=""/28, 0x1c) [ 1394.525200] binder: undelivered TRANSACTION_ERROR: 29201 [ 1394.566014] CPU: 1 PID: 8184 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1394.573137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.582492] Call Trace: [ 1394.585094] dump_stack+0x1db/0x2d0 [ 1394.588741] ? dump_stack_print_info.cold+0x20/0x20 [ 1394.588872] binder: undelivered TRANSACTION_ERROR: 29189 [ 1394.593763] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1394.593782] ? print_usage_bug+0xd0/0xd0 [ 1394.593804] should_fail.cold+0xa/0x15 [ 1394.612522] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1394.617637] ? ___might_sleep+0x1e7/0x310 [ 1394.617652] ? arch_local_save_flags+0x50/0x50 [ 1394.617687] __should_failslab+0x121/0x190 [ 1394.626384] should_failslab+0x9/0x14 [ 1394.626397] __kmalloc+0x2dc/0x740 [ 1394.626415] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1394.634413] ? ext4_htree_store_dirent+0x8a/0x650 [ 1394.634431] ext4_htree_store_dirent+0x8a/0x650 [ 1394.634454] htree_dirblock_to_tree+0x391/0x840 [ 1394.642633] ? dx_probe+0x1120/0x1120 [ 1394.642648] ? __x64_sys_getdents64+0x73/0xb0 [ 1394.642664] ? ovl_path_open+0x56/0x70 [ 1394.642695] ? iterate_dir+0x20d/0x5f0 [ 1394.652174] ? ksys_getdents64+0x245/0x4a0 [ 1394.652194] ? print_usage_bug+0xd0/0xd0 [ 1394.652217] ext4_htree_fill_tree+0x2c3/0xd60 [ 1394.660642] ? add_lock_to_list.isra.0+0x450/0x450 [ 1394.660664] ? do_split+0x2070/0x2070 [ 1394.660686] ? ext4_readdir+0x2268/0x3590 [ 1394.660703] ? __lock_is_held+0xb6/0x140 [ 1394.702571] ? ext4_readdir+0x2268/0x3590 [ 1394.706728] ? rcu_read_lock_sched_held+0x110/0x130 [ 1394.711749] ? kmem_cache_alloc_trace+0x354/0x760 [ 1394.716601] ext4_readdir+0x1916/0x3590 [ 1394.720578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1394.726132] ? __ext4_check_dir_entry+0x350/0x350 [ 1394.730974] ? ___might_sleep+0x1e7/0x310 [ 1394.735130] ? lock_release+0xc40/0xc40 [ 1394.739119] ? iterate_dir+0xd8/0x5f0 [ 1394.742921] ? down_write+0x130/0x130 [ 1394.746734] ? security_file_permission+0x94/0x320 [ 1394.751683] iterate_dir+0x489/0x5f0 [ 1394.755410] ovl_dir_read_merged+0x42b/0xcf0 [ 1394.759839] ? ovl_dir_open+0x310/0x310 [ 1394.763820] ? __lock_is_held+0xb6/0x140 [ 1394.767885] ? ovl_fill_plain+0x340/0x340 [ 1394.772044] ? rcu_read_lock_sched_held+0x110/0x130 [ 1394.777065] ? kmem_cache_alloc_trace+0x354/0x760 [ 1394.781908] ? ovl_test_flag+0x12/0x20 [ 1394.785800] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1394.790827] ovl_iterate+0x899/0xe60 [ 1394.794555] ? ovl_iterate_real+0xd70/0xd70 [ 1394.798877] ? down_read_killable+0x150/0x150 [ 1394.803377] ? security_file_permission+0x94/0x320 [ 1394.808317] iterate_dir+0x20d/0x5f0 [ 1394.812042] ksys_getdents64+0x245/0x4a0 [ 1394.816101] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1394.821645] ? __ia32_sys_getdents+0x520/0x520 [ 1394.826236] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1394.830824] ? iterate_dir+0x5f0/0x5f0 [ 1394.834717] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1394.840083] ? trace_hardirqs_off_caller+0x300/0x300 [ 1394.845196] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1394.849956] __x64_sys_getdents64+0x73/0xb0 [ 1394.854285] do_syscall_64+0x1a3/0x800 [ 1394.858184] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1394.863117] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1394.868145] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1394.872999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1394.878189] RIP: 0033:0x457e39 [ 1394.881385] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1394.900288] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1394.908001] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 20:26:10 executing program 2 (fault-call:6 fault-nth:22): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002cb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x7a00]}}}], 0x0, 0x0, 0x0}) [ 1394.915270] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1394.922541] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1394.929807] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1394.937074] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1394.990501] binder: 8196:8198 got transaction with invalid offset (31232, min 0 max 40) or object. [ 1395.019620] binder: 8196:8198 transaction failed 29201/-22, size 40-8 line 3097 20:26:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003cb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1395.039890] overlayfs: workdir and upperdir must reside under the same mount [ 1395.071618] binder_alloc: binder_alloc_mmap_handler: 8196 20ffc000-20ffe000 already mapped failed -16 20:26:10 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1395.117775] binder: BINDER_SET_CONTEXT_MGR already set 20:26:10 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) sendto$llc(r1, &(0x7f0000000340)="6e0f7f22e2b37742f3961c6c5b62106f3aed26f3314b28fe866d6e848da570c51b39ee6458df837d1fb59ec6a1c9173afc958930c3dccf84065c37e8c6025e67b54ab5ab6d0dd49aaf8de55083bbf211a93af64d2fda669a56179f94d9721f27aafd8241e0b8d3d61d200a6d7e3421318a6848af47c5ae08d5957e86ae64b828dec83337c13ba7df1c1a24903dfc40e266c79cc01840d1ca13b58ef3887abeab4b9d197060880ebca511d14cfc31c2d9544206611bd8e930847af38dffb0ae881ab06465713a644f9d5af491ec7714240b", 0xd1, 0x4000000, &(0x7f0000000000)={0x1a, 0x334, 0x4, 0x8, 0x0, 0xfff, @random="aa8e907d0401"}, 0x10) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@security={'security\x00', 0xe, 0x4, 0x400, 0xf8, 0xf8, 0xf8, 0xf8, 0xf8, 0x368, 0x368, 0x368, 0x368, 0x368, 0x4, &(0x7f0000000180), {[{{@uncond, 0x0, 0x98, 0xf8}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x280000, 0xc, [0x1a, 0x12, 0x1, 0x13, 0xf, 0x33, 0x3b, 0x1c, 0x27, 0x31, 0x38, 0x19, 0x11, 0x3c, 0x22, 0x20], 0x3, 0x0, 0xe2a9}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@unspec=@connbytes={0x38, 'connbytes\x00', 0x0, {0x5, 0x6db, 0x1, 0x2}}, @common=@socket0={0x20, 'socket\x00'}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @random="dd4f724a0392", 0x5, 0x3, [0x11, 0x4, 0x26, 0x23, 0x2, 0x2f, 0x9, 0x14, 0x10, 0x14, 0x31, 0x5, 0xc, 0x25, 0x25, 0xa], 0x1, 0x2, 0x5}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x3d86, [0x2, 0x3166, 0x7, 0xffffffffffffff00, 0x400, 0x7f], 0x401, 0xff}}}, @common=@socket0={0x20, 'socket\x00'}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x10001}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x460) 20:26:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:10 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000cc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1395.178511] FAULT_INJECTION: forcing a failure. [ 1395.178511] name failslab, interval 1, probability 0, space 0, times 0 [ 1395.185131] binder: 8196:8198 ioctl 40046207 0 returned -16 [ 1395.190690] binder_alloc: 8196: binder_alloc_buf, no vma [ 1395.222494] CPU: 1 PID: 8208 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1395.229634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.238990] Call Trace: [ 1395.241591] dump_stack+0x1db/0x2d0 [ 1395.245244] ? dump_stack_print_info.cold+0x20/0x20 [ 1395.250272] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1395.255665] ? print_usage_bug+0xd0/0xd0 [ 1395.259743] should_fail.cold+0xa/0x15 [ 1395.263662] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1395.268782] ? ___might_sleep+0x1e7/0x310 [ 1395.272944] ? arch_local_save_flags+0x50/0x50 [ 1395.277546] __should_failslab+0x121/0x190 [ 1395.281795] should_failslab+0x9/0x14 [ 1395.285602] __kmalloc+0x2dc/0x740 [ 1395.289167] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1395.293848] ? ext4_htree_store_dirent+0x8a/0x650 [ 1395.298705] ext4_htree_store_dirent+0x8a/0x650 [ 1395.303385] htree_dirblock_to_tree+0x391/0x840 [ 1395.308075] ? dx_probe+0x1120/0x1120 [ 1395.308933] binder: undelivered TRANSACTION_ERROR: 29189 [ 1395.311870] ? __x64_sys_getdents64+0x73/0xb0 [ 1395.311886] ? ovl_path_open+0x56/0x70 [ 1395.325660] ? iterate_dir+0x20d/0x5f0 [ 1395.329537] ? ksys_getdents64+0x245/0x4a0 [ 1395.333759] ? print_usage_bug+0xd0/0xd0 [ 1395.337817] ext4_htree_fill_tree+0x2c3/0xd60 [ 1395.342299] ? add_lock_to_list.isra.0+0x450/0x450 [ 1395.347219] ? do_split+0x2070/0x2070 [ 1395.351009] ? ext4_readdir+0x2268/0x3590 [ 1395.355149] ? __lock_is_held+0xb6/0x140 [ 1395.359200] ? ext4_readdir+0x2268/0x3590 [ 1395.363372] ? rcu_read_lock_sched_held+0x110/0x130 [ 1395.368379] ? kmem_cache_alloc_trace+0x354/0x760 [ 1395.373219] ext4_readdir+0x1916/0x3590 [ 1395.377182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1395.382718] ? __ext4_check_dir_entry+0x350/0x350 [ 1395.387551] ? ___might_sleep+0x1e7/0x310 [ 1395.391690] ? lock_release+0xc40/0xc40 [ 1395.395664] ? iterate_dir+0xd8/0x5f0 [ 1395.399454] ? down_write+0x130/0x130 [ 1395.403250] ? security_file_permission+0x94/0x320 [ 1395.408167] iterate_dir+0x489/0x5f0 [ 1395.411875] ovl_dir_read_merged+0x42b/0xcf0 [ 1395.416281] ? ovl_dir_open+0x310/0x310 [ 1395.420242] ? __lock_is_held+0xb6/0x140 [ 1395.424291] ? ovl_fill_plain+0x340/0x340 [ 1395.428432] ? rcu_read_lock_sched_held+0x110/0x130 [ 1395.433437] ? kmem_cache_alloc_trace+0x354/0x760 [ 1395.438270] ? ovl_test_flag+0x12/0x20 [ 1395.442147] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1395.447154] ovl_iterate+0x899/0xe60 [ 1395.450862] ? ovl_iterate_real+0xd70/0xd70 [ 1395.455169] ? down_read_killable+0x150/0x150 [ 1395.459658] ? security_file_permission+0x94/0x320 [ 1395.464579] iterate_dir+0x20d/0x5f0 [ 1395.468294] ksys_getdents64+0x245/0x4a0 [ 1395.472343] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1395.477871] ? __ia32_sys_getdents+0x520/0x520 [ 1395.482439] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1395.487008] ? iterate_dir+0x5f0/0x5f0 [ 1395.490888] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1395.496238] ? trace_hardirqs_off_caller+0x300/0x300 [ 1395.501333] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1395.506080] __x64_sys_getdents64+0x73/0xb0 [ 1395.510394] do_syscall_64+0x1a3/0x800 [ 1395.514273] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1395.519190] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1395.524197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1395.529031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1395.534206] RIP: 0033:0x457e39 [ 1395.537385] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1395.556274] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1395.564073] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 20:26:11 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000000)) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:11 executing program 2 (fault-call:6 fault-nth:23): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003821e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001cc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x1000000]}}}], 0x0, 0x0, 0x0}) [ 1395.571335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1395.578602] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1395.585859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1395.593117] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 20:26:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1395.693533] binder: 8226:8228 got transaction with invalid offset (16777216, min 0 max 40) or object. 20:26:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002cc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1395.740168] binder_alloc: binder_alloc_mmap_handler: 8226 20ffc000-20ffe000 already mapped failed -16 [ 1395.774660] binder: BINDER_SET_CONTEXT_MGR already set 20:26:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:11 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003cc1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:11 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1395.814514] binder: 8226:8228 ioctl 40046207 0 returned -16 [ 1395.875561] binder: undelivered TRANSACTION_ERROR: 29201 [ 1396.005775] FAULT_INJECTION: forcing a failure. [ 1396.005775] name failslab, interval 1, probability 0, space 0, times 0 [ 1396.017733] CPU: 1 PID: 8250 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1396.024845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.034213] Call Trace: [ 1396.036810] dump_stack+0x1db/0x2d0 [ 1396.040443] ? dump_stack_print_info.cold+0x20/0x20 [ 1396.045464] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1396.050951] ? print_usage_bug+0xd0/0xd0 [ 1396.055033] should_fail.cold+0xa/0x15 [ 1396.058935] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1396.064066] ? ___might_sleep+0x1e7/0x310 [ 1396.068218] ? arch_local_save_flags+0x50/0x50 [ 1396.072900] __should_failslab+0x121/0x190 [ 1396.077137] should_failslab+0x9/0x14 [ 1396.080936] __kmalloc+0x2dc/0x740 [ 1396.084495] ? str2hashbuf_unsigned+0x2a0/0x2a0 [ 1396.089180] ? ext4_htree_store_dirent+0x8a/0x650 [ 1396.094035] ext4_htree_store_dirent+0x8a/0x650 [ 1396.098724] htree_dirblock_to_tree+0x391/0x840 [ 1396.103404] ? dx_probe+0x1120/0x1120 [ 1396.107217] ? __x64_sys_getdents64+0x73/0xb0 [ 1396.111714] ? ovl_path_open+0x56/0x70 [ 1396.116143] ? iterate_dir+0x20d/0x5f0 [ 1396.120024] ? ksys_getdents64+0x245/0x4a0 [ 1396.124260] ? print_usage_bug+0xd0/0xd0 [ 1396.128329] ext4_htree_fill_tree+0x2c3/0xd60 [ 1396.132826] ? add_lock_to_list.isra.0+0x450/0x450 [ 1396.137853] ? do_split+0x2070/0x2070 [ 1396.141686] ? ext4_readdir+0x2268/0x3590 [ 1396.145838] ? __lock_is_held+0xb6/0x140 [ 1396.149904] ? ext4_readdir+0x2268/0x3590 [ 1396.154065] ? rcu_read_lock_sched_held+0x110/0x130 [ 1396.159085] ? kmem_cache_alloc_trace+0x354/0x760 [ 1396.163945] ext4_readdir+0x1916/0x3590 [ 1396.167921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1396.173472] ? __ext4_check_dir_entry+0x350/0x350 [ 1396.178315] ? ___might_sleep+0x1e7/0x310 [ 1396.182466] ? lock_release+0xc40/0xc40 [ 1396.186463] ? iterate_dir+0xd8/0x5f0 [ 1396.190378] ? down_write+0x130/0x130 [ 1396.194186] ? security_file_permission+0x94/0x320 [ 1396.199148] iterate_dir+0x489/0x5f0 [ 1396.202891] ovl_dir_read_merged+0x42b/0xcf0 [ 1396.207310] ? ovl_dir_open+0x310/0x310 [ 1396.211285] ? __lock_is_held+0xb6/0x140 [ 1396.215357] ? ovl_fill_plain+0x340/0x340 [ 1396.219516] ? rcu_read_lock_sched_held+0x110/0x130 [ 1396.224549] ? kmem_cache_alloc_trace+0x354/0x760 [ 1396.229391] ? ovl_test_flag+0x12/0x20 [ 1396.233279] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1396.238298] ovl_iterate+0x899/0xe60 [ 1396.242019] ? ovl_iterate_real+0xd70/0xd70 [ 1396.246345] ? down_read_killable+0x150/0x150 [ 1396.250961] ? security_file_permission+0x94/0x320 [ 1396.255894] iterate_dir+0x20d/0x5f0 [ 1396.259614] ksys_getdents64+0x245/0x4a0 [ 1396.263672] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1396.269214] ? __ia32_sys_getdents+0x520/0x520 [ 1396.273811] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1396.278390] ? iterate_dir+0x5f0/0x5f0 [ 1396.282281] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1396.287645] ? trace_hardirqs_off_caller+0x300/0x300 [ 1396.292854] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1396.297627] __x64_sys_getdents64+0x73/0xb0 [ 1396.301951] do_syscall_64+0x1a3/0x800 [ 1396.305847] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1396.310783] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1396.315803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1396.320654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1396.325839] RIP: 0033:0x457e39 [ 1396.329038] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1396.347941] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1396.355657] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1396.363050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1396.370317] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1396.377596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1396.384863] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1396.398953] net_ratelimit: 20 callbacks suppressed 20:26:12 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x80) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0xfffffffffffffffc, &(0x7f0000000180)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) r2 = shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x2000) r3 = msgget(0x0, 0x20) msgsnd(r3, &(0x7f0000000000)={0x3, "c4cbbd078e92184797733ee343982d44b642e3653f"}, 0x1d, 0x800) shmdt(r2) 20:26:12 executing program 2 (fault-call:6 fault-nth:24): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000cd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x2000000]}}}], 0x0, 0x0, 0x0}) [ 1396.398960] protocol 88fb is buggy, dev hsr_slave_0 [ 1396.409172] protocol 88fb is buggy, dev hsr_slave_1 [ 1396.474337] binder: 8253:8256 got transaction with invalid offset (33554432, min 0 max 40) or object. 20:26:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001cd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000000)=""/28, 0x1c) 20:26:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003831e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1396.524150] binder_transaction: 2 callbacks suppressed [ 1396.524165] binder: 8253:8256 transaction failed 29201/-22, size 40-8 line 3097 [ 1396.550984] FAULT_INJECTION: forcing a failure. [ 1396.550984] name failslab, interval 1, probability 0, space 0, times 0 [ 1396.580194] binder_alloc: binder_alloc_mmap_handler: 8253 20ffc000-20ffe000 already mapped failed -16 [ 1396.620019] binder_alloc: 8253: binder_alloc_buf, no vma [ 1396.624785] binder: BINDER_SET_CONTEXT_MGR already set [ 1396.632846] CPU: 0 PID: 8264 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1396.639963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.644925] binder: 8253:8268 transaction failed 29189/-3, size 40-8 line 3035 [ 1396.649324] Call Trace: [ 1396.649348] dump_stack+0x1db/0x2d0 [ 1396.649369] ? dump_stack_print_info.cold+0x20/0x20 [ 1396.649385] ? __lock_is_held+0xb6/0x140 [ 1396.649410] should_fail.cold+0xa/0x15 [ 1396.649431] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1396.649453] ? ___might_sleep+0x1e7/0x310 [ 1396.649469] ? arch_local_save_flags+0x50/0x50 [ 1396.689733] ? ext4_htree_store_dirent+0x445/0x650 [ 1396.694679] __should_failslab+0x121/0x190 [ 1396.698920] should_failslab+0x9/0x14 [ 1396.698937] __kmalloc+0x2dc/0x740 [ 1396.698956] ? dx_probe+0x1120/0x1120 [ 1396.698972] ? __x64_sys_getdents64+0x73/0xb0 [ 1396.698984] ? ovl_cache_entry_new+0x3f/0x550 [ 1396.699000] ovl_cache_entry_new+0x3f/0x550 [ 1396.710111] ovl_fill_merge+0x56c/0xea0 [ 1396.727360] ? ext4_htree_fill_tree+0x240/0xd60 [ 1396.732040] ? ovl_fill_plain+0x340/0x340 [ 1396.736195] ? do_split+0x2070/0x2070 [ 1396.740031] ? ext4_readdir+0x2268/0x3590 [ 1396.744186] ? __lock_is_held+0xb6/0x140 [ 1396.748303] ? ext4_readdir+0x2268/0x3590 [ 1396.752464] call_filldir+0x398/0x630 [ 1396.756288] ext4_readdir+0x2816/0x3590 [ 1396.760264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1396.760297] ? __ext4_check_dir_entry+0x350/0x350 [ 1396.760314] ? ___might_sleep+0x1e7/0x310 [ 1396.760331] ? lock_release+0xc40/0xc40 [ 1396.760357] ? iterate_dir+0xd8/0x5f0 [ 1396.760371] ? down_write+0x130/0x130 [ 1396.760390] ? security_file_permission+0x94/0x320 [ 1396.760412] iterate_dir+0x489/0x5f0 [ 1396.795078] ovl_dir_read_merged+0x42b/0xcf0 [ 1396.799498] ? ovl_dir_open+0x310/0x310 [ 1396.803471] ? __lock_is_held+0xb6/0x140 [ 1396.807529] ? ovl_fill_plain+0x340/0x340 [ 1396.811674] ? rcu_read_lock_sched_held+0x110/0x130 [ 1396.816677] ? kmem_cache_alloc_trace+0x354/0x760 [ 1396.821514] ? ovl_test_flag+0x12/0x20 [ 1396.825391] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1396.830395] ovl_iterate+0x899/0xe60 [ 1396.834097] ? ovl_iterate_real+0xd70/0xd70 [ 1396.838403] ? down_read_killable+0x150/0x150 [ 1396.842893] ? security_file_permission+0x94/0x320 [ 1396.847813] iterate_dir+0x20d/0x5f0 [ 1396.851518] ksys_getdents64+0x245/0x4a0 [ 1396.855565] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1396.861088] ? __ia32_sys_getdents+0x520/0x520 [ 1396.865652] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1396.870220] ? iterate_dir+0x5f0/0x5f0 [ 1396.874096] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1396.879451] ? trace_hardirqs_off_caller+0x300/0x300 [ 1396.884554] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1396.889299] __x64_sys_getdents64+0x73/0xb0 [ 1396.893611] do_syscall_64+0x1a3/0x800 [ 1396.897498] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1396.902507] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1396.907512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1396.912345] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1396.917515] RIP: 0033:0x457e39 20:26:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003be1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x1000) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1396.920691] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1396.939576] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1396.947266] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1396.948853] protocol 88fb is buggy, dev hsr_slave_0 [ 1396.954540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1396.954549] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1396.959620] protocol 88fb is buggy, dev hsr_slave_1 [ 1396.966799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1396.966808] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1396.974180] protocol 88fb is buggy, dev hsr_slave_0 [ 1396.998706] protocol 88fb is buggy, dev hsr_slave_1 [ 1397.010949] binder: 8253:8256 ioctl 40046207 0 returned -16 20:26:12 executing program 2 (fault-call:6 fault-nth:25): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002cd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x3000000]}}}], 0x0, 0x0, 0x0}) 20:26:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r0, 0x40086408, &(0x7f0000000200)={0x100000001, 0x9}) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000000)='.//ile0\x00', 0x10000000080) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) [ 1397.112236] binder: 8283:8284 got transaction with invalid offset (50331648, min 0 max 40) or object. [ 1397.129552] binder: 8283:8284 transaction failed 29201/-22, size 40-8 line 3097 20:26:12 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1397.174876] binder_alloc: binder_alloc_mmap_handler: 8283 20ffc000-20ffe000 already mapped failed -16 [ 1397.190874] overlayfs: failed to resolve './file1': -2 [ 1397.199080] binder: BINDER_SET_CONTEXT_MGR already set [ 1397.207394] binder_alloc: 8283: binder_alloc_buf, no vma 20:26:12 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003cd1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:12 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1397.221058] binder: 8283:8284 ioctl 40046207 0 returned -16 20:26:12 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000340)=""/84) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x4000000]}}}], 0x0, 0x0, 0x0}) [ 1397.247791] binder_release_work: 3 callbacks suppressed [ 1397.247797] binder: undelivered TRANSACTION_ERROR: 29201 [ 1397.259370] binder: 8283:8289 transaction failed 29189/-3, size 40-8 line 3035 [ 1397.282810] binder: undelivered TRANSACTION_ERROR: 29189 20:26:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ce1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1397.342756] binder: 8302:8303 got transaction with invalid offset (67108864, min 0 max 40) or object. [ 1397.374865] binder: 8302:8303 transaction failed 29201/-22, size 40-8 line 3097 [ 1397.385775] overlayfs: filesystem on './file0' not supported as upperdir [ 1397.392850] binder_alloc: binder_alloc_mmap_handler: 8302 20ffc000-20ffe000 already mapped failed -16 [ 1397.414859] binder: BINDER_SET_CONTEXT_MGR already set [ 1397.421122] binder_alloc: 8302: binder_alloc_buf, no vma [ 1397.440688] binder: 8302:8303 ioctl 40046207 0 returned -16 [ 1397.451226] binder: 8302:8309 transaction failed 29189/-3, size 40-8 line 3035 [ 1397.466009] binder: undelivered TRANSACTION_ERROR: 29201 [ 1397.474258] FAULT_INJECTION: forcing a failure. [ 1397.474258] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.476059] binder: undelivered TRANSACTION_ERROR: 29189 [ 1397.490156] CPU: 1 PID: 8311 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1397.498213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.507557] Call Trace: [ 1397.510152] dump_stack+0x1db/0x2d0 [ 1397.513790] ? dump_stack_print_info.cold+0x20/0x20 [ 1397.518806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1397.524166] ? __lock_is_held+0xb6/0x140 [ 1397.528212] ? print_usage_bug+0xd0/0xd0 [ 1397.532350] should_fail.cold+0xa/0x15 [ 1397.536226] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1397.541322] ? ___might_sleep+0x1e7/0x310 [ 1397.545454] ? arch_local_save_flags+0x50/0x50 [ 1397.550032] __should_failslab+0x121/0x190 [ 1397.554262] should_failslab+0x9/0x14 [ 1397.558244] __kmalloc+0x2dc/0x740 [ 1397.561777] ? dx_probe+0x1120/0x1120 [ 1397.565563] ? ovl_cache_entry_new+0x3f/0x550 [ 1397.570218] ovl_cache_entry_new+0x3f/0x550 [ 1397.574527] ovl_fill_merge+0x56c/0xea0 [ 1397.578492] ? ovl_fill_plain+0x340/0x340 [ 1397.582629] ? do_split+0x2070/0x2070 [ 1397.586413] ? ext4_readdir+0x2268/0x3590 [ 1397.590557] ? __lock_is_held+0xb6/0x140 [ 1397.594599] ? ext4_readdir+0x2268/0x3590 [ 1397.598753] call_filldir+0x398/0x630 [ 1397.602547] ext4_readdir+0x2816/0x3590 [ 1397.606524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1397.612078] ? __ext4_check_dir_entry+0x350/0x350 [ 1397.616910] ? ___might_sleep+0x1e7/0x310 [ 1397.621060] ? lock_release+0xc40/0xc40 [ 1397.625043] ? iterate_dir+0xd8/0x5f0 [ 1397.628839] ? down_write+0x130/0x130 [ 1397.632628] ? security_file_permission+0x94/0x320 [ 1397.637556] iterate_dir+0x489/0x5f0 [ 1397.641258] ovl_dir_read_merged+0x42b/0xcf0 [ 1397.645657] ? ovl_dir_open+0x310/0x310 [ 1397.649634] ? __lock_is_held+0xb6/0x140 [ 1397.653679] ? ovl_fill_plain+0x340/0x340 [ 1397.657827] ? rcu_read_lock_sched_held+0x110/0x130 [ 1397.662838] ? kmem_cache_alloc_trace+0x354/0x760 [ 1397.667776] ? ovl_test_flag+0x12/0x20 [ 1397.671743] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1397.676743] ovl_iterate+0x899/0xe60 [ 1397.680445] ? ovl_iterate_real+0xd70/0xd70 [ 1397.684759] ? down_read_killable+0x150/0x150 [ 1397.689240] ? security_file_permission+0x94/0x320 [ 1397.694153] iterate_dir+0x20d/0x5f0 [ 1397.697864] ksys_getdents64+0x245/0x4a0 [ 1397.701907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1397.707440] ? __ia32_sys_getdents+0x520/0x520 [ 1397.712004] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1397.716656] ? iterate_dir+0x5f0/0x5f0 [ 1397.720536] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1397.725905] ? trace_hardirqs_off_caller+0x300/0x300 [ 1397.731000] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1397.735754] __x64_sys_getdents64+0x73/0xb0 [ 1397.740097] do_syscall_64+0x1a3/0x800 [ 1397.743974] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1397.748894] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1397.753906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1397.758753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1397.763940] RIP: 0033:0x457e39 [ 1397.767120] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1397.786305] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1397.794012] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1397.801265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1397.808522] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1397.815794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1397.823047] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1397.830804] protocol 88fb is buggy, dev hsr_slave_0 [ 1397.835891] protocol 88fb is buggy, dev hsr_slave_1 20:26:13 executing program 2 (fault-call:6 fault-nth:26): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003bf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ce1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:13 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0xd) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c6530302c776f726b050010002e2f66ea6c6531"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000000)=@md0='/dev/md0\x00', &(0x7f0000000180)='.//ile0\x00', &(0x7f0000000340)='msdos\x00', 0x1000, &(0x7f0000000380)='tmpfs\x00') renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x5000000]}}}], 0x0, 0x0, 0x0}) [ 1397.841146] protocol 88fb is buggy, dev hsr_slave_0 [ 1397.841194] protocol 88fb is buggy, dev hsr_slave_1 20:26:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:13 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003841e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ce1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1397.921340] overlayfs: unrecognized mount option "work" or missing value [ 1397.940714] binder: 8318:8320 got transaction with invalid offset (83886080, min 0 max 40) or object. [ 1397.942622] overlayfs: unrecognized mount option "work" or missing value 20:26:13 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000480)='./file0/file0\x00', 0x0, 0x3) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f0000000000)='.//ile0/file0\x00', 0x1ef) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,e0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getresuid(&(0x7f0000000500), &(0x7f0000000340)=0x0, &(0x7f0000000380)) sendmsg$nl_netfilter(r0, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000100}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, 0x12, 0x2, 0x308, 0x70bd27, 0x25dfdbfc, {0x7, 0x0, 0x6}, [@typed={0x8, 0x83, @uid=r2}, @nested={0x4, 0x8a}]}, 0x20}, 0x1, 0x0, 0x0, 0x840}, 0x20000000) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1397.988042] binder: 8318:8320 transaction failed 29201/-22, size 40-8 line 3097 20:26:13 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:13 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ce1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1398.049662] binder_alloc: binder_alloc_mmap_handler: 8318 20ffc000-20ffe000 already mapped failed -16 [ 1398.089552] FAULT_INJECTION: forcing a failure. [ 1398.089552] name failslab, interval 1, probability 0, space 0, times 0 [ 1398.110223] binder_alloc: 8318: binder_alloc_buf, no vma [ 1398.110227] binder: BINDER_SET_CONTEXT_MGR already set [ 1398.110240] binder: 8318:8320 ioctl 40046207 0 returned -16 [ 1398.124104] binder: 8318:8332 transaction failed 29189/-3, size 40-8 line 3035 [ 1398.148853] CPU: 1 PID: 8328 Comm: syz-executor2 Not tainted 5.0.0-rc4+ #55 [ 1398.155982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.165337] Call Trace: [ 1398.167942] dump_stack+0x1db/0x2d0 [ 1398.171584] ? dump_stack_print_info.cold+0x20/0x20 [ 1398.176609] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1398.176619] binder: undelivered TRANSACTION_ERROR: 29189 [ 1398.181971] ? __lock_is_held+0xb6/0x140 [ 1398.181988] ? print_usage_bug+0xd0/0xd0 [ 1398.182010] should_fail.cold+0xa/0x15 [ 1398.182032] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1398.182055] ? ___might_sleep+0x1e7/0x310 [ 1398.182069] ? arch_local_save_flags+0x50/0x50 [ 1398.182093] __should_failslab+0x121/0x190 [ 1398.217451] should_failslab+0x9/0x14 [ 1398.221254] __kmalloc+0x2dc/0x740 [ 1398.224804] ? dx_probe+0x1120/0x1120 [ 1398.228596] ? ovl_cache_entry_new+0x3f/0x550 [ 1398.233080] ovl_cache_entry_new+0x3f/0x550 [ 1398.237393] ovl_fill_merge+0x56c/0xea0 [ 1398.241377] ? ovl_fill_plain+0x340/0x340 [ 1398.245519] ? do_split+0x2070/0x2070 [ 1398.249303] ? ext4_readdir+0x2268/0x3590 [ 1398.253442] ? __lock_is_held+0xb6/0x140 [ 1398.257581] ? ext4_readdir+0x2268/0x3590 [ 1398.261721] call_filldir+0x398/0x630 [ 1398.265526] ext4_readdir+0x2816/0x3590 [ 1398.269489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1398.275032] ? __ext4_check_dir_entry+0x350/0x350 [ 1398.279858] ? ___might_sleep+0x1e7/0x310 [ 1398.283999] ? lock_release+0xc40/0xc40 [ 1398.287973] ? iterate_dir+0xd8/0x5f0 [ 1398.291759] ? down_write+0x130/0x130 [ 1398.295553] ? security_file_permission+0x94/0x320 [ 1398.300473] iterate_dir+0x489/0x5f0 [ 1398.304179] ovl_dir_read_merged+0x42b/0xcf0 [ 1398.308580] ? ovl_dir_open+0x310/0x310 [ 1398.312542] ? __lock_is_held+0xb6/0x140 [ 1398.316584] ? ovl_fill_plain+0x340/0x340 [ 1398.320725] ? rcu_read_lock_sched_held+0x110/0x130 [ 1398.325727] ? kmem_cache_alloc_trace+0x354/0x760 [ 1398.330557] ? ovl_test_flag+0x12/0x20 [ 1398.334430] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 1398.339434] ovl_iterate+0x899/0xe60 [ 1398.343149] ? ovl_iterate_real+0xd70/0xd70 [ 1398.347657] ? down_read_killable+0x150/0x150 [ 1398.352143] ? security_file_permission+0x94/0x320 [ 1398.357176] iterate_dir+0x20d/0x5f0 [ 1398.360887] ksys_getdents64+0x245/0x4a0 [ 1398.364934] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1398.370472] ? __ia32_sys_getdents+0x520/0x520 [ 1398.375043] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1398.379608] ? iterate_dir+0x5f0/0x5f0 [ 1398.383500] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1398.388849] ? trace_hardirqs_off_caller+0x300/0x300 [ 1398.394030] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1398.398789] __x64_sys_getdents64+0x73/0xb0 [ 1398.403097] do_syscall_64+0x1a3/0x800 [ 1398.406972] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1398.411921] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1398.416922] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1398.421753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1398.426933] RIP: 0033:0x457e39 [ 1398.430116] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1398.449003] RSP: 002b:00007fa09e8dfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1398.456697] RAX: ffffffffffffffda RBX: 00007fa09e8dfc90 RCX: 0000000000457e39 [ 1398.464058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1398.471485] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1398.478739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09e8e06d4 [ 1398.486013] R13: 00000000004be6fe R14: 00000000004cf198 R15: 0000000000000004 [ 1398.527478] overlayfs: unrecognized mount option "e0" or missing value [ 1398.554690] overlayfs: unrecognized mount option "e0" or missing value 20:26:14 executing program 2 (fault-call:6 fault-nth:27): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000cf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6000000]}}}], 0x0, 0x0, 0x0}) 20:26:14 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x8, 0x40) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in=@empty, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}}}, &(0x7f0000000440)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0}, &(0x7f00000004c0)=0xc) sendmsg$nl_generic(r0, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000800)={0x3b4, 0x14, 0x220, 0x70bd26, 0x25dfdbfd, {}, [@nested={0xec, 0x79, [@typed={0xc, 0x54, @str='tmpfs\x00'}, @generic="15dbad108179a4131107d66fa7dc44a95481a9c481137abdad87b3356cf7c85e377fbeb412c0808eb82fe4374bf015a29d0068dbbc6a76a375106e419967a9dc9104c0b1f3932776d9f056080869b26ed90ba57b7656452d77734a8e95df66e513682858bc4f828a0e4596c11d8f8c3949993c85418d0c5218dd788bc5e146721a040aba9e7ab89929fdcc3f35276df53c8eea09a62cf66acf0c1f0a471ce9a6144f5645793fb8826228d3956afb0002e7fc4fe70b6b98ac6d5ac7077b2d1d3537367ec25c70445b", @typed={0xc, 0x3a, @str='overlay\x00'}, @typed={0x8, 0x2d, @ipv4=@remote}]}, @nested={0x15c, 0x75, [@typed={0x74, 0x30, @binary="3a4796ef8929aef4aa18c18ab2e15af56a5c963867201b7ffc5fd7620611e2b48013059a3a928528db887b6a7f3f448b5042d787d0ad7407c70d1ffc4416bc5ed37946eb64b149f00fde5356266caf626b15a321f9a1e98fd6555a07316e3f44570c8ccc16fac20f014e2879b2"}, @generic="79aa3063a7162347bea6e81aa817c192dbb0854c5a1094f972c5aab0531efb12c803f201eb7b613df6de79e24a0076c25ac4a349ce821cb77a4063e6c5778017b8bfce35ee709c4f565f03b7351dbd2bd4e85559885b94112c52a7f9fff9afc656326eb63c430fedd9965f284667089b4838c3b84bcf254afd31644f0466a9829daaff63e6e71ed71b7d6d9a8d2b8e67f8ea6b94396b14beb9ac6477c8fbc98068a818b52d0b10234cb8a2cdb953375398f756a22c1659087ed1da90c6b2358f3687f5614ce2a3122c1da7317a5e1ce9dcd7de4f3b71b583d3bf6b516477d123818f07"]}, @nested={0x158, 0x7c, [@generic="f8fb0c38ff68b958ec300718b3e8e4576813623cbed707b855d0d23e34a081a02731e398130eeba5f625a7cebbd7422193e06983a501a99c0fc6138c0f8872b53d13604284e20a1987e33a943e949e3833b5fa52d7eccf26534c08623bcec5452f3218c3844f023469c82b10f16c3fb6e22eec1ba5eb214b75ece37e4086bc196e0fe6420224555ff39b6ae2e5e1c03472358ff880f6933f39bf4f59aa93", @generic="b61e6d2d03077d30ccc3e0066b46ea5b133e29a36615c0a0a8b45fd366622cd503e0bca9382d5983ee218f16c37baea2b28699c78241449ea78fb59ec5644c243c519c8bc96f689dba373d1f83e5738620b60d60d6bc4b5eb3dee203e40c6a177e9071886d779b97fa8d5d4e", @typed={0xc, 0x5f, @u64=0x8}, @typed={0x8, 0xe, @uid=r1}, @typed={0x14, 0x30, @ipv6=@dev={0xfe, 0x80, [], 0xa}}, @typed={0x8, 0x91, @uid=r2}, @generic="2b14", @typed={0x4, 0x12}, @typed={0x14, 0x50, @ipv6=@mcast2}]}]}, 0x3b4}, 0x1, 0x0, 0x0, 0x20000000}, 0x44000) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r3) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r4 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r4, &(0x7f0000000240)='.//ile0\x00', r4, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r4, &(0x7f0000000280)=""/28, 0x1c) [ 1398.593876] binder: undelivered TRANSACTION_ERROR: 29201 20:26:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1398.700333] binder: 8344:8345 got transaction with invalid offset (100663296, min 0 max 40) or object. 20:26:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001cf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000180)='.//ile0\x00', 0x5, 0x4, &(0x7f0000000580)=[{&(0x7f0000000340)="524ebf0b6ffb61a3401b34d8d6e66b58a83c84d8bc0412153870d3a22085c6d9c24b5fbaa1a48e097d5a6781e801e19e323f2f3fb49b99beb49367679aa7ad0f9abc949b8c4023cc9612c4b8ac358898b10cb4725bfd55bf127f72a8eeabf65f21630e4b872238ba63e5ecd5384763cb877cd0de1a5921221e8f", 0x7a, 0x1}, {&(0x7f00000003c0)="4db582ccac9b81acb9303e64b4e095a1886350d75c79865cfd35f3c015e94e8a9ef0edbe4f2f99d313d037653baf2f6b9cc8a2c7ea734690ee95651657e18fae9b3bc2af59bde8506c80626b5ae780db11ec8365970d6ae56ca5907ba7c991b8da54bd283c89cc1c9f43ee210b3334eabf6fa1592bed3cd37004cec4532d1a13a5dad1a5", 0x84, 0x8}, {&(0x7f0000000480)="08b34f8aed078bd36cb28044ae59a318126a24fff7e16f3ad20edbffe45ec320ab82c0959e087b92d36529de0cb2c32fadf8f34ddee8215d2ccf4184dfff09544b19e834cbb32aa482ce434822f50660228e1b6a58e67ee902547e4c5251b931f7475689ff0dd0c46af5503bc2e115b899194dce1171d7e31c43fd8837de3011643650410eb123b8628955d4af063d1f5ff4caa411502b15d77024fcc7a09cdc8276b4afb2d6c22d3e5bdaf9083c", 0xae, 0x3}, {&(0x7f0000000540)="df23e858d54b4903dc4d4944f95bc69b19b3b953", 0x14, 0x3}], 0x200008, &(0x7f0000000600)={[], [{@subj_role={'subj_role', 0x3d, 'overlay\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x76ff}}, {@permit_directio='permit_directio'}]}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1398.750987] binder: 8344:8345 transaction failed 29201/-22, size 40-8 line 3097 [ 1398.772548] binder_alloc: binder_alloc_mmap_handler: 8344 20ffc000-20ffe000 already mapped failed -16 [ 1398.800397] binder: BINDER_SET_CONTEXT_MGR already set [ 1398.805723] binder: 8344:8345 ioctl 40046207 0 returned -16 [ 1398.838886] binder_alloc: 8344: binder_alloc_buf, no vma 20:26:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="24000ec01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1398.844396] binder: 8344:8352 transaction failed 29189/-3, size 40-8 line 3035 20:26:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002cf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1398.879772] binder: undelivered TRANSACTION_ERROR: 29201 [ 1398.889274] binder: undelivered TRANSACTION_ERROR: 29189 [ 1398.957164] hfsplus: unable to parse mount options [ 1398.979432] overlayfs: filesystem on './file0' not supported as upperdir [ 1399.002427] overlayfs: failed to resolve './file1': -2 20:26:14 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x0) 20:26:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x7000000]}}}], 0x0, 0x0, 0x0}) 20:26:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003cf1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000000)='./file2\x00', r1, &(0x7f0000000180)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:14 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003851e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000000)='./file0/f.le.\x00', 0x100) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1399.140177] binder: 8378:8380 got transaction with invalid offset (117440512, min 0 max 40) or object. [ 1399.176318] binder_alloc: binder_alloc_mmap_handler: 8378 20ffc000-20ffe000 already mapped failed -16 [ 1399.243052] binder: BINDER_SET_CONTEXT_MGR already set [ 1399.256628] binder: 8378:8380 ioctl 40046207 0 returned -16 20:26:14 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.283776] binder_alloc: 8378: binder_alloc_buf, no vma 20:26:15 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x2) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.328124] binder: undelivered TRANSACTION_ERROR: 29201 [ 1399.339528] binder: undelivered TRANSACTION_ERROR: 29189 20:26:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0xa000000]}}}], 0x0, 0x0, 0x0}) 20:26:15 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000001bc0)='tmpfs\x00', 0x2, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) execve(&(0x7f0000000780)='.//ile0\x00', &(0x7f0000001980)=[&(0x7f0000001800)='&R\x00', &(0x7f0000001840)='tmpfs\x00', &(0x7f0000001880)='eth0trusted&\x00', &(0x7f00000018c0)='&\x00', &(0x7f0000001900)='gfs2\x00', &(0x7f0000001940)='wlan1[\xdbself/md5sum\x00'], &(0x7f0000001a80)=[&(0x7f00000019c0)='bdev@&\x00', &(0x7f0000001a00)='cgroup/vmnet1(\'cgroup#\x00', &(0x7f0000001a40)='uid<']) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') r1 = geteuid() syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000180)='./file0/f.le.\x00', 0x9, 0x7, &(0x7f0000000640)=[{&(0x7f0000000340)="cc332dbb3ea7eba1a66f05c723c2", 0xe}, {&(0x7f0000000380)="e0dd0e7d0d6c024df4ecb5cf48a0f0c97794cf2450e5287fe0e2c7f52f944c943a828abe9aa0e372836456cedc468de7c3a6ddbf3aed1569b6bc26f4d9b7be2119d45ec87269f9ffcd962962fdba7ab77f0e40b18c7eb602b11c9e46cab91145eafea24caff88656ebe674bee955e88d7cb0c5c386132d30367c39498a8878d5d512c1224a5076153edef412e9d1d26de1afe5bd3d417af769d96b8c23c51ea5df14519c8065efa38fe4912a6830d05d4a5f4e271d786019478a04f05d0bb1e22dcfeb9df6a53ab7d28350e3393fed63fa90ed50ff091631c8f7a7314b4e1a118de20191bdb4d3a9cf2f90", 0xeb, 0x3}, {&(0x7f0000000480)="6bf7c681eed8c301a39f48dbf64cf7813f5ecfac8e943f6130f0cf9d5274d5a04dafd739593f2065f184939bcd0add1d6fa0c9021327d81c4f75fee3e4d781420e5e2b4c202820dc086ee1466b8ddea516179249c9144d158046a05b7754bf214ff19bd792d70b7f595810f5adc89568309ddd5cc03be1b125f391e4a145119e2947ce7d3bcf78e1ecd4e1787052e6632eaec5da92798388356b41d2de01d4e2e2868c3fa0b2d71ff3adab031fa17f5386c8da813e032e48097cf05a155fb3903809fe09bbc3529521b0895dfa746e9a8a64fe", 0xd3, 0x4}, {0xfffffffffffffffe, 0x0, 0xca}, {&(0x7f0000000580)="db518034bf0e34db52dc9a2078d9b3d5a9d4546034a444f0", 0x18, 0x4}, {&(0x7f0000000800)="bbe5de96fe0abb330c345ed659f4a11a87de596d7ba7c19d9867dc7d2846a7b99669edaaff14ec34342f032b459a83d76c52c1716252ed9be8bc157914d1ac2ac9b68982d736b947220f86d3a656f6a3f83f992ab5252fa93b9c9d851278804b851d5a6c8b014fc21165e0475732cd9f5d5d9e2587c4c14fa2f900bf245c648c808306dba11da8a65587de78dbc89c5cc3e7b2f0bf34ceb0c91a6f5f34f9c322699cda444936a97c0e2200f3f7d633ab55ef853e6e480082f16726ba9fafbf0512469183f01fcd8fd43602a0005e56dde702855fa6aac6540a0571eb7725345e11782cbfd3d91a32b169eca894735726dd685266be12b4201ead24497ccf5d96f01724ccbe399f3168b694e989f5ff431521d58126e29be69c3c04bc21b843c838003f72b405abb2faa319bfaaf73244af3ba4a47c8265cf6d741d6625d587d4d77568f2395afa1fe636d72707f7d23ee77d8a325207c6fedd50918f9f7ac1ee697a2d72edb7c9cef11792ea7d94b8de1b32aceeacec314092afb7541cf77f7d7696b6dd45edb645e23dc60b9c41cc055583962db4bd6d1ea4386bb5fa1ed6fa880f08da109b3c3d911085fc3ed90fdbb4b265ee915eb6f01c6a9a54b3192624472d825d4aeea25992e614ee5008df5de26f07cc65a145c020b8d748b19e879dab653e54d788979b368276c4d1da54e323ec0aa6425b0e86738447ee7d7756ddb21c09053ede0662cc21ccc5c9cf562571715527fa07421c22c2ccf49d1a2d08421fdc99d4bc044c70fa37792bbc43a8c7c69e9c539d2c8c25ce637a55ae8a4a2000bcd8648bb74021490e3edefe885d7daccac927de9eeb952be0b8d5ae8c8e23c514883c0e3bd2323c27eb84409549cdc2e7a919ae556236ce94ba31244d4e4808dcab039821667095dafdefa0cfebcf3707192f33889e02f8b7dbdc486c96bbdf066e646e05902e2b0c120bf0c1cf39223abe00404578d92f959875bf2595f80f1ff0f0e121c856fcb1f28781b88481e55209220b3d445292a5394bb59460e0e94aa8ea0e489a47ff31b3114dfb4a855e55fd89a63860b5a5e2abbe95fdbd7ffe3054dcecd81da874783fc4b022abcd385b774e3f61f7c9f2dc6c7589d5696c02f54647c79617522562cd52f3f7150bc77f83439b100e51e2e5ae9f5f1a5421f48571756dd0def51176f7edacd567b373677bea19abd5ed46938a0e3b957974a1788802c70f07a1291569aed4f1a2aff8473b6bd8f4d80f37f948a3c809cd4a0c359caec5604f054f8d3fb26369fc8aecad592d69688fda8dfb00d27774a761382a417429526fd5d920bed3af865314451158752b6ce3e1c0bbab8dcdde2b4967942875c90f378f6c19132c2e9e40c7a4fdccdd2221b3770e51ceea06fe2e1a38c398f7d8511f81199e427b18baeae37717ff65582cedd2b3b52bd1e747835a8d386699c5e3ca703ba22185ce70b270e5ecc1b292dcf58743c82c59ebd56ad84f96a665f098f3dedde12d7454e7b8d873cf5ae78c88b7cf2a6d146bd991a37b491c570bda364691c8a6b689f3423d412b9ac8cd84f443623dfff36f44898784bc78a559f07b77f7ba0b5d5a646007ebcac9738f44e332c96e1eb283dcdd33c18b911bf76f2464d246b12405e671d193e8a9883adb51861e69c9e2ee3dad8afc47c412e4e5aa89d8e9cbdafe5bd4f1542b01511f1214e79ab592f56d603daa1929ce4e66b0fd9f2008ab40ec2217aced3110aed7ca2b450524274a387a7ce649a4500165fe889149520b416ebaf2ce662252f3cb7f76531839f57a8ae7af75c9eae57c6d6be85a19dfc6c11c93b781a5944b39a6de3dbdfa06d417e0ab6369c18fd6dda3d45b32f139354fad116f564f2b59b8b1a235eb8684172de209b4c7a1231bba693026d0b601dd7e6167241601d047a5fd443becec7474654c86b0c23b718077b4a5a19cb8db7dc4a492f056c0e034c6e4bae8456ad32780e62fcecd09e010103b255b36572c3b70a67bf2e8fb410fd5b6077e7646b8f550841f3b92c5195a1ff60ab947989460b78ec3a460fd64c2af2c90ba97d06c74d91594d44993cdb303182f19b611b01f41ca5e02eca3616439265a890dd619514e09f5ef61b822cebf73381a31959264daada17607d3f7fd7e6bcd8d631f4452ddb8e26254079063c61c1eef4c2c38f7c829113bc3bbdb425ba7da4ec91ad48a548efbbe01e83abcc103b516cd29131901467eec2b0ebf5cb4ffc588d24043072056ac3f898f13c3509003c2b70424c692469df3983fb9238112951df9846b2daf66a9eb7ea33a37e06be10fab278e95f933bc3921a828333209909a29e08107d6af79fcc9a656869ab77daec6234c019bd5cde7a640d83bf89cc3dc2b61c540a64a371e6d3217981bb0ec4e103fed6f7e43c75d7cbe5fe127a3ea4e1c859788d0fc184b281d75091ba0a808b252dcc9ce3e769bc0135c404348fc62e3243062a31ea792c478357c5ba94bbf5c53873e56357ac6834a61ab089ac5be389a5e7553175b2c734e970ae2631557664ceb1f51398cd4b67f08e283d931068a01bf2e642867bc55ec8929a80ca5796ed2c5157776a5a7ac32f9e9938c2efb1bf1505e517bc26536cf5ec0c1b38857d1244c8476da497aa5ace1068ed00756dbf0fa9f5179f513bc82243590edfaf037d84a2c49431d2b9113ef73ddbfa89e09b1fca676a49726fab07f05d60765c38c6316d1b5e81fd04cf4ff0e383dec68354a3a7ae4a48a9589ca5c93a428c393932d3f44a20e6f4d1f3e79bd965febd93b84b352bb05f48a98ee3ed795cd458706f7025c2d62ed6e0c08523ceed688ed7285795db0fe0c43a5a0236d7b68a433b9105fa1081e108f8d05880b336328c1051449d8c275700c8c9da480a112530d56cdfb160317bbbc29d8104736721eac27d3c0c534e50ed66783330cfab3f3e8173a2100f8c32b5460b651c3500395b24f8823141e6c66075fcf00b85ccba66090ae552b0bf3f2ca382dcddc2b8f40eb761676293c593d9d81360fa823acbf538313e8c3c963b5b9ce97c57fdc6b3bc40a0c639ebb44011e14cbd0b17693d576c81dcbfdecf591c335b90d33059b8f3704d06b36276127a85f5fb8509f3b00a36d5911ccc0819723d442eddda53a46bd17fe5aefab4cf9edf159755a28786f9700ca1aad86783f1532c12170e026676f6787fed90ca75fb614628fedf36b844f10bf8714327ee6b3847edc1c093f45d0947e5106eb403c7dc2a49ea3bb20b23800f383c71c8ad3edcaec7ecc248b616f92ee56cc121b62e4d99fe12ce7de7ad0ff049d8f03aa81cee9c4c47655f715d70c489dc51e9f55efcc9633ac6d9cc2f105d7c67a499933ea51c17a0952228adffbef23a842671f6618d038b04041e6a7386135c863c92ef31d8a18938155b2495542414deb301f0aa658c16d8b81e4aa96d021da1560ebad510db4643da58ff167197b1c79af5bc793937acee68df2605c5054e11171dccd5541654620a691db9468f96246b59554a6f9787ecaa02a7d95622ba332c8788b01e1cd531ad1177948fd7091511e9e39c6b1c7f87846e9f3d37d58b3c12b77abab1471c72ae0d4b99a4a396bb9bd136f7de0118044cdd3d8fdd4c3f4145a8e5cbc3c623503a7f9edbdb4463fcd10146bdb08c3149969136766944a832eff8a6fed2cdbd0026fcced5678614d8e10ee266f0d3140dffa2bcfe76ce9a5e32e2fe2f554a16610955dc8054eaf88f0baa5c087f6421c1ba62fe0acf70527bffd23493e29176e235eed0e7bf8266aae719f967750971346753dca8477423a10168480c0f71b117021333433bae440477c684b7c52c61130e3061f9fbd4487106b7993f46170a65e27796977d37a913b4e0f5e0464e988f3e0fa14ee7c2bc2c6fb6f63eb6b7954e906643489f901e6e833e78c57d19243e6f047e09714fa5d86e3e1d4f3d4e4cc94077deec43eb38015e9d4d70a636411022a844113ab17f9ed51e0e8b26bbeb6ba8b8aebd758c36e400e487fb631978aad723efab7d761ccb70c26462dfc79a43a00d97aef656e572b8db69fd27c19cf3b86bedcacdd8d94cb74c472a44b293b7f25cabf4e3973d5e620acf28793f85d87c2ce5ebb8916cc12c3a870ac06c266a87c15c1cf03c3184222e2fde82055ff4d9e2eec1218882a142f3f895a3cc7ec0b5c4c4a13213c61d966065116f3a488ad3312390cf9342ed97b66b90df75b1834bac3010fc36586ef30d292642c11b1e744ceb1cbad9bdd5b69422ce91cf86bdda62a4f5730c917f2e50515bbacd905d6ceb1fa04abd41747d4e1399a0c36cfe975e2aef91331740de2aa74686da3cb5a8768d93e1820c5f2f1b6291970aa85b8940618a90c0e5daf82a587e22ae98857e509204d02fcf537b8994a618384b15bc5ec87f72868b3ea5646edf8f4f5f1ea24f4acf748192f82a23962b3434344af10405826e6484651dfe44152b6cc6e0853fec894112d882f747d692ee9c9fb0480af8b1201c9e4dd272f83786f1b5bd0bbe47c561a87f218cd92cf29c4f0586e198b84657365163b0356af978b7ca7e6362b34b6fcc720900949fba6b75ab41e0bfb1888bc8224e97e3beeaf4f1376bf639b70f914ea2584127911bc7c9b350fd55349aaf117494ffbffba7d80303ee01a71aec6996bda2e7766c60cd7be49260a02e4b5e9eb1b93af1f5e8b601d66b3ef95826c3e9a41e087759ed5d81401f2d3f0dfacb8aa5b130150bb8e02f89e65b2a8f595d5ced4581ee691f25b7fd28fbb19921a4fe8e4291e45f01cf4c66ba2a3a5839bf285ef96cc2a39c1ddc189f96712b8eaabc82e19567a44c61855456e335153043de0369732c896ac106d87fa933ed520577f6d9678f4339ac674766e437b676373ce81f1036e5c80f213555caa35d3e2c571b280cf6d644b42932cdf2df63861f207318bff75fbfac1c7fcccb1f6796d29d1ad403dfbd08f9e15e177ec6ab7a29f8895e891eee8f472b6bbf3d4256a73bc2d2d48670f6131127be9d33ec26662321c2b798f8559f6446c3b9a2c6584cf03fb454034c87cbab05f6c7d38440fdee918c497fa682d55e679522177f0a445d2c58971b219dacbe78afb46c185bb8c489606c4562d39d7866ed6458f02ff255fecc1ba5e34a23ecc6055a041b61e3dee6630b90a58dffd52c3afe184529e96cd6693d1404092a764a81c10614151d10b70ba1fd08093b4709d0dd9754bfb60129b90b83db9aac19699c46c03b48cd81d4cb72630c256b61f78d03b5acb728fcc27b9d737f1665175e3fd7a51562d1bfbf4f355b93120a88f86433c1f861c1faa3859116f41c8b1c730d04fca798a8b9ab10122bea62aba599a1a6227777db86b8465bc171467570fce8777d7517c84fbaf45fbda363826226aea025fc227d9c749582ecf3e1ce572ec5271c6601c8196238b4e89306f3414657d787851cdcb600e0143d2e8187d695d38b6bce7e9b92ff74a9ceac4d656671c99d1990b2fada391e501c410abb907c54ef1b63ec99991391a3820244079fd15875fa3256b082909fadfd968e33f1ab9779f7706bedd310e471a47df166bbb669aef0141ee097c6684bc708b0e96ad0f03c0826ae1d12fe7f3af9fceac064068297f8696cedbc10176d56c21de4a7d8b1a73e0dd676515bcbd850271b34412ffdd658d0a41d8e4290d4acffef739fdd5f5768e738a5affe0d08bd906eed91e4f2a638da09ae10a08487916f141f02fcf085ddd8edbf187ec75692a7395596b652a32acab3341f5ad2f15683e827b", 0x1000, 0xffffffffffff062e}, {&(0x7f00000005c0)="a4ca39deac6eb804673fcd46524463c84a5ac00e49f6dd6ae22ff36c53f5f69232badd8b3325500ddc275ba6e65d40b1ab4cf5e8d250efd893ff6d62cacf0a75871e06f02642607b563b0dcc94d67a4e019ddef1d96993", 0x57, 0xce70}], 0x400, &(0x7f0000000700)={[{@errors_withdraw='errors=withdraw'}, {@lockproto_dlm='lockproto=dlm'}, {@norecovery='norecovery'}, {@noquota='noquota'}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@seclabel='seclabel'}, {@uid_lt={'uid<', r1}}]}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000001ac0)={0x0, 0x8}, &(0x7f0000001b00)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000001b40)={r3, 0x5}, 0x8) 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.482807] binder: 8403:8404 got transaction with invalid offset (167772160, min 0 max 40) or object. 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d01e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.555260] binder_alloc: binder_alloc_mmap_handler: 8403 20ffc000-20ffe000 already mapped failed -16 [ 1399.576333] overlayfs: filesystem on './file0' not supported as upperdir [ 1399.598205] binder_alloc: 8403: binder_alloc_buf, no vma 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x3) [ 1399.625898] binder: BINDER_SET_CONTEXT_MGR already set [ 1399.631188] overlayfs: filesystem on './file0' not supported as upperdir 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003861e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) write$P9_RLOCK(r0, &(0x7f0000000000)={0x8, 0x35, 0x1}, 0x8) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='.//ile0\x00', &(0x7f0000000340)='overlay\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES16=r0]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1399.683894] binder: 8403:8404 ioctl 40046207 0 returned -16 20:26:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x20000000]}}}], 0x0, 0x0, 0x0}) 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.817570] binder: 8441:8442 got transaction with invalid offset (536870912, min 0 max 40) or object. [ 1399.829751] overlayfs: filesystem on './file0' not supported as upperdir 20:26:15 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.selinux\x00', &(0x7f0000000340)='/usr/sbin/cupsd\x00', 0x10, 0x2) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x4) 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.902038] binder_alloc: binder_alloc_mmap_handler: 8441 20ffc000-20ffe000 already mapped failed -16 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1399.976795] binder_alloc: 8441: binder_alloc_buf, no vma [ 1399.996689] overlayfs: filesystem on './file0' not supported as upperdir [ 1400.003827] binder: BINDER_SET_CONTEXT_MGR already set 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.024747] binder: 8441:8459 ioctl 40046207 0 returned -16 20:26:15 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0xfffffffffffffffc) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@mcast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@dev}}, &(0x7f0000000000)=0xe8) getresgid(&(0x7f0000000180), &(0x7f0000000440)=0x0, &(0x7f0000000480)) write$FUSE_ATTR(r0, &(0x7f00000004c0)={0x78, 0xffffffffffffffda, 0x3, {0x3, 0x7, 0x0, {0x6, 0x5, 0x8c4b, 0x4, 0x1, 0x5, 0x3, 0x200, 0x5, 0x8, 0x1, r1, r2, 0xfffffffffffffffc, 0x8001}}}, 0x78) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6cef7765726469723d2e3a66696c65302c776f6531"]) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000240)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r3, &(0x7f0000000280)=""/28, 0x1c) socket$inet_smc(0x2b, 0x1, 0x0) [ 1400.057683] overlayfs: filesystem on './file0' not supported as upperdir 20:26:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x24000000]}}}], 0x0, 0x0, 0x0}) 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d11e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003871e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x6) [ 1400.170579] binder: 8473:8474 got transaction with invalid offset (603979776, min 0 max 40) or object. [ 1400.196068] overlayfs: unrecognized mount option "lïwerdir=.:file0" or missing value 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:15 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.214340] binder_alloc: binder_alloc_mmap_handler: 8473 20ffc000-20ffe000 already mapped failed -16 20:26:15 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.254140] overlayfs: unrecognized mount option "lïwerdir=.:file0" or missing value [ 1400.264916] binder: BINDER_SET_CONTEXT_MGR already set [ 1400.277407] overlayfs: filesystem on './file0' not supported as upperdir [ 1400.285097] binder: 8473:8474 ioctl 40046207 0 returned -16 [ 1400.294905] binder_alloc: 8473: binder_alloc_buf, no vma 20:26:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000000)='./file0/f.le.\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:16 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0xc) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x30000000]}}}], 0x0, 0x0, 0x0}) 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.424355] binder: 8495:8496 got transaction with invalid offset (805306368, min 0 max 40) or object. [ 1400.480476] binder_alloc: binder_alloc_mmap_handler: 8495 20ffc000-20ffe000 already mapped failed -16 20:26:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003881e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.525745] binder: BINDER_SET_CONTEXT_MGR already set [ 1400.525852] overlayfs: filesystem on './file0' not supported as upperdir 20:26:16 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000380)='./file0/f.le.\x00', 0x112) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e3966696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469723d2e2f66696c654a87459a5038e131"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x12) [ 1400.578657] binder: 8495:8496 ioctl 40046207 0 returned -16 [ 1400.608647] binder_alloc: 8495: binder_alloc_buf, no vma 20:26:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x48000000]}}}], 0x0, 0x0, 0x0}) 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d21e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.717574] overlayfs: failed to resolve '.9file0': -2 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.770393] overlayfs: failed to resolve '.9file0': -2 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.791457] overlayfs: filesystem on './file0' not supported as upperdir [ 1400.819840] binder: 8532:8534 got transaction with invalid offset (1207959552, min 0 max 40) or object. 20:26:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@initdev}}, &(0x7f0000000180)=0xe8) getgroups(0x6, &(0x7f0000000440)=[0xee01, 0xffffffffffffffff, 0xee01, 0xee00, 0xffffffffffffffff, 0xee01]) chown(&(0x7f0000000000)='.//ile0\x00', r2, r3) [ 1400.850734] binder_alloc: binder_alloc_mmap_handler: 8532 20ffc000-20ffe000 already mapped failed -16 20:26:16 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x300) [ 1400.907424] binder: BINDER_SET_CONTEXT_MGR already set 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1400.929254] binder: 8532:8534 ioctl 40046207 0 returned -16 [ 1400.941254] binder_alloc: 8532: binder_alloc_buf, no vma 20:26:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x4c000000]}}}], 0x0, 0x0, 0x0}) 20:26:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003891e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000000)={r0, 0x0, 0x8, 0x3000000}) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.064794] binder: 8555:8557 got transaction with invalid offset (1275068416, min 0 max 40) or object. [ 1401.091277] overlayfs: filesystem on './file0' not supported as upperdir 20:26:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x600) [ 1401.172665] binder_alloc: binder_alloc_mmap_handler: 8555 20ffc000-20ffe000 already mapped failed -16 [ 1401.204870] binder: BINDER_SET_CONTEXT_MGR already set 20:26:16 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d31e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.225709] binder: 8555:8557 ioctl 40046207 0 returned -16 20:26:16 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3a66496c65302c776f7266696c6531000000000000007321ad996093f7cdeb6730189aa8db44a6c4735cfff115fe60c20df8f887d9f68c2ae393cd4dcc88dadea64462cb6dfee3cc6d8db465e318f4253c227ae969f19ef70599e697a3362d7425c6e6b94bc45359223a6cb4c482dcf1d28c5b3725c1061a"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:16 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x60000000]}}}], 0x0, 0x0, 0x0}) 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.324899] overlayfs: unrecognized mount option "worfile1" or missing value [ 1401.363681] overlayfs: filesystem on './file0' not supported as upperdir 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.397615] overlayfs: unrecognized mount option "worfile1" or missing value [ 1401.413465] binder: 8585:8586 got transaction with invalid offset (1610612736, min 0 max 40) or object. [ 1401.448626] binder_alloc: binder_alloc_mmap_handler: 8585 20ffc000-20ffe000 already mapped failed -16 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000000)='./file1\x00', r0}, 0x10) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:17 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0xc00) 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.494533] binder: BINDER_SET_CONTEXT_MGR already set [ 1401.513265] binder: 8585:8586 ioctl 40046207 0 returned -16 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038a1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.568266] binder_alloc: 8585: binder_alloc_buf, no vma 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.627018] binder_transaction: 14 callbacks suppressed [ 1401.627034] binder: 8585:8605 transaction failed 29189/-3, size 40-8 line 3035 [ 1401.651892] overlayfs: filesystem on './file0' not supported as upperdir 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.685963] overlayfs: filesystem on './file0' not supported as upperdir 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d41e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x68000000]}}}], 0x0, 0x0, 0x0}) 20:26:17 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = msgget$private(0x0, 0x80) fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000003c0)='.//ile0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000480)={{{@in=@multicast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@remote}}, &(0x7f0000000580)=0xe8) fstat(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000640)=0x0) r7 = gettid() msgctl$IPC_SET(r1, 0x1, &(0x7f0000000680)={{0x100000000, r2, r3, r4, r5, 0x2}, 0x8, 0x4, 0xfffffffffffff000, 0x9, 0x9, 0xa000, r6, r7}) mkdir(&(0x7f0000000200)='./file0\x00', 0x2) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='Vpperdir=./file0,lowerdir=.:file0,workdir=./file1']) symlinkat(&(0x7f0000000000)='.//ile0\x00', r0, &(0x7f0000000180)='./file1\x00') r8 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r8, &(0x7f0000000240)='.//ile0\x00', r8, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r8, &(0x7f0000000280)=""/28, 0x1c) 20:26:17 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x1200) 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.831807] overlayfs: unrecognized mount option "Vpperdir=./file0" or missing value [ 1401.857654] binder: 8625:8626 got transaction with invalid offset (1744830464, min 0 max 40) or object. [ 1401.861768] overlayfs: unrecognized mount option "Vpperdir=./file0" or missing value [ 1401.907096] binder: 8625:8626 transaction failed 29201/-22, size 40-8 line 3097 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1401.947390] binder: BINDER_SET_CONTEXT_MGR already set 20:26:17 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x1626) 20:26:17 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r1, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) write$sndseq(r0, &(0x7f00000003c0)=[{0x7, 0x62, 0x8, 0x9, @time={r2, r3+10000000}, {0xfffffffffffffffe, 0xf1}, {0x6, 0x20}, @control={0x80, 0x9, 0x6908a61a}}, {0x2fe, 0x20, 0x2, 0xed, @tick=0x9, {0x3, 0x4}, {0xc3, 0x7}, @time=@tick=0x1}, {0x80000001, 0x7829, 0x1, 0x100000001, @tick=0x6, {0x401, 0xffffffffffffff00}, {0x200, 0x10001}, @quote={{0x95, 0x2000}, 0x8001, &(0x7f0000000380)={0x20a4, 0x40, 0x10000, 0x800, @time={0x0, 0x989680}, {0x0, 0x5}, {0x1, 0x4}, @result={0xfffffffffffeffff, 0x3ff}}}}, {0x0, 0x8001, 0x0, 0x6b40, @tick=0xaa, {0x7f, 0x7f}, {0x7fffffff, 0x4}, @control={0x200, 0x9, 0x1}}, {0x9, 0xffff, 0x5, 0x9, @tick=0xf8, {0x10000, 0x3}, {0x2, 0x3}, @connect={{0x9, 0x494}, {0x401, 0xffffffffffff7757}}}], 0xf0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r4 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r4, &(0x7f0000000240)='.//ile0\x00', r4, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r4, &(0x7f0000000280)=""/28, 0x1c) [ 1401.988885] net_ratelimit: 20 callbacks suppressed [ 1401.988893] protocol 88fb is buggy, dev hsr_slave_0 [ 1401.997861] binder: 8625:8638 ioctl 40046207 0 returned -16 [ 1401.999048] protocol 88fb is buggy, dev hsr_slave_1 [ 1402.009933] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.014997] protocol 88fb is buggy, dev hsr_slave_1 [ 1402.020137] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.025199] protocol 88fb is buggy, dev hsr_slave_1 [ 1402.025830] binder_alloc: 8625: binder_alloc_buf, no vma 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.102134] binder: 8625:8639 transaction failed 29189/-3, size 40-8 line 3035 20:26:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x6c000000]}}}], 0x0, 0x0, 0x0}) 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038b1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d51e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.164492] overlayfs: filesystem on './file0' not supported as upperdir 20:26:17 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000000)=0x1) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x84, r1, 0x610, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5c}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bcsf0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x27c20e0f}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xb880}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x84}, 0x1, 0x0, 0x0, 0x40040}, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) 20:26:17 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x2000) 20:26:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:17 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.278160] binder: 8658:8664 transaction failed 29201/-22, size 40-8 line 3097 [ 1402.328918] binder_alloc: 8658: binder_alloc_buf, no vma [ 1402.328947] binder: BINDER_SET_CONTEXT_MGR already set [ 1402.345030] binder: 8658:8668 transaction failed 29189/-3, size 40-8 line 3035 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.409034] binder: 8658:8664 ioctl 40046207 0 returned -16 [ 1402.419706] binder_release_work: 15 callbacks suppressed [ 1402.419713] binder: undelivered TRANSACTION_ERROR: 29201 20:26:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x74000000]}}}], 0x0, 0x0, 0x0}) 20:26:18 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0xc) r3 = geteuid() mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000180)='9p\x00', 0x80000, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000='version=9p2000'}], [{@subj_user={'subj_user', 0x3d, 'trustedeth1posix_acl_access!prockeyring.@vboxnet1em1securityposix_acl_accessvboxnet1trusted'}}, {@fowner_lt={'fowner<', r1}}, {@audit='audit'}, {@hash='hash'}, {@hash='hash'}, {@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type'}}, {@fowner_lt={'fowner<', r3}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}}) chown(&(0x7f0000000580)='./file0/f.le.\x00', r1, r2) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r4 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000500)={0x3ff, "605625156db5183da53f628e1fbd957db39b4f326d5bcd4e182b57c9d9596ac4", 0x20, 0x40000000000000, 0x1, 0xb, 0x3}) renameat(r4, &(0x7f0000000240)='.//ile0\x00', r4, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r4, &(0x7f0000000280)=""/28, 0x1c) [ 1402.481336] binder: undelivered TRANSACTION_ERROR: 29189 [ 1402.490479] overlayfs: filesystem on './file0' not supported as upperdir 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x25fc) 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000180)='./file0/f.le.\x00', 0x5, 0x0, 0xffffffffffffffff, 0x1000000, &(0x7f0000000340)={[{@map_off='map=off'}, {@unhide='unhide'}, {@norock='norock'}, {@hide='hide'}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}], [{@seclabel='seclabel'}, {@smackfsfloor={'smackfsfloor'}}]}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1402.621716] binder: 8690:8692 transaction failed 29201/-22, size 40-8 line 3097 [ 1402.629423] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.629478] protocol 88fb is buggy, dev hsr_slave_1 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d61e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.705991] binder: BINDER_SET_CONTEXT_MGR already set 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038c1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.728462] binder: 8690:8702 transaction failed 29189/-3, size 40-8 line 3035 [ 1402.754730] binder: undelivered TRANSACTION_ERROR: 29201 [ 1402.761924] overlayfs: filesystem on './file0' not supported as upperdir [ 1402.762839] binder: 8690:8692 ioctl 40046207 0 returned -16 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.788932] binder: undelivered TRANSACTION_ERROR: 29189 20:26:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x7a000000]}}}], 0x0, 0x0, 0x0}) 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x2616) [ 1402.876742] overlayfs: filesystem on './file0' not supported as upperdir 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.951708] binder: 8720:8722 transaction failed 29201/-22, size 40-8 line 3097 20:26:18 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upper`ir=./file0\flowerdie0,we1']) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000340)='.//ile0\x00', 0xacc9, 0x8, &(0x7f00000009c0)=[{&(0x7f0000000380)="40d5cda16c1c0e9f484afd53764e7d9818e72ad6bfa41baa91804b9aa16bcfd1f685de1c0ff8fb41f9afde0f237b0290a610d934ce0721d01bda6bcb79fb183d8e68c2ee1e17c807842a5df88dbb93cd196c3fbb6c53c57e0ed1ba586ce2a86644e4ff244831c2c6e763a1749e1387b83671fce983111879b6e9ecb8cabcefd95d506dc91ba056162b24566813b7073d27704b1e0d42e03edf30d981b60438f32079976793360d9e3a768dae973c8091a034d82f20d757a4036d91e59e06f3166d068d83d4217819d9df099f33c5474c218cfaa5ce6a1c9b6cdd4490fd3fb8183c", 0xe1, 0x1}, {&(0x7f0000000480)="01e6a0deae4ab64ff885b81be3214bd1eb36ceb58086b5e9cbc1235f2be88b72416de31fb7f16db701e4911f3cb6d7f4169b11b511bd99b67b39757a726d53ab6a1a3539fef87322e31df7918f06659773cae5b6bc62f3f3c08d7ca3254707e551a9e8ea013c1c7b89b182c8b47657b73970871f4722aa48966f5a41c0732e92120f7969ac0020597da6295487caf32f545eb7f0be3692", 0x97, 0xffffffffffff7fff}, {&(0x7f0000000540)="a47606888baf9b84a4fdf7ea272c1b9069c2b882ac10f0ecdcded3ed6a42409404464737ce41de338308b62528b3c03a89a8fb09658b99bdf8fdb1888b9cd1eba63e9202cad0e04b9c99b012652af76207a8929d1b12d4b6a078914a57053559f15c5e9defe36ccf5e07c4b0166c87040a501387eada3a638d1324bf4ca74cba50b1ec58341869a17d234bf4514ee0bbf1a99aed799a910d32f6e92a655777f5da20781be96ca6d70cabba6d8e23cba100c0655d2c6af6", 0xb7, 0x8}, {&(0x7f0000000600)="52296298187b9c578a235d775076809b8908211b768b591d5d515652efe5c315a00136c4fe6ec5bac32fc0461ae5dc1dc0135eaa1ad57cd216df5bc2394c830becdf336eda6cc0c638cfb10a659c4166f188226fef01a1c83e0346931c0fb22eb145ed6250741579295c2b984a27b2e950124f5db22adf3586c232a750e8e7ef9b24dbfe470e911ec10bb9e280c3a10452bad85e084ff1a32e30b965b550697b561bb970bb4aa558394501bf86d42a95e56633721263d5e203e666c59afabeb5a6fd91b8e850077b7b6e3bbd34fb16f0abba4b3650f24c4a85702f00f86c6c6b27bf", 0xe2, 0x1f}, {&(0x7f0000000700)="d8c4534700c455", 0x7, 0x100}, {&(0x7f0000000800)="d77c1d5e2625b141de6faf147b637b26a26df1198fce88f717199e3185234b47bda23802f2ddf7ec40d268f8111e42e2758fa5bdb72c3b12ebd5bc087b36fca53ab887398788da4897a913489eb634d7ec523fb21a7fb7c5e92a3c5fb387c64c5430aca427b89b700c702b1e1c51f0860f4793666a6721cd0da9721f5d0f99b76c59be5545fb608bb80ab34a39b22cec862f1adc1743fadbccbc7da050f598a14e0217994ebbf631dee693fe8d28d2", 0xaf, 0xfffffffffffffbff}, {&(0x7f0000000740)="f2685a95451623d5acf0166b2aeaac7aa9e1a5b31686ee1debc3ae7fef30a68cc24ddca038746bed46bf97e8dc51f8dd391ac32d96210adf135d9664ce2f67572ef872097b5c9599231b597d5ab6b199080d9b40d207e17488938ae62a2f025565598a4edff18f4a62ba9866491f3ae4704d", 0x72, 0xffffffffffffffff}, {&(0x7f00000008c0)="87e2aecea1872d4c02891e5138cba0f4fd35ad075c8b07bf28ae5342a860a747ab0428889aadf5d57d3e0c3cbea6ba10220443e14fdd65c694ead7e43d9ccbb0482e30d9b6e798ca497c6da84275f40ba8066b9ee5cc7b6e2de28dcfdfd25235dc1558590ba68d868561180def25d3b226c8f67768b6387c43d920a6a306eb447d8ad7de6621e0875c3c916e654bc0020b2dcaf9222de607e284f270af6efc5fd9677e7a475fa589162c75482e3f06d2b349a3cb2eed9b536b9dabf256ecb0e7c3eaa3b4b0012c2bbef15e4f87bf307cd9ed7f889f23a2d350ac4f7d1b1b6d4db13ee38d28c4fcddf09f2639cd7c6e464831e3bc", 0xf4, 0x80000000}], 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x80000, 0x0) 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1402.998674] binder: 8720:8728 transaction failed 29189/-3, size 40-8 line 3035 [ 1402.999186] binder: BINDER_SET_CONTEXT_MGR already set [ 1403.049853] overlayfs: filesystem on './file0' not supported as upperdir [ 1403.060530] binder: undelivered TRANSACTION_ERROR: 29201 [ 1403.066128] binder: 8720:8727 ioctl 40046207 0 returned -16 [ 1403.084113] binder: undelivered TRANSACTION_ERROR: 29189 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0xfdfdffff]}}}], 0x0, 0x0, 0x0}) [ 1403.096719] overlayfs: unrecognized mount option "upper`ir=./file0 lowerdie0" or missing value 20:26:18 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x3f00) 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d71e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.189488] protocol 88fb is buggy, dev hsr_slave_0 [ 1403.194658] protocol 88fb is buggy, dev hsr_slave_1 [ 1403.216791] overlayfs: unrecognized mount option "upper`ir=./file0 lowerdie0" or missing value [ 1403.241624] binder: 8746:8750 transaction failed 29201/-22, size 40-8 line 3097 20:26:18 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038d1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:18 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.310066] binder_alloc_mmap_handler: 4 callbacks suppressed [ 1403.310082] binder_alloc: binder_alloc_mmap_handler: 8746 20ffc000-20ffe000 already mapped failed -16 [ 1403.334860] binder: BINDER_SET_CONTEXT_MGR already set [ 1403.341094] binder: 8746:8750 ioctl 40046207 0 returned -16 20:26:19 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000900)) read$alg(r0, &(0x7f0000000800)=""/210, 0xd2) symlink(&(0x7f0000000000)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000700)={0x53, 0xfffffffffffffffe, 0x88, 0x1c, @scatter={0x3, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/194, 0xc2}, {&(0x7f0000000440)=""/114, 0x72}, {&(0x7f00000004c0)=""/219, 0xdb}]}, &(0x7f00000005c0)="021a247e056ed1b66a67095d0951e1ba32df2b97d49ff18d3bf9697c964cb8361ea2e0d5cda225261c19895090db67be501dd21bb2c3d5427e8abb8884ea63df320a985a8bbd64efa1f1b5bad6253b95effa416586cca57fbc6093f3982fcba06dfad3b3906b362648ebd64dffa4ad2c177eadde266c734f9706cba00664f11ea9dd092c52a5d5c8", &(0x7f0000000680)=""/81, 0x4, 0x24, 0x0, &(0x7f0000000180)}) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="757070657264fc869518728fa49aea2e5f1637b5c5952a3d022f66694801000000000000006572646972696c6503007459a5b054d45cb051f4c7a446d5521afaa68792b1e00590e6ed8a4ee68b371531785396b552888b1087cf9ac55a888307b0de09c583fbbe9b0fdc3083a1967b12556f8d72b9872dd8113563823acde8f1c1fe7c2f3e091ff16749552a67fd2ed4b0c1d79750dad64887881080abe06eac36d0"]) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000002c0)={'ip6gre0\x00', 0x401}) r1 = open(&(0x7f0000000080)='./file0\x00', 0x111000, 0x4) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') setsockopt$llc_int(r0, 0x10c, 0x7, &(0x7f0000000780)=0x27e, 0x4) getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0xfffffdfd]}}}], 0x0, 0x0, 0x0}) [ 1403.379475] binder: undelivered TRANSACTION_ERROR: 29201 [ 1403.389088] binder: undelivered TRANSACTION_ERROR: 29189 20:26:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.455975] overlayfs: unrecognized mount option "upperdü†•r¤šê._7µÅ•*=/fiH" or missing value [ 1403.482263] overlayfs: filesystem on './file0' not supported as upperdir [ 1403.503357] binder_alloc: binder_alloc_mmap_handler: 8769 20ffc000-20ffe000 already mapped failed -16 [ 1403.527074] overlayfs: unrecognized mount option "upperdü†•r¤šê._7µÅ•*=/fiH" or missing value [ 1403.551392] binder: BINDER_SET_CONTEXT_MGR already set 20:26:19 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x4000) 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.573650] binder: 8769:8772 ioctl 40046207 0 returned -16 [ 1403.594497] binder: undelivered TRANSACTION_ERROR: 29201 [ 1403.614628] binder: undelivered TRANSACTION_ERROR: 29189 20:26:19 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000a40)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='.//ile0\x00', &(0x7f0000000780)='./file0/f.le.\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000880)={{{@in6=@dev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@loopback}}, &(0x7f0000000200)=0x2cb) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000a00)) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000180)='.//ile0\x00', 0xc, 0x5, &(0x7f0000000800)=[{&(0x7f0000000340)="1fbaffcf15b9db46c8043b451a9eba638c487ee7d567319e8202b67e2d6d60c707bb0b36582d9ac9b748dca0ff7d58787e43cda7e5e5ea003acf54eaa3653a37ec154c810dc2ba90735b7d6651f6274f713dcbfb0caf73340b52c453458da9e711c120e3f43ba5bbda71594f194e6c3c83bb40c1ac11b74ed746505593abf0dc19cf63587f2e8af279184b8138165ca740b92552bedf932621e5b8286680137dfe3a62", 0xa3, 0x3}, {&(0x7f0000000400)="569bf0ec062430c724cc96d6bbfc6d579e20896a97fdd3e6cad18aed29dd262a9cce3f29699779b63201ac07bc08b7fa56491e4273c39f9461d3d8b6e7471b2963e59a2be8fe5fa004e47c0da1cdbbb34289c2019c1e8527691eb2ae4075eaabe99b7be220a30355074028180311c6aa", 0x70, 0x100000000}, {&(0x7f0000000480)="7fbe721333842f5fb210b96bc95dcb2e5eff65b254a6e0d8e473a520e97ea45824602502b0389c5a9d95dbe74944663d547590a01b170974eff5f690117ed05302b1d245f663ea5c8fe0bce816752cfde0300db40a0953acdacaa12d88d05d25b6646419a3e7d8ff1022f693480dec1ae099645ec5db8adf6aebef4b8d1b9a5ed6a6933b437715ac5d6f3cd32e77b7317e3108c10ced390e602d6a9d3962d64fb77d76dc4be25be1ed0715a2ac2e4b396187dc75b5edaefa369499b2ec9e29943cc730027ba4c7d786ccc0d9eed6f504ef46913e15", 0xd5}, {&(0x7f0000000580)="f0219e8013bb1609cbea87f24a9a99edf95c6ff1c1c22feb5558571f6be29036690a2f5c6cc59ad81f24f2ce43fba131bb9f7aae40991aeefe63feea94aa27ed24643e0fae274b9d8cfc50c892cf61eeefcdf8ad82eb1869193b2cd182947e07034436530e51d7691f524e8e8eaf591c59fdb7296ae370c8f81a698afc4083f0d18162560ecad66c53e6f4ac582219accc9d040b9c4e6453733cc2a3755d2d7f5e596d28a254f4d22059f03160123fbccae7966b851ac847963c69f1ea1924e4ef989a26bad6c39c7d478928ae99a721", 0xd0}, {&(0x7f0000000680)="b39233b07599f7f1bb7c92a4b88f11ceefce3930334df040f3a6c37c531b5b5724605cf03e07e03dd728386847986b0e9b8575c84fb36ef9299814ed3557cfb784606a0b115de2976cd3c32ef9deeb9f5516f2279749d5790aed9b0cdb6329ce52d2756e1111b6bf40c61c73526527e03518624999157ca8878e2848ba1c4ff50751ce8613c92fede71558ebab5bc261021502d6a8b3a238825c0b845e6c12639e14f8212b3e5822a36d2f7c769b7d16f5f857cc7a43680ae1bb00df62bbc11f7c4c2cca67", 0xc5, 0x100}], 0x20000, &(0x7f0000000980)=ANY=[@ANYBLOB='hash=tea,data=ordered,resize=auto,hash=tea,notail,tails=on,commit=0x0000000000000003,euid>', @ANYRESDEC=r2, @ANYBLOB="02006c61737562652c00"]) 20:26:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x100000000000000]}}}], 0x0, 0x0, 0x0}) 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d81e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.761211] overlayfs: filesystem on './file0' not supported as upperdir [ 1403.769973] binder_transaction: 5 callbacks suppressed [ 1403.769987] binder: 8790:8792 got transaction with invalid offset (72057594037927936, min 0 max 40) or object. 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000d91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0xfc25) [ 1403.807757] overlayfs: filesystem on './file0' not supported as upperdir [ 1403.838188] binder_alloc: binder_alloc_mmap_handler: 8790 20ffc000-20ffe000 already mapped failed -16 20:26:19 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') fcntl$setflags(r0, 0x2, 0x1) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038e1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.903822] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 1403.903829] binder_alloc: 8790: binder_alloc_buf, no vma [ 1403.905823] binder: BINDER_SET_CONTEXT_MGR already set 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001d91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1403.949108] binder: 8790:8807 ioctl 40046207 0 returned -16 20:26:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x200000000000000]}}}], 0x0, 0x0, 0x0}) 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400008f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003c91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002d91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.050103] overlayfs: filesystem on './file0' not supported as upperdir [ 1404.076249] overlayfs: filesystem on './file0' not supported as upperdir 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400018f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.095713] binder: 8823:8824 got transaction with invalid offset (144115188075855872, min 0 max 40) or object. 20:26:19 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0xff0f) 20:26:19 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) listen(r0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) [ 1404.161797] binder_alloc: binder_alloc_mmap_handler: 8823 20ffc000-20ffe000 already mapped failed -16 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003d91e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.214513] binder_alloc: 8823: binder_alloc_buf, no vma [ 1404.247956] binder: BINDER_SET_CONTEXT_MGR already set 20:26:19 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400028f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:19 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000da1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.275249] binder: 8823:8834 ioctl 40046207 0 returned -16 20:26:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x300000000000000]}}}], 0x0, 0x0, 0x0}) 20:26:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.316780] overlayfs: filesystem on './file0' not supported as upperdir [ 1404.343383] overlayfs: filesystem on './file0' not supported as upperdir 20:26:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="2400038f1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001da1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x200000) [ 1404.412894] binder: 8853:8854 got transaction with invalid offset (216172782113783808, min 0 max 40) or object. 20:26:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0}, &(0x7f0000000540)=0xc) getresuid(&(0x7f0000000580), &(0x7f00000005c0)=0x0, &(0x7f0000000600)) mount$9p_rdma(&(0x7f0000000080)='127.0.0.1\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f00000004c0)='9p\x00', 0x1, &(0x7f0000000640)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@rq={'rq', 0x3d, 0x7}}, {@timeout={'timeout', 0x3d, 0x7}}, {@timeout={'timeout', 0x3d, 0x4}}, {@sq={'sq', 0x3d, 0xf3e2}}, {@timeout={'timeout', 0x3d, 0x8}}, {@rq={'rq', 0x3d, 0x8}}], [{@fowner_eq={'fowner', 0x3d, r1}}, {@context={'context', 0x3d, 'user_u'}}, {@fowner_gt={'fowner>', r2}}, {@fsuuid={'fsuuid', 0x3d, {[0x0, 0x77, 0x30, 0x63, 0x63, 0x36, 0x65, 0x34], 0x2d, [0x77, 0x31, 0x74, 0x33], 0x2d, [0x63, 0x30, 0x33, 0x3f], 0x2d, [0x73, 0x77, 0x61, 0x35], 0x2d, [0x37, 0x65, 0x64, 0x35, 0x67, 0x30, 0x77, 0x38]}}}, {@dont_measure='dont_measure'}, {@uid_eq={'uid', 0x3d, r3}}]}}) fchdir(r0) lstat(&(0x7f0000000000)='./file0/f.le.\x00', &(0x7f0000000340)) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3a302c776f726b6471723d2e2f66696c6531000000008aaeb75b6c22428a44d9a18d8b67f12406ea82c206c66426df89dd43e8ddbc10b66c1558f74260246a562e45fa0f8e8a075eab799df45d37b466fb6549d14351490918d81c9f5cecfd64aab61cefbd3490ad08469b7dc88a3160b11b734387960ada35b3e3d67975e388ee158b25f54bc4364ce84d36b83099ac9f5915be559212c1f7046acf042e6355494324711f3daf9e350ba3fea4799e00000000000000000000000000000000"]) ioctl$FIDEDUPERANGE(r0, 0xc0189436, 0xfffffffffffffffd) r4 = open(&(0x7f0000000180)='./file1\x00', 0x0, 0x0) renameat(r4, &(0x7f0000000240)='.//ile0\x00', r4, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r4, &(0x7f0000000280)=""/28, 0x1c) [ 1404.466389] binder_alloc: binder_alloc_mmap_handler: 8853 20ffc000-20ffe000 already mapped failed -16 [ 1404.517884] binder: BINDER_SET_CONTEXT_MGR already set 20:26:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002da1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.540207] binder: 8853:8854 ioctl 40046207 0 returned -16 [ 1404.559954] overlayfs: unrecognized mount option "workdqr=./file1" or missing value [ 1404.574788] binder_alloc: 8853: binder_alloc_buf, no vma 20:26:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003ca1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.598052] overlayfs: unrecognized mount option "workdqr=./file1" or missing value 20:26:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003da1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x400000000000000]}}}], 0x0, 0x0, 0x0}) 20:26:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000cb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.653726] overlayfs: filesystem on './file0' not supported as upperdir 20:26:20 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000340)=@generic={0x3, "4ace33c411886962dd2ac35128853962fe9eee14564c217f2ec8c438ce79010f3346c698fb8210111e420a88fece27557d399ae4d6d23f3566da1c8348146d7431bf657367f56be9c1bf7b551b06711fe621f14efba153fe6629659a1200e92b5f364001893bd15d21a90bde019efe62b7b469a78b3df14f97d8c60d4c1e"}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)="f1c84ee47c40ba9667638bf4cb993e56fc83a274392b86c25879", 0x1a}, {&(0x7f00000003c0)="06a76100c455dc82dd587ce023e51a399f9e623842b91e92b37a81c1ae2ac42d0706927cc7b026e78703d1dc27ae82965e7e56226ba59e77de3aaa54422f4d8bbfba8795caf6de2769eaa1ed74de4de009acc706bf76c893bbc9ea71795fdf", 0x5f}, {&(0x7f0000000440)="965428fc6e7fca637412a0df93116ce9033e67102de3019c280f7ba9f6aa75f493317212d1b0e0a166c2d1b30ea2811af49328b2731a2ada4d61e5c483eefac1a860191a48eca85543f7331d089dd8bbc4347c4ff886f8848d49f42eab971125e36779", 0x63}], 0x3}, 0x8000) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r2, &(0x7f0000000280)=""/28, 0x1c) 20:26:20 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r0, 0x0, 0x1000000) 20:26:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240000db1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.737461] binder: 8880:8883 got transaction with invalid offset (288230376151711744, min 0 max 40) or object. 20:26:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001cb1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.816269] binder_alloc: binder_alloc_mmap_handler: 8880 20ffc000-20ffe000 already mapped failed -16 20:26:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240001db1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 0: mkdir(&(0x7f0000000180)='./file2\x00', 0x8) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') getdents64(r1, &(0x7f0000000280)=""/28, 0x1c) 20:26:20 executing program 1: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240003901e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) 20:26:20 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000140)="240002db1e0025eaa87865f51ef6bce90a04000200bff20182a9000c080008000b000000", 0x24) [ 1404.916976] overlayfs: filesystem on './file0' not supported as upperdir [ 1404.935392] binder_alloc: 8880: binder_alloc_buf, no vma [ 1404.956386] binder: BINDER_SET_CONTEXT_MGR already set [ 1404.989965] binder: 8880:8903 ioctl 40046207 0 returned -16 [ 1405.015969] overlayfs: filesystem on './file0' not supported as upperdir [ 1405.057412] WARNING: CPU: 1 PID: 8905 at fs/overlayfs/dir.c:263 ovl_instantiate+0x363/0x400 [ 1405.066393] Kernel panic - not syncing: panic_on_warn set ... [ 1405.072307] CPU: 1 PID: 8905 Comm: syz-executor0 Not tainted 5.0.0-rc4+ #55 [ 1405.079404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.088754] Call Trace: [ 1405.091361] dump_stack+0x1db/0x2d0 [ 1405.094996] ? dump_stack_print_info.cold+0x20/0x20 [ 1405.100024] ? ovl_instantiate+0x310/0x400 [ 1405.104314] panic+0x2cb/0x65c [ 1405.107508] ? add_taint.cold+0x16/0x16 [ 1405.111493] ? ovl_instantiate+0x363/0x400 [ 1405.115730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1405.121527] ? __probe_kernel_read+0x1f4/0x250 [ 1405.126115] ? __warn.cold+0x5/0x48 [ 1405.129745] ? ovl_instantiate+0x363/0x400 [ 1405.133991] __warn.cold+0x20/0x48 [ 1405.137543] ? ovl_instantiate+0x363/0x400 [ 1405.141787] report_bug+0x263/0x2b0 [ 1405.145495] do_error_trap+0x11b/0x200 [ 1405.149386] do_invalid_op+0x37/0x50 [ 1405.153100] ? ovl_instantiate+0x363/0x400 [ 1405.157337] invalid_op+0x14/0x20 [ 1405.160881] RIP: 0010:ovl_instantiate+0x363/0x400 [ 1405.165722] Code: c3 89 c6 e8 af 3d f0 fe 85 db 0f 85 a6 00 00 00 e8 22 3c f0 fe 4c 89 e7 45 31 e4 e8 37 da 46 ff e9 ef fe ff ff e8 0d 3c f0 fe <0f> 0b 41 89 dc e9 e0 fe ff ff e8 fe 3b f0 fe 0f 0b e9 64 ff ff ff [ 1405.184622] RSP: 0018:ffff88804c16f9d0 EFLAGS: 00010216 [ 1405.189993] RAX: 0000000000040000 RBX: ffffffffffffff8c RCX: ffffc90005b1a000 [ 1405.197263] RDX: 00000000000094e3 RSI: ffffffff8291c853 RDI: 0000000000000007 [ 1405.204543] RBP: ffff88804c16fab0 R08: ffff88804e274080 R09: ffffed100982defc [ 1405.211810] R10: ffffed100982defb R11: 0000000000000003 R12: ffff888041504600 [ 1405.219087] R13: ffff88804c16fa88 R14: 0000000000000000 R15: ffff88804c16fa08 [ 1405.226368] ? ovl_instantiate+0x363/0x400 [ 1405.230610] ? ovl_set_opaque_xerr+0x80/0x80 [ 1405.235023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1405.240568] ? ovl_create_real+0xe3/0x420 [ 1405.244719] ovl_create_or_link+0xa92/0x1560 [ 1405.249221] ? ovl_unlink+0x20/0x20 [ 1405.252854] ? kasan_check_read+0x11/0x20 [ 1405.257014] ? do_raw_spin_unlock+0xa0/0x330 [ 1405.261510] ? do_raw_spin_trylock+0x270/0x270 [ 1405.266215] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 1405.271152] ovl_create_object+0x2fa/0x3b0 [ 1405.275400] ? ovl_create_or_link+0x1560/0x1560 [ 1405.280067] ? inode_permission+0xb4/0x570 [ 1405.284303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1405.289841] ? security_inode_permission+0xd5/0x110 [ 1405.294879] ovl_symlink+0x25/0x30 [ 1405.298422] vfs_symlink+0x378/0x5d0 [ 1405.302137] do_symlinkat+0x239/0x2c0 [ 1405.306030] ? __ia32_sys_unlink+0x50/0x50 [ 1405.310286] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1405.315650] ? trace_hardirqs_off_caller+0x300/0x300 [ 1405.320849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1405.325605] __x64_sys_symlink+0x59/0x80 [ 1405.329665] do_syscall_64+0x1a3/0x800 [ 1405.333554] ? syscall_return_slowpath+0x5f0/0x5f0 [ 1405.338484] ? prepare_exit_to_usermode+0x232/0x3b0 [ 1405.343503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1405.348441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1405.353638] RIP: 0033:0x457e39 [ 1405.356827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1405.375911] RSP: 002b:00007f698c864c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1405.383617] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457e39 [ 1405.390882] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000040 [ 1405.398145] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1405.405419] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f698c8656d4 [ 1405.412775] R13: 00000000004c63b4 R14: 00000000004db678 R15: 00000000ffffffff [ 1405.421832] Kernel Offset: disabled [ 1405.425664] Rebooting in 86400 seconds..