_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_1\x00'}]}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffffffffffff0001}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @local}}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6aaf}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0xcc}, 0x1, 0x0, 0x0, 0x1}, 0x40) ioctl$SG_SCSI_RESET(r0, 0x2285, 0x7fffffffefff) 18:09:31 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e1e, @multicast1}, 0x10) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/udplite\x00') sendmsg$nl_route_sched(r1, &(0x7f0000000440)={&(0x7f0000000180), 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="90000000320028002abd7000fbdbdf2500e17e000c00020001000000010000003400030028ec6e1e794eb4ccedf12e17a654bdd005f6ffff000010000b00000008000300020000000000100014000000080003000180000000000c00020001400000000000002800010014001b0000000c00010073616d706c650000000010001a0000000800"], 0x90}}, 0x40000) timer_create(0x0, &(0x7f00000005c0)={0x0, 0x11, 0x3, @thr={&(0x7f0000000480)="468bd51f01709ca8306a005b04eef9d2d0351f316a7924ac145db3d484ca9a3bbf8261d5dc10df8317772050e06d1884760f3eb4fc08f03dce724e4e7890bf248917dc1ded14082326faf9e35b155ebb447ab0daae9a5d36f29305fc662302e4877a82bbe92b84e213bb45b704d7a4505a623bc2ae650765c98b443369f2d7165aebcb715d3890c624d5522b22b49a4200940ae05d58922228582f0ef35ae353fbfe80f9002cdb8152bb2a7257a77823351546fbcc440b1b062b3b78e61c25aafe8523592d983490afb73f6a2facfc50da5cd9f53bdb77628d4d070c8dbd9cf5eec3e9ce28e0e0aa3de551d41ae0eac537f74e", &(0x7f0000000580)}}, &(0x7f0000000600)=0x0) timer_gettime(r2, &(0x7f0000000640)) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) fsetxattr$security_smack_transmute(r0, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000040)='TRUE', 0x4, 0x3) r3 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0xf7, 0x12000) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) shutdown(r0, 0x1) recvfrom(r0, &(0x7f0000000300)=""/101, 0xfffffdd7, 0x120, 0x0, 0x54fca8a0505bc126) recvfrom$inet(r0, &(0x7f0000000200)=""/179, 0xb3, 0x40000003, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x70a000) 18:09:31 executing program 0: r0 = inotify_init() r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = dup(r1) ioctl$VT_WAITACTIVE(r0, 0x5607) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000ac0)=ANY=[@ANYBLOB="7365637573697400000000000000000000000000000000000000000000490000004cd4e7598e569330bcd0aa83663bbc4aaabc60eddf0c608dd730d8fbd5a12750c54c3d6c84b6c071279bb07e4004a55db512caae5c536bf8699bcc03821e9bbb0fbd59f123cac17149d10af301a99bdc5bf2f04e83e7bf07c5d0f23584008c7b23a9b541d04c2a0940caf45c5a1d76d05f6ebe38aadf92ac7e2080a821c84151d1f410f883b7d09194110fe10645d07067946d74f0972d5ced82322294832548861fe0b9e215c6cd0dd1c0e405d29081e14dccf906ad92d4d15d917d1e839c3a885278bfc7590fa8f3669090e1a46bbe9f7770be1a926aee983c5bb7a94e62247a7f767e3faf8540e2d9ef5af7ca0bd17be750423925c7813dd2341c121d3164ffeee5c2b40a2ebbb0ab3a66624d992ca152c1c94c2d9a3a00000000000000000000000000000000ca35a59363cd46acb0b46e4b236e79fa0a3fb5477b0427ea958d5871c386ad64087e8ce1bdbef7c4f9ef7ffafb7e5da49f1c810bb112c6224924c825112b0266"], &(0x7f0000000480)=0x1) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f0000000200), &(0x7f0000000240), 0x0, 0xfffffffffffffffe) flistxattr(r1, &(0x7f00000009c0)=""/249, 0x90) keyctl$setperm(0x5, 0x0, 0x3) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="430200000000000008000a00060000001800120008000100767469000c00020008000400e00000"], 0x1}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000580)) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f0000000180)={{0x2, 0x4e24, @multicast2}, {0x0, @random="59a310eebccc"}, 0x0, {0x2, 0x0, @dev}, 'veth1_to_bond\x00'}) setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001000), 0xc5) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000000640)=0xc) r6 = syz_open_procfs(r5, &(0x7f0000000680)='uid_map\x00') r7 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82) ioctl$DRM_IOCTL_GEM_OPEN(r6, 0xc010640b, &(0x7f0000000300)={0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_GEM_FLINK(r6, 0xc008640a, &(0x7f0000000280)={0x0, r8}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f00000002c0)={r9, 0x80000, r2}) r10 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r10, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r7, 0x4c00, r10) sendto$packet(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0x80045301, &(0x7f00000000c0)) ioctl$TCXONC(r6, 0x540a, 0x1) sendfile(r7, r7, &(0x7f0000000000), 0x2000005) listxattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000013c0)=""/21, 0xfffffea1) ioctl$LOOP_CLR_FD(r7, 0x4c01) 18:09:31 executing program 2: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) r0 = gettid() wait4(0x0, &(0x7f0000000100), 0x80000000, &(0x7f00000004c0)) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7ff, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r1, 0xc008551a, &(0x7f0000000080)={0x9, 0x4, [0x6]}) ptrace$setopts(0x4206, r0, 0x0, 0x0) clone(0xf93f00, &(0x7f0000000280), &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000340)) tkill(r0, 0x12) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f00000001c0)) writev(r2, &(0x7f0000000a80)=[{&(0x7f0000000040)="04", 0x1}], 0x1) 18:09:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 266.382845] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 18:09:31 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f000075cf53), &(0x7f000015dffc), &(0x7f0000b25ffc), &(0x7f0000923000)) r1 = fcntl$dupfd(r0, 0x0, r0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2, 0x10, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0xa0000004, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f00000000c0), &(0x7f0000000140)=0x4) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x0, 0x2}, 0x88) write$P9_RFSYNC(r2, &(0x7f0000000280)={0x7, 0x33, 0x2}, 0x7) getpgid(0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001580)={r2, 0x0, 0x3d, 0x1000, &(0x7f00000002c0)="cac831dc9baf2f2e60d0f2bb427eee4778f2709188cecb30f8e5ea89740d069bd3e8c8bb0330332d039041125809bb4abee0cd7f7261ee9d59a034b051", &(0x7f0000001640)=""/4096, 0x80000000}, 0x28) readv(r2, &(0x7f00000015c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/233, 0xe9}, {&(0x7f0000001400)=""/28, 0x1c}, {&(0x7f0000001440)=""/61, 0x3d}, {&(0x7f0000001480)=""/33, 0x21}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/22, 0x16}], 0x7) waitid(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000002640)=0x3) ioctl$TCXONC(r2, 0x540a, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) ftruncate(0xffffffffffffffff, 0x8) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x0, 0x3, 0x2, 0x9, 0x1, 0x6, 0x1, 0x500d}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r3, 0x6, 0x5, &(0x7f0000d11000), &(0x7f0000000000)=0x4) [ 266.456266] binder: send failed reply for transaction 55 to 7936:7937 18:09:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:31 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000080)={{{@in, @in6=@mcast2}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000180)=0xe8) unshare(0x400) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0xa0000, 0x0) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0xfc52) r2 = timerfd_create(0x0, 0x0) timerfd_gettime(r2, &(0x7f0000fee000)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$TUNSETSNDBUF(r3, 0x400454d4, &(0x7f0000000040)=0x7) timerfd_create(0x6, 0x80000) 18:09:31 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f000001cff0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000000140), 0x0, &(0x7f0000001240)=[@mask_cswp={0x58, 0x114, 0x9, {{}, &(0x7f00000011c0), &(0x7f0000001200)}}, @mask_fadd={0x58, 0x114, 0x8, {{}, &(0x7f0000000040), &(0x7f00000000c0)}}], 0x71}, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) write$P9_RXATTRWALK(r1, &(0x7f0000000180)={0xffffffffffffffac, 0x1f, 0x1, 0x8}, 0x11a) 18:09:31 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='proc\x00', 0x0, &(0x7f0000000180)) r0 = socket$inet6(0xa, 0x3, 0x1) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000500)={0x9a, {{0xa, 0x4e24, 0x0, @local, 0x2}}, {{0xa, 0x4e20, 0x0, @remote, 0xffffffffffffffc1}}}, 0x108) r1 = open$dir(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000440)=""/186, 0x760) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2000, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000180)={0x2, [0x0, 0x0]}) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007600), 0x0, 0x0, &(0x7f00000077c0)={0x77359400}) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x40000) getdents64(r1, &(0x7f0000000100)=""/81, 0x4a) ioctl$TIOCMBIS(r2, 0x5416, &(0x7f00000001c0)=0x7fff) getdents(r1, &(0x7f0000001500)=""/4096, 0x1000) [ 266.664587] binder: send failed reply for transaction 57 to 7952:7956 18:09:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:31 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000e15000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000133ffc)="71e67a15", 0x4) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendto(r3, &(0x7f00005c8f58), 0xfffffffffffffeee, 0x0, &(0x7f0000351ff0)=@ipx={0x4, 0x0, 0x0, "a074edebb7e1"}, 0x10) tkill(r1, 0x15) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000000)) 18:09:31 executing program 1: syz_mount_image$msdos(&(0x7f0000000500)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f0000000540)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x18, &(0x7f0000000580)=ANY=[]) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000280)=0x14) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200), 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'nr0\x00', 0x0}) bind$pptp(r0, &(0x7f00000004c0)={0x18, 0x2, {0x2, @multicast1}}, 0x1e) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'\x00', r1}) fchdir(r0) setsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x1f, &(0x7f00000002c0), 0x4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000680)={0x0, 0x0}, &(0x7f00000006c0)=0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000800)={0xe, 0x8451, 0x264d, 0x38, 0x10, 0xffffffffffffff9c, 0xd6d5}, 0x2c) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000700)={{{@in=@dev={0xac, 0x14, 0x14, 0x11}, @in6=@mcast2, 0x4e20, 0x8001, 0x4e24, 0x1, 0xa, 0xa0, 0x80, 0x2c, r2, r3}, {0x4b8, 0x5, 0x0, 0x40, 0x0, 0x659e78c6, 0x0, 0x5}, {0xff, 0x2ef6, 0x80000001, 0x5}, 0x9, 0x6e6bb2, 0x3, 0x1, 0x974f5ab8bafe0531, 0x1}, {{@in=@multicast2, 0x4d6, 0x33}, 0x0, @in6=@local, 0x3505, 0x7, 0x1, 0x3, 0xffff, 0x6, 0xffffffff}}, 0xe8) timer_create(0x6, &(0x7f0000000440)={0x0, 0x0, 0x6, @thr={&(0x7f00000003c0)="79638c9d8f457e08d8ab2b45d12d97e08b8e41574f77afa2981b1239a9b9c9049e8a9d7805fc7366aee1caa01567434d3edfbacf10f36f79d0646ad15ea0fbd557b6a3170afc4860d5a47395e5b56950772f7b88d02b4eb92e7b662c0c", &(0x7f0000000580)="b543b6e33a5b678c1a7621017e591a138e46fe4023d2e0341d5c8a93b889b6d51c5aa489718a2cda1a9f03729b35efd7305d5f9e6ebbdffac230b08ea00025a9f943b78fa6f67b792055176aaf812c7a8186172ad0bbc0ca3e2e27ae6658"}}, &(0x7f0000000480)=0x0) munlockall() timer_gettime(r4, &(0x7f0000000300)) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141044, 0x0) write$UHID_INPUT(r5, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0x1000}, 0x1006) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ppoll(&(0x7f00000000c0)=[{r6, 0x4000}], 0x1, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000140)={0x6}, 0x8) r7 = syz_open_dev$dspn(&(0x7f000000bff6)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r7, 0x800000c0045002, &(0x7f0000595ff8)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setrlimit(0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x5, 0x0, 0x1}, 0x2c) write$apparmor_exec(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="657865632073656c662a73656c6676626f786e6574302b06736563757268747900"], 0x1) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/25, 0x19, 0x0) sendfile(r5, r5, &(0x7f00000000c0), 0x8080fffffffe) membarrier(0x2, 0x0) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000600)) [ 266.897842] proc: Unknown parameter '' 18:09:31 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r0, &(0x7f00006f7fe8)=[{{0x0, 0x7530}, 0x1, 0x40000000000004d, 0x400000002}], 0x18) write$binfmt_elf32(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000e2050000380000000000000000000000372420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ca32bd1c48b994adf2510bf58c942e21fbc996a7201f8c0a99444794f41eda1a01bfc37c6ef52d9d9b263dd4f78510613e7b7c09069d4720eeffa4c4b67361029a05d8c7b1d4d70bb59d95d9f326650cfac5f4e0a71a2da38f0dd0017ecff5d35b76bebc4d7ddeb66a2271d69c3a3bda4ada1575dffcba69922333841c38cf5472bcb24396956782d38a658c5fdf029f4d48ca3f73300077e356942c5f667c0d82c247c15a3035c67101ab23a89652c8e2513a79ba5aba3682912ee3f066cb9970f470c54dd4854253edda7e0426ee9d2bd1"], 0x58) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) [ 267.013393] binder: send failed reply for transaction 59 to 7984:7985 18:09:32 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) userfaultfd(0x80000) 18:09:32 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) fgetxattr(r0, &(0x7f0000000000)=@random={'os2.', '/dev/snd/pcmC#D#c\x00'}, &(0x7f0000000200)=""/230, 0xe6) 18:09:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:32 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f000075cf53), &(0x7f000015dffc), &(0x7f0000b25ffc), &(0x7f0000923000)) r1 = fcntl$dupfd(r0, 0x0, r0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2, 0x10, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0xa0000004, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f00000000c0), &(0x7f0000000140)=0x4) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x0, 0x2}, 0x88) write$P9_RFSYNC(r2, &(0x7f0000000280)={0x7, 0x33, 0x2}, 0x7) getpgid(0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001580)={r2, 0x0, 0x3d, 0x1000, &(0x7f00000002c0)="cac831dc9baf2f2e60d0f2bb427eee4778f2709188cecb30f8e5ea89740d069bd3e8c8bb0330332d039041125809bb4abee0cd7f7261ee9d59a034b051", &(0x7f0000001640)=""/4096, 0x80000000}, 0x28) readv(r2, &(0x7f00000015c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/233, 0xe9}, {&(0x7f0000001400)=""/28, 0x1c}, {&(0x7f0000001440)=""/61, 0x3d}, {&(0x7f0000001480)=""/33, 0x21}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/22, 0x16}], 0x7) waitid(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000002640)=0x3) ioctl$TCXONC(r2, 0x540a, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) ftruncate(0xffffffffffffffff, 0x8) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x0, 0x3, 0x2, 0x9, 0x1, 0x6, 0x1, 0x500d}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r3, 0x6, 0x5, &(0x7f0000d11000), &(0x7f0000000000)=0x4) 18:09:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x1, 0x30, 0x0, 0x6}, &(0x7f0000000080)=0x18) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000000c0)={r3, 0xcba, 0x20}, 0xc) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup2(r0, r4) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r5, r1, 0x20000000000) 18:09:32 executing program 3: r0 = socket$inet_sctp(0x2, 0x800000000000006, 0x84) syz_genetlink_get_family_id$team(&(0x7f0000000a40)='team\x00') perf_event_open(&(0x7f0000000d40)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @loopback}, 0x8) 18:09:32 executing program 2: prctl$intptr(0x1d, 0xfffffffffffff52e) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) io_setup(0x3, &(0x7f0000000140)=0x0) r2 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r2, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") io_pgetevents(r1, 0x9f4, 0xffffffffffffffd4, 0x0, &(0x7f0000000000)={0x0, 0x989680}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffe, 0x100000000000031, 0xffffffffffffffff, 0x0) tkill(r0, 0x16) [ 267.293681] binder: send failed reply for transaction 61 to 8007:8008 18:09:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:32 executing program 1: syz_mount_image$msdos(&(0x7f0000000500)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f0000000540)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x18, &(0x7f0000000580)=ANY=[]) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x40, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000280)=0x14) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200), 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'nr0\x00', 0x0}) bind$pptp(r0, &(0x7f00000004c0)={0x18, 0x2, {0x2, @multicast1}}, 0x1e) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'\x00', r1}) fchdir(r0) setsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x1f, &(0x7f00000002c0), 0x4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000680)={0x0, 0x0}, &(0x7f00000006c0)=0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000800)={0xe, 0x8451, 0x264d, 0x38, 0x10, 0xffffffffffffff9c, 0xd6d5}, 0x2c) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000700)={{{@in=@dev={0xac, 0x14, 0x14, 0x11}, @in6=@mcast2, 0x4e20, 0x8001, 0x4e24, 0x1, 0xa, 0xa0, 0x80, 0x2c, r2, r3}, {0x4b8, 0x5, 0x0, 0x40, 0x0, 0x659e78c6, 0x0, 0x5}, {0xff, 0x2ef6, 0x80000001, 0x5}, 0x9, 0x6e6bb2, 0x3, 0x1, 0x974f5ab8bafe0531, 0x1}, {{@in=@multicast2, 0x4d6, 0x33}, 0x0, @in6=@local, 0x3505, 0x7, 0x1, 0x3, 0xffff, 0x6, 0xffffffff}}, 0xe8) timer_create(0x6, &(0x7f0000000440)={0x0, 0x0, 0x6, @thr={&(0x7f00000003c0)="79638c9d8f457e08d8ab2b45d12d97e08b8e41574f77afa2981b1239a9b9c9049e8a9d7805fc7366aee1caa01567434d3edfbacf10f36f79d0646ad15ea0fbd557b6a3170afc4860d5a47395e5b56950772f7b88d02b4eb92e7b662c0c", &(0x7f0000000580)="b543b6e33a5b678c1a7621017e591a138e46fe4023d2e0341d5c8a93b889b6d51c5aa489718a2cda1a9f03729b35efd7305d5f9e6ebbdffac230b08ea00025a9f943b78fa6f67b792055176aaf812c7a8186172ad0bbc0ca3e2e27ae6658"}}, &(0x7f0000000480)=0x0) munlockall() timer_gettime(r4, &(0x7f0000000300)) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141044, 0x0) write$UHID_INPUT(r5, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0x1000}, 0x1006) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ppoll(&(0x7f00000000c0)=[{r6, 0x4000}], 0x1, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000140)={0x6}, 0x8) r7 = syz_open_dev$dspn(&(0x7f000000bff6)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r7, 0x800000c0045002, &(0x7f0000595ff8)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setrlimit(0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x5, 0x0, 0x1}, 0x2c) write$apparmor_exec(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="657865632073656c662a73656c6676626f786e6574302b06736563757268747900"], 0x1) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/25, 0x19, 0x0) sendfile(r5, r5, &(0x7f00000000c0), 0x8080fffffffe) membarrier(0x2, 0x0) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000600)) 18:09:32 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x10000000000001, 0x0) r1 = socket$inet6(0xa, 0x3, 0x1) ioctl(r1, 0x8915, &(0x7f0000000280)="153f6234488dd25d766070") ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000040)={0x5, 0x7, 0x3, 0x700000, 0xfffffffffffffff9}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) ioctl$sock_ifreq(r0, 0x89f5, &(0x7f0000000100)={'eql\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x005\x00', @ifru_settings={0xa07000}}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x101081, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000000c0)={0x401, 0x0, 0x1}) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f0000000140)={0x2, r3}) [ 267.569186] binder: send failed reply for transaction 63 to 8030:8031 18:09:32 executing program 3: getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in=@multicast2, @in6=@local}}, {{@in6=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000300)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000340)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6}}, &(0x7f0000000440)=0xe8) setresuid(0xffffffffffffffff, 0xfffe, r0) r1 = geteuid() keyctl$set_reqkey_keyring(0xe, 0x4) r2 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x0, 0x82) setsockopt$inet_tcp_buf(r2, 0x6, 0x1f, &(0x7f0000000100)="9d0852c5ee9b4e674b29b6c8bfc00048f2615789e6e7760094b585f7fe772b29cf24d6e0921e509ae890e86c3a31e6b7f2863f7aa7ddc66657a7f78c440ba2f70355346fd4bce308ddd8a30be0b383ba61d434d29f0a844051bacbbbd712962a7f389fe98cc45198219d08c57add30a04856c3185ac52cf39ee3e375bb3603c05c2853bc70a5188bc1dd1c2b995ff9fdbd91185e3139405666b46a0ce54a1055c3cfd70b48c1271c9678020cb339db97474cb3cda84edded42b5376b172cd5e823adcce78ab226dae9fe7fa6c2447140d938", 0xd2) setreuid(r1, 0x0) request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000040), &(0x7f0000000080)='eth0))posix_acl_accesswlan0eth1eth0\x00', 0x0) 18:09:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x1, 0x30, 0x0, 0x6}, &(0x7f0000000080)=0x18) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000000c0)={r3, 0xcba, 0x20}, 0xc) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup2(r0, r4) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r5, r1, 0x20000000000) 18:09:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 267.776976] binder_alloc: 8052: binder_alloc_buf, no vma 18:09:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x400000002, 0x0) write$UHID_CREATE(r1, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) r2 = fcntl$dupfd(r1, 0x406, r0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000140)=0x9, 0x4) readv(r1, &(0x7f0000000240)=[{&(0x7f0000000580)=""/231, 0xe7}, {&(0x7f0000000040)=""/13, 0xd}], 0x2) socketpair(0x5, 0x0, 0x206de47f, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$KDGKBSENT(r3, 0x4b48, &(0x7f0000000100)={0x2, 0x0, 0xffff}) write$UHID_DESTROY(r3, &(0x7f0000000200)={0x8}, 0x4) [ 267.834004] binder: 8052:8055 transaction failed 29189/-3, size 0-0 line 2973 [ 267.928848] binder: undelivered TRANSACTION_ERROR: 29189 18:09:33 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f000075cf53), &(0x7f000015dffc), &(0x7f0000b25ffc), &(0x7f0000923000)) r1 = fcntl$dupfd(r0, 0x0, r0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2, 0x10, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0xa0000004, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f00000000c0), &(0x7f0000000140)=0x4) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x0, 0x2}, 0x88) write$P9_RFSYNC(r2, &(0x7f0000000280)={0x7, 0x33, 0x2}, 0x7) getpgid(0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001580)={r2, 0x0, 0x3d, 0x1000, &(0x7f00000002c0)="cac831dc9baf2f2e60d0f2bb427eee4778f2709188cecb30f8e5ea89740d069bd3e8c8bb0330332d039041125809bb4abee0cd7f7261ee9d59a034b051", &(0x7f0000001640)=""/4096, 0x80000000}, 0x28) readv(r2, &(0x7f00000015c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/233, 0xe9}, {&(0x7f0000001400)=""/28, 0x1c}, {&(0x7f0000001440)=""/61, 0x3d}, {&(0x7f0000001480)=""/33, 0x21}, {&(0x7f00000014c0)=""/67, 0x43}, {&(0x7f0000001540)=""/22, 0x16}], 0x7) waitid(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000002640)=0x3) ioctl$TCXONC(r2, 0x540a, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) ftruncate(0xffffffffffffffff, 0x8) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x0, 0x3, 0x2, 0x9, 0x1, 0x6, 0x1, 0x500d}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r3, 0x6, 0x5, &(0x7f0000d11000), &(0x7f0000000000)=0x4) 18:09:33 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000040), 0x800000000008c, 0x1, &(0x7f00000000c0), &(0x7f0000000080), 0x0) mlock(&(0x7f0000047000/0x2000)=nil, 0x2000) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x107000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x0, 0x7}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x80010000, @empty, 0x2}, r1}}, 0x30) 18:09:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:33 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000180)='cpuset.memory_migrate\x00', 0x2, 0x0) socketpair$unix(0x1, 0x6000000000000002, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="40d19e94505da9eaa81b0000"], 0x2) [ 268.092905] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.162094] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.185843] binder_alloc: 8080: binder_alloc_buf, no vma [ 268.187349] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.191350] binder: 8080:8087 transaction failed 29189/-3, size 0-0 line 2973 18:09:33 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) preadv(r0, &(0x7f0000003300)=[{&(0x7f0000003200)=""/74, 0x4a}], 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'sit0\x00', 0x3e01}) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000080)) 18:09:33 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$inet(0x2, 0x7, 0x8) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='team_slave_0\x00', 0x10) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x49) connect$netlink(r1, &(0x7f0000000200)=@unspec, 0xc) 18:09:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 268.267625] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.299176] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.374161] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.380886] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 18:09:33 executing program 0: socketpair$unix(0x1, 0x400000001, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, &(0x7f00000000c0), 0xfd01, 0x8800, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @mcast1}, 0x1c) r2 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000809000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x0) [ 268.426286] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.442375] binder_alloc: 8101: binder_alloc_buf, no vma [ 268.454461] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.459567] binder: 8101:8102 transaction failed 29189/-3, size 0-0 line 2973 18:09:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x4001) write(r0, &(0x7f0000c34fff), 0xffffff0b) poll(&(0x7f0000000140)=[{r1}], 0x1, 0x4) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70000}) [ 268.496831] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 18:09:33 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x419feba, 0x80202) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040)=0x7, 0x4) recvmsg$kcm(0xffffffffffffffff, &(0x7f00000025c0)={&(0x7f0000002240)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000024c0)=""/206, 0xce}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000740)='net/ip6_mr_cache\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) preadv(r1, &(0x7f00000017c0), 0xe3, 0x400000000000000) [ 268.538521] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 268.573880] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 18:09:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:33 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = dup2(r0, r0) getsockopt$llc_int(r1, 0x10c, 0x7, &(0x7f0000000040), &(0x7f0000000600)=0x4) r2 = syz_open_dev$evdev(&(0x7f00000007c0)='/dev/input/event#\x00', 0x1, 0x4680) mknod(&(0x7f0000000680)='./file0\x00', 0xf1c0, 0x5) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000740), &(0x7f0000000780)=0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000540), 0x0, 0x0, &(0x7f0000000140)={0x2, 0x4e21, @multicast2}, 0x10) setsockopt$inet_group_source_req(r2, 0x0, 0x2f, &(0x7f0000000180)={0x401, {{0x2, 0x0, @loopback}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}}, 0x108) socket$packet(0x11, 0x0, 0x300) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) close(r5) syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000780)='9p\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="f5d70000000000002c7266646e6f3d", @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',\x00']) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x43cad3c8}, &(0x7f00000000c0)=0xc) ioctl$KDADDIO(r1, 0x4b34, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\'', 0x1ff) shmget$private(0x0, 0x3000, 0x400, &(0x7f0000ffd000/0x3000)=nil) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000700)='/dev/loop-control\x00', 0x0, 0x0) sched_getattr(0x0, &(0x7f00000006c0), 0x30, 0x0) ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r6, 0x4c80, 0x0) eventfd2(0x0, 0x0) ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f00000002c0)={[0x105000, 0xf000], 0x100000000, 0x40, 0x5}) chdir(&(0x7f0000000640)='./file0\x00') syz_open_dev$midi(&(0x7f00000005c0)='/dev/midi#\x00', 0x0, 0x1a003) socket$inet6_tcp(0xa, 0x1, 0x0) 18:09:33 executing program 2: r0 = socket$inet(0x10, 0x3, 0x8000000000c) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci\x00', 0x400580, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000080)={0x3, 0x0, 0x4, 0x2, 0x7f, 0xa0}) sync() sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000030807041dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 18:09:33 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x8, &(0x7f0000000280)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@uid_eq={'uid', 0x3d, r0}}, {@obj_user={'obj_user', 0x3d, '@@%('}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'posix_acl_accessself^'}}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x7f, 0x77, 0x0, 0x62, 0x77, 0x63, 0x39], 0x2d, [0x7f, 0x0, 0x74, 0x34], 0x2d, [0x3b, 0x74, 0x66, 0x65], 0x2d, [0x76, 0x77, 0x31, 0x66], 0x2d, [0x30, 0x38, 0x66, 0x77, 0x77, 0x32, 0x67, 0x36]}}}]}) mount(&(0x7f0000000a00)=ANY=[@ANYBLOB="2f6465762f6d643000160f53471fe27b6b81a2f6b06bb16f1fbd5275eaca6d4ac6a6e96d711a411aa20200fdff68ff706aca5383d5108002ad017eb469143825fc02799b7a3b6bc54497c5c2749a5466088638182a4d5a9d98c96787413561d6ebaf7d940dbad36fdbc5e49d66a0066c670b6455b48d2e0370f2650360050000000000000000000000000000000000"], &(0x7f0000000640)='./file0\x00', &(0x7f0000000100)='udf\x00', 0x8c03, &(0x7f0000000080)="000000000000004005e14b51d3e3b4390b127600") r1 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000009c0)={'syz', 0x2}, &(0x7f0000000380)="48c1cb5df33f888bf40629229356e8f684dc8fb2cd617a39f1271129ee2258a9753527615f4f9687ee51f9d6e07b69b286a64dd02562b9871d832ba3a231e3783e456145c5d993613ac5351b421a75abbeba9267a30168c8058c1fe7", 0x5c, 0xfffffffffffffffa) r2 = request_key(&(0x7f0000000400)='.request_key_auth\x00', &(0x7f0000000440)={'syz', 0x1}, &(0x7f0000000480)='/dev/md0\x00', 0xfffffffffffffff8) r3 = add_key$user(&(0x7f00000004c0)='user\x00', &(0x7f0000000500)={'syz', 0x0}, &(0x7f0000000540)="fa3af873391131e9b9924c06fa", 0xd, 0x0) r4 = syz_open_dev$adsp(&(0x7f0000000880)='/dev/adsp#\x00', 0xc1, 0x400000) r5 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f00000008c0)='cgroup.subtree_control\x00', 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='9p\x00', 0x40, &(0x7f0000000900)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@nodevmap='nodevmap'}, {@fscache='fscache'}], [{@fsname={'fsname', 0x3d, 'cpuset)em1'}}, {@euid_lt={'euid<', r0}}, {@measure='measure'}, {@audit='audit'}]}}) keyctl$dh_compute(0x17, &(0x7f0000000580)={r1, r2, r3}, &(0x7f00000005c0)=""/124, 0x7c, &(0x7f00000007c0)={&(0x7f0000000680)={'sha1-avx\x00'}, &(0x7f00000006c0)="732832ec20b981ba581fc8eb440664da606be846c8778dfb66880017baff4cfc06f58317316b67ef45dba3cf609f7b8c5fc922972471300698cadcff7aed931f0f5fbbff6af4d649432dddd9860f12e6342dc32085b43511379359c00cd61b27941fd43e775079fba6584dfa1a59df5053b4362c076793784e713e70655ae1693481a01cb7d9c574c68428dd2d8acdebe41f865270bf091563049dbaa12d662c9f4808c4dd847c395b6409603d058e29e31fa0ce31487bd49cc10a23b710e78a7bb187abef7b9b07f2470342aab78f5c803037139f85ba3d546d6bbdce", 0xdd}) 18:09:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, &(0x7f00000000c0)) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000249, 0x0) setsockopt$inet6_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000240)="39758fa2bd758daec73cb1ba86ea9ba5d7e4f0330f8c8aa11a9cd388a405ec6167c431239093b88cf7d0ce98b874988b07a4408b5efa4cca35dd6e820cf7c7d67b594e5396004ea19403604ca17fcf85d612e5e34719cc8cf82b2b7d88b13def3422a27bb6a318cfab2a31c5756beea7d1f46d07427f2ab453649c6dfbce3654abe02634166b0692344e0e659d059d76d49cc6c5a4e5cf6201bc7b679941506b50db9706c3219894c5dbbb82bda1108acc84bf762b7e80c33a4a3ee96e7a81b6c3c7c7dcda801287e424d211", 0xcc) fcntl$setsig(r0, 0xa, 0x1f) [ 268.761488] binder_alloc: 8126: binder_alloc_buf, no vma [ 268.794498] binder: 8126:8127 transaction failed 29189/-3, size 0-0 line 2973 [ 268.814696] overlayfs: unrecognized mount option "uid=00000000000000000000" or missing value [ 268.890938] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 18:09:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 268.933737] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 268.964333] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.001411] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 269.035766] 9pnet: Insufficient options for proto=fd [ 269.042987] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.052261] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 269.061892] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.076587] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 18:09:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSTI(r0, 0x402c542d, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80181) sendmsg$rds(r1, &(0x7f0000003b40)={&(0x7f0000000080)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10, &(0x7f0000003440)=[{&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/160, 0xa0}, {&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000002180)=""/86, 0x56}, {&(0x7f0000002200)=""/232, 0xe8}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000003300)=""/75, 0x4b}, {&(0x7f0000003380)=""/115, 0x73}, {&(0x7f0000003400)=""/44, 0x2c}], 0x9, &(0x7f0000003a00)=[@mask_fadd={0x58, 0x114, 0x8, {{0x0, 0x3}, &(0x7f0000003500), &(0x7f0000003540)=0x9f6, 0x6, 0x3ff, 0xffff, 0x3, 0x40, 0x8}}, @cswp={0x58, 0x114, 0x7, {{0x7ff, 0x6}, &(0x7f0000003580)=0x7, &(0x7f00000035c0)=0x80000001, 0x60, 0x6e, 0x1000, 0x0, 0x10, 0x5}}, @rdma_args={0x48, 0x114, 0x1, {{0x120000000000, 0x7ff}, {&(0x7f0000003600)=""/48, 0x30}, &(0x7f0000003980)=[{&(0x7f0000003640)=""/113, 0x71}, {&(0x7f00000036c0)=""/145, 0x91}, {&(0x7f0000003780)=""/55, 0x37}, {&(0x7f00000037c0)=""/92, 0x5c}, {&(0x7f0000003840)=""/50, 0x32}, {&(0x7f0000003880)=""/77, 0x4d}, {&(0x7f0000003900)=""/65, 0x41}], 0x7, 0x10, 0xef}}, @rdma_dest={0x18, 0x114, 0x2, {0x1, 0xffffffff}}], 0x110, 0x40000}, 0x20000000) [ 269.122612] UDF-fs: warning (device md0): udf_fill_super: No partition found (1) [ 269.162641] overlayfs: unrecognized mount option "uid=00000000000000000000" or missing value 18:09:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, &(0x7f00000000c0)) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000249, 0x0) setsockopt$inet6_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000240)="39758fa2bd758daec73cb1ba86ea9ba5d7e4f0330f8c8aa11a9cd388a405ec6167c431239093b88cf7d0ce98b874988b07a4408b5efa4cca35dd6e820cf7c7d67b594e5396004ea19403604ca17fcf85d612e5e34719cc8cf82b2b7d88b13def3422a27bb6a318cfab2a31c5756beea7d1f46d07427f2ab453649c6dfbce3654abe02634166b0692344e0e659d059d76d49cc6c5a4e5cf6201bc7b679941506b50db9706c3219894c5dbbb82bda1108acc84bf762b7e80c33a4a3ee96e7a81b6c3c7c7dcda801287e424d211", 0xcc) fcntl$setsig(r0, 0xa, 0x1f) [ 269.186224] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.188210] 9pnet: Insufficient options for proto=fd [ 269.212736] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 269.223194] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.232089] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 269.232710] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.249841] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 269.259166] UDF-fs: error (device md0): udf_read_tagged: read failed, block=256, location=256 [ 269.268101] UDF-fs: error (device md0): udf_read_tagged: read failed, block=512, location=512 [ 269.276977] UDF-fs: warning (device md0): udf_fill_super: No partition found (1) 18:09:34 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000380)={0xb, 0x0, 0x200, 0x5, 0x0, 0x1, 0x7}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000280)={0xffffffffffffffff, &(0x7f0000000440)="8b21db84fca13321e0193549f75b093aed08271c2fd1dd7a1157e19d7d32ee442518fa03566d4b70ac2b08e57a9e64da26fa40ef35d773e2b7b76859fb30d4633b5720323d303302755ecc639ccd2a4691ec129b1d3ed738fd865e6830dac968d968f4b15c064315f4bca4fd25fe360b83c2f37a362d6afc92b95fddd4175a72d722120fe823bd9f0ac7bdee7c47ac9be90d492a5f944888227116b4fdb19873a28d47d764a8b319af3e7e32506df6700c15a2a7", &(0x7f00000003c0)=""/128}, 0x18) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x2000, 0x0) ioctl$KDADDIO(r1, 0x4b34, 0xb9) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='bpf\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00', 0x2761, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'gre0\x00', 0xc00}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086607, 0x1) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000540)=ANY=[@ANYRESHEX=r0], 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'bridge0\x00'}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000140)={0x8000000000000, 0x8, 0x5, 0xffff, 0x0}, &(0x7f0000000240)=0x10) signalfd4(r0, &(0x7f00000000c0)={0x80000000}, 0x8, 0x80000) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000002c0)={r3, 0x4, 0x30}, &(0x7f0000000300)=0xc) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f0000002100)) [ 269.342692] binder_alloc: 8151: binder_alloc_buf, no vma [ 269.394378] binder: 8151:8153 transaction failed 29189/-3, size 0-0 line 2973 18:09:34 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f00000000c0)=0xb206, 0x4) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000020307031dfffd946ff20c0020200a0009000200021d8568021baba20400ff7e28000000110affff82aba0aa1c0009b356da5a80918b06b20cd37ed01cc000000000000000000000", 0x4c}], 0x1}, 0x0) [ 269.459420] binder: undelivered TRANSACTION_ERROR: 29189 18:09:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:34 executing program 2: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000025c0)={&(0x7f0000002240)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000024c0)=""/206, 0xce}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountstats\x00') ioctl$KDSETMODE(r0, 0x4b3a, 0x0) preadv(r0, &(0x7f00000017c0), 0xe3, 0x0) 18:09:34 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x18002) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000080), 0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x10010, r0, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000000), &(0x7f00000000c0)=0x30) [ 269.639184] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 18:09:34 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0x1ca}], 0x11, &(0x7f00000011c0)=""/157, 0xffffffffffffffa8}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.swap.current\x00', 0x0, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000140)={[{0xfffffffffffffff7, 0x1a, 0x9bc6, 0x948, 0x8, 0x101, 0x1000, 0x1, 0x100000001, 0x4, 0x4, 0x400}, {0x8, 0x0, 0x5, 0x5, 0x5, 0x80000000, 0x6, 0xaa, 0x400, 0xffffffffffff5f21, 0x7fff, 0x401, 0x6}, {0x2, 0x3, 0x6, 0x6, 0x78, 0x3, 0x6c2b, 0x54eae00d, 0x3f, 0x800, 0x10001, 0x8, 0x8}], 0x9}) [ 269.721448] netlink: 20 bytes leftover after parsing attributes in process `syz-executor4'. [ 269.729365] binder_alloc: 8177: binder_alloc_buf, no vma 18:09:34 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x100, 0x0) ioctl$int_in(r0, 0x800000800c5012, &(0x7f00000004c0)) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x5ad9}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r1, 0x100000000}, &(0x7f00000000c0)=0x8) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000100)=0xbc8) [ 269.796972] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 269.804826] binder: 8177:8178 transaction failed 29189/-3, size 0-0 line 2973 [ 269.860152] netlink: 20 bytes leftover after parsing attributes in process `syz-executor4'. 18:09:34 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clock_adjtime(0x0, &(0x7f0000000080)={0x7f, 0x0, 0x0, 0x0, 0x0, 0xb7}) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x1) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000180)={0x0, 0x8b, "616c02adf63213415a18567bad5660b4f108997d611236b66c147c5c03323b2f2c10325def345be9d547ddc8f1786dab066c2ce04f70f2cd0e7b7031c43143b88b49250f7c0f86916bf26fa120cb131392e1ee3de7cf20328027fea2f3a10cdd2799791170f0e34bdd5d1d0cf5f65ad505740a6e55c533db5bfe6b1e837b9a3a0422c785a92628a137d06b"}, &(0x7f0000000240)=0x93) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000280)={r2, 0x4}, 0x8) 18:09:34 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x18040, 0x0) recvmmsg(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@ipx, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000001540)=""/4096, 0x1000}}], 0x40001c2, 0x0, 0x0) getsockopt$llc_int(r1, 0x10c, 0x2, &(0x7f0000000100), &(0x7f0000000140)=0x4) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f00000001c0)={0x28, 0x2, 0x0, {0x3, 0xd1, 0x28f5}}, 0x28) accept4$nfc_llcp(r1, &(0x7f0000000280), &(0x7f0000000200)=0x60, 0x800) 18:09:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x401, 0x40) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000001c0)={{0xa, 0x4e23, 0x40, @local, 0x3f5}, {0xa, 0x4e24, 0x100, @ipv4, 0x5}, 0x8, [0x80000001, 0x0, 0x5, 0x3, 0x7, 0x422851b6, 0x4, 0x5d4]}, 0x5c) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f000000f000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="48b801000000000000000f23c00f21f835020004000f23f8b9c70200000f32f0460fc78868cc0000b8010000000f01c166b8f8000f00d866bad00466b8c26266efc441adfedcc4c19855a804000000460f1a7d046436640f07", 0x59}], 0x1, 0x0, &(0x7f00000000c0), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f000001a000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000240)="df1f3e650f01c80f51152eef26a850a50f090f20e06635000040000f22e00f71d227267300", 0x25}], 0x1, 0x72, &(0x7f0000000380), 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000140)={0x70003, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa2b]}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000340)) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={0x0, 0x1}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000480)={r4, 0x58, &(0x7f0000000400)=[@in6={0xa, 0x4e22, 0xb8d, @local, 0x7fffffff}, @in={0x2, 0x4e24, @local}, @in={0x2, 0x4e21}, @in6={0xa, 0x4e23, 0x4, @mcast1, 0xff}]}, &(0x7f00000004c0)=0x10) 18:09:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x40, 0x0) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000240)=@ipv4_newroute={0x1c, 0x18, 0x521, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}}, 0x1c}}, 0x0) 18:09:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:35 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x854, 0x0, 0x1}, 0xed) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x3ff, 0x4, 0x75, 0x9, 0x0, 0x6, 0x80, 0xd, 0xfffffffffffffff9, 0xea, 0x0, 0xfffffffffffffff7, 0x1000, 0x0, 0x1, 0x9, 0x7fff, 0x0, 0x80a5, 0x2, 0x82b, 0x80000001, 0x8000, 0x80, 0x6, 0xd2, 0x80000001, 0x1, 0x4, 0x6a93, 0x400, 0x1, 0x6946, 0x8, 0xffffffffffff0001, 0x2, 0x0, 0x2, 0x1fae414980e07e66, @perf_config_ext={0x0, 0x8}, 0xa200, 0x9, 0x4, 0x5, 0x4, 0x1, 0x75c}, r2, 0xd, r0, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x15, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x85ffffff, 0x201a7fa6, 0x48, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 18:09:35 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x111000, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'bcsh0\x00', {0x2, 0x4e21}}) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}) listen(r0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000340)={0x1, r1, 0x1}) connect(r2, &(0x7f0000931ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) bind(r2, &(0x7f00000002c0)=@in={0x2, 0x4e24, @local}, 0x3c9) write$eventfd(r2, &(0x7f0000000000), 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000200)={0xffffffffffffffff}, 0x2, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000000280)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x3, {0xa, 0x4e24, 0x401, @dev={0xfe, 0x80, [], 0x20}, 0x7}, r3}}, 0x38) openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x2a0600, 0x0) r4 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x2, 0x4400) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000080)=0x9, 0x4) 18:09:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:35 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x4001ff, 0x0) sendmsg$rds(r0, &(0x7f0000002a00)={&(0x7f0000000180)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/92, 0x5c}, {&(0x7f0000000240)=""/12, 0xc}], 0x2, &(0x7f0000002840)=[@cswp={0x58, 0x114, 0x7, {{0x200, 0x1}, &(0x7f00000002c0)=0x3, &(0x7f0000000300), 0x8001, 0x8, 0x4, 0x400, 0x8, 0x1}}, @mask_cswp={0x58, 0x114, 0x9, {{0x4, 0x1}, &(0x7f0000000340)=0xe3, &(0x7f0000000380)=0x100000000, 0x934, 0x8001, 0x2, 0x6, 0x26, 0x4c378a13}}, @rdma_args={0x48, 0x114, 0x1, {{0x0, 0x3ff}, {&(0x7f00000003c0)=""/4096, 0x1000}, &(0x7f0000001400)=[{&(0x7f00000013c0)=""/8, 0x8}], 0x1, 0x19, 0x3f}}, @rdma_args={0x48, 0x114, 0x1, {{0x7, 0x9}, {&(0x7f0000001440)=""/147, 0x93}, &(0x7f0000002740)=[{&(0x7f0000001500)=""/129, 0x81}, {&(0x7f00000015c0)=""/125, 0x7d}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000002640)=""/165, 0xa5}, {&(0x7f0000002700)=""/14, 0xe}], 0x5, 0x40, 0x9}}, @mask_fadd={0x58, 0x114, 0x8, {{0x0, 0x3}, &(0x7f00000027c0)=0x9, &(0x7f0000002800)=0x1608, 0x6, 0x8, 0x3, 0x74, 0x30, 0x6}}], 0x198, 0x800}, 0x8005) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000040)={0x0, 0x28, "f4b063bec9ae4efc3e117d96cb447f7971374d0a4060b13ce9dad511cc9562169e38dc5d969e5dca"}, &(0x7f0000000080)=0x30) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={r3, 0x1f, 0x6, 0x2, 0x6, 0x1}, &(0x7f0000002a40)=0x14) setresuid(0x0, r2, 0x0) ioprio_set$pid(0x0, 0x0, 0x3277) socketpair$inet6(0xa, 0x3, 0x2, &(0x7f0000000000)) 18:09:35 executing program 0: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000700)={0x16, 0x98, 0xfa00, {&(0x7f0000000340), 0x2, 0xffffffffffffffff, 0x0, 0x0, @ib={0x1b, 0x3f, 0x0, {"6d3a03a22ad13804238c25806cdd75ac"}, 0x800}}}, 0xa0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x100, 0x0) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000580)={0x20, 0x8001, 0x3}) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000006c0)) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300), 0x4) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x10) renameat(r3, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000240)='./file1\x00') clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='nfs\x00', 0x0, &(0x7f0000000000)) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vsock\x00', 0x400000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f00000005c0)) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x0, @mcast2, 0x1}, {0xa, 0x4e23, 0x0, @empty, 0x2}, r0, 0x4de8a597}}, 0x48) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'], &(0x7f0000000400)=0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000440)={0x0, 0x5, 0x81, 0x100000000, 0x0, 0x2000000000000000}, 0x14) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000640)) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000680)=[{0x6, 0xf6}, {0xa, 0x100000000}], 0x2) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}, &(0x7f0000000600)=0x10) 18:09:35 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000180)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000001c0)={@mcast2, 0x5d, r1}) r2 = socket$inet(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$can_raw(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000240)=@can={{0x1, 0x100000001, 0x3, 0x395c}, 0x8, 0x1, 0x0, 0x0, "c694ef53f3a72285"}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x24000800) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x800, 0x4, 0x1, 0x5, "78cdeae4f184f60d1928e8729a45e15b192010f5bbd57831934f46deb92e5b04243973a18cf17bfdab6e99152cf0e1510903cc5eceaa5e6a7ebfc31c912e624b", "7103c401cde84e6c3a8c1b02132a261d15539ac8e65c744face20a0b50c073b2", [0x5, 0xaee]}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000240007031dfffd946fa2830020200a0009000400001d85680c1ba3a20400ff7e280000001100ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 18:09:35 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) move_pages(r1, 0x4, &(0x7f0000000200)=[&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) r2 = getpid() fadvise64(r0, 0x21, 0x1, 0x5) sched_setscheduler(r2, 0x5, &(0x7f0000000140)) socketpair(0x1b, 0x6, 0x6, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000100), &(0x7f00000001c0)=0x4) ioctl$UI_SET_MSCBIT(r0, 0x400c55cb, 0x730000) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4) [ 270.793296] Unknown ioctl 19270 [ 270.816376] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 270.864171] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 270.903604] Unknown ioctl 21382 [ 270.920848] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 270.938565] Unknown ioctl 1074554389 [ 270.946492] Unknown ioctl 19270 18:09:35 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x2102001fbc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r1 = gettid() ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x6) wait4(r1, &(0x7f0000000440), 0x0, &(0x7f0000000680)) socketpair(0xa, 0x1, 0x28, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000040)={0x5000000000000000, 0x2, 0x2, 0x1, 0x10}) 18:09:35 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x323, &(0x7f0000000500)=""/251}, 0xfffffffffffffe84) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000280)={0xffffffffffffffff, 0xfffffffffffffff8, 0x6, "1e6f4ebafdb24756a3be3882df520ed269df92bd2ceb623a68e068329ee084769d2b8c62f3815878023572422dd45e280ae7ddfdc42918f70a5f5eea6f739acf12cc0a95fffdb9234c6fef032eeeb74d11a3ef5f28fbf5f0bc29a65818c82ee1f3bac1a695fe74beb9eec311666e8f9c5d048e2e3e839836cf97729f"}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000700), 0x0, 0x40000}, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000600)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000240)=0x5, 0x4) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000340)={{0x3b, @broadcast, 0x4e23, 0x4, 'ovf\x00', 0x22, 0x4, 0x55}, {@local, 0x4e20, 0x3, 0x0, 0x1, 0x7fffffff}}, 0x44) r2 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x200, 0x4000) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000680)='gretap0\x00') ioctl$SNDRV_TIMER_IOCTL_STATUS(r2, 0x80605414, &(0x7f00000000c0)=""/125) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000000)) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhci\x00', 0x40000, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f00000001c0)={0x0, r2, 0x5, 0x67c, 0x1, 0xdf2}) setsockopt$inet_group_source_req(r3, 0x0, 0x0, &(0x7f00000003c0)={0x2, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x4e23, @rand_addr=0xc0fe}}}, 0x108) ioctl$IOC_PR_PREEMPT_ABORT(r3, 0x401870cc, &(0x7f0000000140)={0x2, 0x80, 0x6, 0x27dd3e0}) 18:09:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf"}], 0xaaaaaaaaaaaac60, 0x0, &(0x7f0000000100), 0x330) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x2800, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0x0, 0x101}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 18:09:35 executing program 2: mq_open(&(0x7f0000000080)=']eth0\x00', 0x0, 0x9, 0x0) [ 270.979472] Unknown ioctl 21382 18:09:36 executing program 2: ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(0xffffffffffffffff, 0xc0385720, &(0x7f00000000c0)={0x0, {0x0, 0x989680}}) r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x8, 0xa00) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000080)) r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x0) getsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000400)={@multicast2, @empty, 0x0}, &(0x7f0000000440)=0xc) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000480)={r3, 0x1, 0x6, @dev={[], 0xc}}, 0x10) dup3(r1, r2, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000140)=0x36a, 0x4) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e23, @multicast2}}, 0xffffffff, 0x6, 0x800, 0x2, 0x10}, &(0x7f0000000180)=0x98) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000002c0)={r4, 0xe3, "716decf0ba8062071ba39245416297bd0d5a411b41e55e5ea3855fc5acf4c21645f0c8c83bdf39f0ef4446e2303b274ce112147bef745b6c8a7143b738ad89bfa6af7be6874485ee0445e865844d8265067da30fc645f6e19804f24eb656b7eda0634020d87a515b674a199bffac29fadd678b675df5c3e18e1c6fd3827b279e7f7b057fc8f6ea0c74b7dc183adea825c128628f37e45eccda46ffe33e07032d949d2abfa1eb78dfbecffcce0bb2f4d9ea9bec0f7061f30852acb621b3a0137a7d6d03128e30503ab3f268067622cb0a2fe56ca20f2d03dc581198fe1ea45d4575a4e6"}, &(0x7f00000003c0)=0xeb) 18:09:36 executing program 1: dup2(0xffffffffffffff9c, 0xffffffffffffff9c) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x200000, 0x0) openat$cgroup_ro(r0, &(0x7f0000000000)='/gsoup.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 18:09:36 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') r2 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f0000000100)=0x1e) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x44, r1, 0x531, 0x0, 0x0, {0x9}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}]}]}, 0x44}}, 0x0) [ 271.251985] Unknown ioctl 1074554389 18:09:36 executing program 0: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000700)={0x16, 0x98, 0xfa00, {&(0x7f0000000340), 0x2, 0xffffffffffffffff, 0x0, 0x0, @ib={0x1b, 0x3f, 0x0, {"6d3a03a22ad13804238c25806cdd75ac"}, 0x800}}}, 0xa0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x100, 0x0) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000580)={0x20, 0x8001, 0x3}) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000006c0)) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300), 0x4) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x10) renameat(r3, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000240)='./file1\x00') clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='nfs\x00', 0x0, &(0x7f0000000000)) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vsock\x00', 0x400000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f00000005c0)) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x0, @mcast2, 0x1}, {0xa, 0x4e23, 0x0, @empty, 0x2}, r0, 0x4de8a597}}, 0x48) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'], &(0x7f0000000400)=0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000440)={0x0, 0x5, 0x81, 0x100000000, 0x0, 0x2000000000000000}, 0x14) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000640)) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000680)=[{0x6, 0xf6}, {0xa, 0x100000000}], 0x2) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}, &(0x7f0000000600)=0x10) 18:09:36 executing program 2: r0 = socket$can_bcm(0x1d, 0x2, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in=@dev}}, &(0x7f0000000000)=0xe8) connect(r0, &(0x7f0000000480)=@xdp={0x2c, 0x1, r1, 0x3a}, 0x80) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) r3 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r3, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") sendmsg$can_bcm(r0, &(0x7f0000011000)={&(0x7f0000010ff0)={0x1d, r2}, 0x10, &(0x7f000000eff0)={&(0x7f0000012f80)={0x1, 0xfffffffffffffffc, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "68759a67d8602d3e4b207446a705148d03f1f86e60b22a6ec7e5b35afc19cd0ed506fb9cdba948697c01f3ec6bc0f8f98290b0198d30bde485753f80c203fe81"}}, 0x80}}, 0x0) io_setup(0x80008, &(0x7f0000000700)=0x0) r5 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x1, 0x200) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r4, 0x5, &(0x7f00000006c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x7, 0xfff, r0, &(0x7f0000000080)="74a827553fd73ad91e0f06b7f6f1", 0xe, 0x8, 0x0, 0x2, r5}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xf, 0x458e, r0, &(0x7f0000000340)="61f05e2355cd5a1fc774477456b8999d7ad7570fe39e90ea173b3af6bd7fa2c2fc39fb1123a8074f4d0bd486e2067982fea806a71928c1f52170368256e0c52977cfc50132712a3633ab31e2d27df7480d09708b6a8a43ff751fe4747c4f7573a33fac5d64bb3bdbeac72497edb034448f3c493eebc19d15bd63fca9644074921ed138e15c9e95af10d54d7b97699ab61cc8a54a5d083eaa4948", 0x9a, 0x8, 0x0, 0x1, r6}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x6, 0x7, r3, &(0x7f0000000400)="d60bddf21baa235755bc5c66e705365d9cce94d36dd44901ee80c9e6d842972fe2", 0x21, 0x4, 0x0, 0x1, r0}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7, 0x4, r3, &(0x7f0000000500)="392163db0d909f31a4b232e334245f80c2d49f543f147a0cbbfa83089520efa81401e89372", 0x25, 0xfffffffffffffdd1, 0x0, 0x2}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x62b6458d26b59973, 0x7, r0, &(0x7f0000000580)="c14185c24e821d84ff6e66b5ac9f7077b30308359ebed35e6bd3ce4a5db51809d87b3e5f642e9b622f54d56f58c8205a6160fd7736b948eedab2c73debe836f843c060b6ccccfa29060bd7681ccca3b6d05786b9e40b53f7e218362a3b8973b0395cc8027bb112ee35b0ed7f0682fb20da1c704223c1d1d3163f1c03ffac0a9a343ec155f7dd947b8a8ef0d8289d287930ca5696aa38e3bc68e91c783159d0a454961d1c51d6bfb3196c391c953248dd5372b380013cd8bb1dcda024bfeb88134c5904f277f4ec15233e759d5f99f6cc9cce284e33c97ef6343361", 0xdb, 0x8, 0x0, 0x1, 0xffffffffffffff9c}]) [ 271.367541] Unknown ioctl 19270 [ 271.379387] IPVS: Unknown mcast interface: syzkaller1 [ 271.441878] IPVS: Unknown mcast interface: syzkaller1 18:09:36 executing program 1: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002840)={{{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f0000002940)=0xe8) syz_mount_image$btrfs(&(0x7f0000000500)='btrfs\x00', &(0x7f0000000540)='./file0\x00', 0x3f, 0x1, &(0x7f0000000580)=[{&(0x7f0000002780)="7c28cd3bfbeb616aab58002b93c6a6c0d0e0ac231ea8e26ec65f21044d2b3dc53c6e3de2aa4accb8e64f1479074910ed955652fde76856820ead2f0068afdf65c1f30eae59bc54fb0e75d24d9bd6e1dcf18360af74b4c675a68cb3d72d3aa6a2921d5e6af8122a4997ffa38ac23c8cc221894e7bc326f1c887a46cea5378f1a627c10b15782e2a9255090a69c693ad945e7b62812bcee65c61a5aca09ce2a0acd2fc9e70b5a4a0a46e059cd99e56f1e21420c7e1c0bde1c05bd888", 0xbb, 0x10001}], 0x2840, &(0x7f0000002980)={[{@noinode_cache='noinode_cache'}, {@nodatacow='nodatacow'}, {@nodiscard='nodiscard'}, {@nodatacow='nodatacow'}, {@degraded='degraded'}, {@datasum='datasum'}, {@compress_force='compress-force'}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'fsname'}}, {@audit='audit'}, {@obj_type={'obj_type', 0x3d, 'func'}}, {@uid_eq={'uid', 0x3d, r0}}, {@hash='hash'}, {@smackfsdef={'smackfsdef', 0x3d, 'vmnet0%'}}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@obj_type={'obj_type', 0x3d, 'func'}}, {@smackfsroot={'smackfsroot'}}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x3ffffffffffe) r1 = memfd_create(&(0x7f00000000c0)='port', 0x4) setxattr$security_ima(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='security.ima\x00', &(0x7f0000000380)=@v2={0x3, 0x0, 0xa, 0x100, 0xc7, "1364c660acd0af334681b61873b773c8de79f80b9938a7bce737a9be3ed72590eef3267b2cb6305512a1afa4923e84caa4374e4cd4ece4eda0788180473f50fa9b5af5b8a4556cd4493456e8d82dfaee3ad10cc45f59503670e3978f7a2186763c676f5377b27ab36e8701e830802dd9802f942b97485c1a6866404cda26e2bf2b36ee4d01bd26b82d4f80f1205a1e05c435115156ed39af732b2dcf8c35ca621f7cf43e124930a7d4dadd1250b6c020010aca5346f9e4ba998d8f6b4bd063a314c5bacb122286"}, 0xd1, 0x1) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000001c0)) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) truncate(&(0x7f0000000240)='./file0\x00', 0x0) ioctl$KVM_SET_NESTED_STATE(r1, 0x4080aebf, &(0x7f0000000700)={0x3, 0x0, 0xffffffffffffff1b, {0x6000, 0xd000, 0x1}, [], "28b5048419d1046930797ea8cf8e10574b344f85f0e812cb4f9d1b87fc38c5614aafb485737cb2f31838e55613e5c5e3de1f85066e68d512f49c5028ff1e5e7e4430aba40318705f08738f50f0f28fab040a0a547563907029ccfa58a5860b259a9f7a37c6ace53f71a4352da52d6581ba3cb3861b0ecb7a0298ab59f430796fff8fe40cc1761ccda6b7024de7cd35ef28e9dbe67feea8274ba9b7b9fdbbe214f6b55acc695f075ea1f9a39bce13b1cb36bc919f1740a1c68848a1e3c3fbe47739b70539585a923f2d19f3a6cd3736feb3ee9dec0168d57efe864d87409390d19f0a0276e484f9de4aa1904567615800bb62b0d2ee2ef9fcc688572f8c230ed05d592e7746b84f30605b8e42deebd6866f2960d8bcc59ca9527e4acb1d26113b43ab1dc2117fbf6c61970a1036153355dffb6afdddcf791520fd1d3e8529a0099698f1bf821e1355b9865acadf68374ed93cf1fbc0f0d4bf668562c8a1443ad987528a19b33044ba2541fcc659a1beba1a68762c0064a9b0ba827bb0c2c6ab7dbc254bf977eb9f3d015d3a0e31f7563acde9954b35cbdbd12474c9a2cec0676167bf325314b5af94ba71b05c40acb75602cb88855930cd77218d71fda327c306a0be1376529a38db13f6cd5ec263e7a752b0797e9b02b5db5277d2d2246e4e7cea3a45919f39f7558f5f6b3f3b73968a69c4dd6309846c04bfd40a3566963a10042b3b6ddb7ee6aa2b0a715f5a026878b52c4236781e9cb53d8e70010d312899ed8c655e8b8b3dde5a1d20c3dbb695a0f1c1d961d33cee4827dd8f921e233130227d1db0cd985a1a70095c9a0414b3f0eb016dc121dc88e18521c47b6f7cf65f04dec10acdc5590538e42d3256b29b850dd6d87a01c5fb935741c9f8fe1f020869cfedeaa8b257c1e99fd88f9687aa899d412bba624dfd94da5185392c90769b6b798d9964a62be444b4c5b9945e6c6b6c7113a8b7a526d860b5c956e34cd152f67d024e313e6f3f1c56bb172b08a97e4254442f851d153b73be50c28e3cd3e73736bc3bf4b8cf5c9354c4b9a05a5e7666c521c47f476043ff461969fb1d888c40c49046c311e20efd6370d848176270cc96cb52ad7d446ef2ccee355a3f7aa22fba659b910b5ec9ce31343d384330db888a7967c760093b65a7a460576b8734aaf337bde5cd1b38eab722f7f47624ec93d2500cdec69520a3c838e8be13e5104a1a78b379700de93c1364a3674503668864b67ed06a6eab8383b04a5867eedf302b99e9fac0325d2b6151000d3274e204d4cccbba22c878bf06de5eb8379041218f00aed875a2b61a341c65a264de4fd85c754e8a39659169a77c66fece37f3bef68bc6d9fc5f4c1a5d7b23f7a106ebba6daa02b2dbee2ac197077dded68665a38e4dbc1a245b1699aecc81bae577a0d0cc82f106cf89f4d15cf7937908bcc5359918367a2fdb1bb4b0a35915b3748b58c849e9779188039b6f6013000c1e032edf0d1dede6585765c02ab19842e6cc53a839019d46e7b040a00459ac86c01b16ce1c18a1beb6989bd0e7e0d4edf6f1f98757404152d2da0df4ec898d2e862818ce402c8ac470c02b142893eb278b9b3d8c50f1d216254b78ad1571d58fdff0f3eec341090d48c9c8a3468b00ed07e0a00a8d6d25e9095a3abaf470233f63966021849963143c39811ba1e3736b277c428f50228a615727d8dfb08be199c3e32e99664214e33e9e7697d9d3199a5445ca96718d8cd48fb68de3557a42faaa70bba85752b50a9dd8ca9a269e04886023a7cf48b00917b935681ee7f9113081e31a5d66e79731b3cea896168bf1e57428374941d0dba1073cd07e0686a5e7056a095a177b28e6d0a45a56868b1baa8a6157730e923a0222cc16b583b9ee6c291e030fe42db96ca37a05055aa5b40afd26e037939b600201b5dfb43ae2fd5d7a37b58ace1a522460cf3d7dcd35a0ef9e53bee321eea9cf33638d194983d266cabb56a328e2fd30e0f47cadeb4db4056a687b6c568aa21249ad716d049df78822b1d4d7c7733a4122f3115db2e8e6472bf669b02d6260f835df02ba045ff6587c7296bb42ca92984b943b3c8217d1e4ff4b47e51737ac838fc22126e1313a0879847063806c4ebf32bb18dfe362acb7ddae44877312747d825cdea9f8dfd595ca82b2a87d2126abced36984848a5df080593f8facf020fdc31d7525fd145a29d9321ec3101acc3bed22994ca1fe28acd3c0d8b35dca561711913c61d46561a1102eefa42f28b69519bb7ae3373d9f650cfaea8601eafd436074d6fc99d3ad70d032bff96e0eca3c1db666830e4f9571e9d2ffff7345abda28fb3e9d91cd41bff3cd32cb010ed502279824b8cbe2c6b9321d648fa5c528e4e12194810698d4752181369785f74959abe47e594ed88bee791c392b1809c50c1b2fe7fee63f166d7044c5a9ddb827d1b960f42a4def8782f4baffe7ad15e0b8e3c34150ae57a6b0d4f3390b272044f54c586568b2e21f42e8198efed0a65557196c760c4f07a1104d3dd0c821d727b1b604787f8c6b4bfd120c1103ca08837ed3a7b21a10652321d4aef3a6d1c0d45f9b39b44ff816aeae6fa3c990509cef5bf27b05efc6e4f8d31c8e68300612d5f3efdb2c63ffd9eec2c5b7fe3855394070cb81da62dd496d20482658516e991cb111090aec878bb92199087c01c94aafd279ee346c09b4379bdcf22c177b9c2c7b7f8352c528ad77cc204a40415d3b11f8cf3d4da771b94eefd7362c48bd5f31cc5ee626ee26bba3d19c02b9ca33e6f94a0f8b99b83b4b3505252fa608456b2e25dc59adb434872fb5c02e28e69887875a35467a3eae2055513d4a5e27c9aa46c0ac60702d9e635d111850608f95c9338da2bec66906aa6b42f4bcf156710be7774a2bc928f5364fcd07b7eefe2b81d05c91b9bf7cdf83c4c86fa8c854cd5ca0ce120fe43532e14a236c1c930bdd7e436321bd609681331f2832e00749fc9e5c22170b5ae952739bd5826115dc427b8f5850cd852542d56eb844785f7c597be50e4335065eec3a39ed7a88b604418e96dfcf872e0700e1b59354b8cb8c1c96859df5133ad56a32600a5bb4a689e1d1b33d0dbbe4262b8a4f88fa10ef706914d12ab3492184e5111f5be9c2bd2d33baa2924035e2c0c2d32c73045cfb27d8fd221701750ea708d1bd1ed7252f1a4ef04556211bf63f8275462282f3fa29f56d89aff259fe462074d9886ea1da03ecf28f27e141e177c572d87e924fe7e687df22df72201714429198e45e2de70a60361802a7322ab0670ca4bf12cc61cbb6535389bd86e30d6c6605b9826f8f756aae1584915460928cd8921e16a627ba2c227390bc86251279a1750742c1ded8ef52f6758f8d17aaf1f383e813522a37b4692d465cc94d12908ed280c4567b2984dcf9b8b5f64f16c30f5b0e9c6e2f88c415ee321983d6261eaf8f24371e481c290cf27819fa0200b963057d98c4e4ac9bb6c5a219391fe4ff194c143ff84844aaa9849dac8eabfecd5332678241132bc74f6cb39b4b216a4c7cf5c57c805dc57188d09b0535e1185b3f6d9a11043caab67a6bc5d974e11fecfa41676dc3345865076559ed400170ff6f63b1bf9be997621ebeee0d08300733684474804b191acc8029326a0bd953607897be1405362d758e5cf55b55e75e3797c165ed3ab3f9533ead88d038c4912dc2b74303e1965920b06fc2e40281fef5e9eaaa6e7636bd845faf164e82f02bbce4e469c433184fe4d7ca41a059b50de040c18a9f015055b884c5bfff1c452c95555642298dab488625ab0cc89a2b81f80e33c82a2f790d0608790fef791a585a3ed7c2043e6744bb852e098374e45473543987deaea126282b0e166f9e5e61ba6ed1918c9f74a2bf8fb8c8d2b2ec98390740acf0384655ba5d2f3b3aca53224b01104a7d470c7a5cf725c5ae3f0a4c4abc4ac84eb78e1e7c69b87981be9a0caa3b823c775c349e6c373219a20ec4e6821ecb4d737dc91c5205b0ff23efc9f3db60db48d07c73f218ef972aa779b3e1251e976fe3431f841dbbe47e10529569d37dba4458e863a967dceda0e1cf7ee505074a26e4dde5834bb0d75104c57a4671ce677cfa565dbd9ca73f2237669733bd55c84397ac3e7885fcd97274ca091d198500d35600cd07a90b0e8345e329b2939b0ed8b1b90215f79ca93d60282cb85a8a2c496f52eaa52f7a983696148b93facf451a84e2175796b1fabd969b1ed648f63d4cda08e6559055726bdfbdb0efef8cef96e707c9f97fb9486ebf21c9b0a89515dc1b20c10b6aa88f48bf11f071d2db254768c66335864e703fc0b03fc4b05039e38c33642ad4420bd2b2a0a39a25f650c235c0a0de48f1d4dea74e0c9139b4864d8f87a8906cbeb84c4a455a1570d02657c82e42e57ae98a9c6089910f2192b8a8731feed5ff8981bef2f172816315e427088d40c8b0cd35dae0e23f7d5569b90ac2ce7548a10a9ee55a35cdadaeb642e7c81470293ec6d9aa2e10b9f8ab5413dc48ced9b406e2f235c75b2840b5dbeaee0d0afa20455793dfbb0a7556744bde12ba481223c5665e8e3fe22722a145359bc0a50f6e05df90e7b9873f4877de390a4e9c31fb2e61f39b164ca9ff160981dd4e2b5e9eda5614728725e9464545cf18239250501f2ac51008eba3c1bedb5d400c942dc713e4b87fc1d96a4aafaa9e2a86cf0b1ebbb457f3b3a505b319e9d718922e5a8c55e3587b7011025d08f688dc61aa62606e00baa69194e745997a617786d5dc63ee9bfaf3169d68a517811aa49fd5a89edca0ae39dc6bd5dccc6b5a0660023d6a3eb702027d8dfd1cbde6525c843c2badffe3e7d8e9a5c9c19c20b72d878bebc74d5209c2d52328a80d8aff13643c068818d6f18023e1f2df1643c3f6206752f770eb6002885cc4fcbe6f2043d671b361fd33f775ae39ef7b5ebe71c3f09fcb5ed39db76253ba2899f008c12ff11d63ac164501c84e50bafc9d4021d1b68c14b7f808d367661f6ac28416ddd8de1c3207aae9d95955b0d77ce1541e81d125a848ecc967253935a3fe4ceb25cd92f63a5c42ac1a4e934c6d641af5c4220c9d27a2d0b571ee8fd17b4daa5636b2217883eae1c84e37382100f2eaf88c70e42ba3e11ab66f79c85b448fdbaf577c9747e1470b7ee3b904070f3a813dc8826a030b2fec4ddf6fea1b2f852c054ee739c52c12ac4a89b5a3212722130da8871c251b739ed3c28e27f5360375236d46b4301c5786059e54082f39997933e2c742a6218072a372510ab5f01371ceec37160e3d5180f2a953f4fbde2812a39728d01639642f330ed858edb745e417c9349165e76c68718211972167d74f33f08a436247a173efef2fd807486651b01d699f90411a9aea3e9bc28e601f9e6f04ebe2d83d785f3ec89464cb074bc7c066d8c9e4486eae4b57a707605744438187e572a2653f3cd394d3d6d394e442530012bf3e985603c351883a38d192572b3485dd7f165e40f63ad65c22684638ba10b002357bc30cdfc678646b1d036a38ef6310c40ff52cc4fda4936e52bfe420674f527522c6e343409215efcf486f041ee015945182f504c5fac7a57f30199bea0a317e868974587953220e3bd07dd79af31c91930af280f8b5f170d5511a94d7829deb44fe2021dc4ebce091bc7fccd54d3954797c0983f527e0f1179b0f64ff1b64fbc33847160cf77d21af53659b4450c07c2d34bf72345835c0ca75624e4654c74aeb607764701311cae75faa14a63dd1f287b206faecc7f8878b1e8fbeb2db5c96", "57b476ce5446660a3983577794421b0b66adab6130fa474d05b17903d64e7b843e9be22490d032256325b69fd3f6915ed62ab7a7a5fb56a9340412a10f87c1471a509086339e499a563be2d6ab7e688c7405ffad076a69ee9006815a4b2151a1471290f100d26cb5a94274ec7a17f27c5532d064913d799fa5b63f58997e334a443cfe1cc8976a28a60bcf36d560a03fe3d241af679d167fd553313afed89f89d63afdbc01ab568ee3174285a81a304b0090c76aec65bec2cdb40f12656625c69339984807142ba9b7ec1b407f6f620c0aa533edb4252576d3e2f980dcd3b4395ec63c876f5a44a9451689fae8ca5d03eab67ac802de592d964cbd4c0e4408a4b04de0c2d6af9ec126e782f195fb6a6eba2f0c6485992a7ed36e14bd5f01ab8d8e7845ccc908497a3d90f4db4a77c26b746e74ea6df721e242cdc447e0ee907b9d71ed4608c499c5ae1fe7ebde87e6000fafb45b8e7f660a012f04c71e192cb3e31c0d60044cadeb75757824bf8a5e25361ae86386e415c0b5bb02b385d01ab6cdde6c08352394a5d42a93bf6ff7bf29851a9920840ecf2439560e05b2996d80065c36adcc6a084f6e3964f649f30463867acd6b0ec09076f6326ab7a76efe748c92a6b73935d5c2e1aecaa364e85c2a8c8e003ec7382ec793c21d9ac609e3bb865dc8422984a3fc11c7ff8a13e7c6343213b7ad5cc074d981c7b4743fe6eb7ee039725b5abf5d2502e38511c58b4d8c99d72dd2da72bf02c0424c7eb5ce43807ab1ad2e13d8ffc6c2232e91eb93c01dc2e6ae05973e6b98c192573fc7abef26db877f3ed1cca13689809fb6ce93f58b67646974d226535877897c7d2619333db4857d08a2f489a08d58a7980a3a2593618e7d3e5a4b99b29cee794f723a0f9cc0183f7933b80979e56c5ad6a9172ff0e1848612048bcdc9a9e7cca346313eda7a16a0ccbfcea8265f1c2cba831a25e18506093e1736599855f093af179b944b75166cce3e7b7539b96b1fe4cf9aea53a65cf637f4b3d57b79200764219732a0668aaac8d63161d4d362f9f3fb6748c78dc80d2fe04004784f4202fd63b2709c6f2fd0b959b34e58f0c34d5c8e6f32ec0fa7a45fc119812bda11f5eb77ea51e1c5322035e7051b77eedc83cced17da4d25ae9f6253384fd2a9bca40b649fcd1ee3fe6e1d60dbe8b0af4a8d3f0a24aedadc5650811d2af9388246ccaefbd737a5d948273f2470e77a3ffa7b11789087ed6dc0e902a1cc725c0ea216069ab5c8b40ca65b4747a4c6d74391cac4c634a6830a3403ac71559b4c47aab33bc43a92cc61cfcb8ed69d517ce990d2aa2b2d314e892e712f4c26d8a95664e34bd3b0ce08fd93660e8ac521cf0ece14523a75c0cb665e7af3b3543c2bf5bb1ea5b5e951b83213652c5b8958a9a60de0765be1c1b7baffaa2fd7a6569a2be268ab8c69e74e23c475d99ae89072b1b4394cf06815f7173d9bdf79e92a458a5b7bf5cb8ce4be7eb55fde9496dc63d9a5b45ad3d315de6fc670e86e16cdae390c774ad5d1d261abedf0c9e6f6356199a846b8f22ad4ff329baccaddd4b4697863bfcc26f5a38f134fb1ab407a50fc1b085792394863d17c071b01b1e373a8bd8b7830e0bb11019f1aeffddba09335803d3301995ad38a9abaacf286b23d876a9ad0916fb65b810b8973d479128b24cce66182ceb9c5fa31cb439db42af6c906650ef8c35e6be6d406361324d5c66502fdfdee86f9432f977bd1c15a2477bdbe881d878d491281e3a6d8aeabbdcd22974f91c7bce4da333db82569b82852029072b026a89abb3bce5bcc69fd7fccb6b7579cebc6b24a6c542c028d0ff481e663446351e785b38b0d830bda5aef23e3b0aa404a90b6e08a1a75ed539169115684e009d6f106737b681a8f461acfeaa011320073b11d986029b81dd009eb6f85a39ca6aa6a63c7432e0254057d2c2ca52dc6c04d3c59e1b336b8af72c4c2a52b0d11f4ce7d8a2a28039c3c0307cd5a628541586648bb0937b03f7c42362b733cf2254897a06679b68908d80ccd6e63ecd2f7dadab61e9038d85b0b90ff724a0d6a99945c59065f9e42590a680d9ca535c3817787894b4cd9a7be09d8e09732d507180497a34ead50d6f2c2186520fbbb4e884ce4bc33cd1cb5e6524903460915cc4a8b56014eb13c020846fc0609a53c93631ddc54dae8446a3f8a188fd629231a9ba36f9b94bb4800bb3b8d5230c390b577979ec7a8501aea8876be2e971a189fce50f534e26e129e80a248ddea13b763645765b8b3be2e7a134966ec706a168279de8ddc986cbc249e91b7b9995e2039dde89712805ade80cae2ceeea772b701a9bb8cda2017606896964309a1267fd0c26bc8a292689aef7484ab19d47c946ffd8b2d371b1cb424a00863386b8c0de539dd3ac27466ab5235d3b6e182d8db5091c401cf5aada4878a064c0b506f6616c12bcda5bcd8dba55e5abc4c804563c13cb257439a4decf496bbe47974cdb3123b1a9ef176d9480a83e548caa2a865551e1abc9b17b5d8a629bbcc5c8f6ad6fb2ecd5a10c749e30746a5fb26fdd2aba1a15ce03abfc0bd4ba153afee563c2c2118892968dfc452c4d17c95b2caed8118d3fe25e7d92934c0c237227bfcb9b26831960cda0f15abcbc3e95a712feda42a148a00ff73ef8c89477c47e5b927216e1e65a43f2605c1e8272ca1ac3a80c1659d2ecf1dc60c68618ca43dbe128b226241f34c42bbab32d655e928ad1bf7aa60d9995dce160dd1b47eba9f7a04758dc76f703c4bcf7b456c4270114fa7f030a98ce3489e8ab894aea73a51e20e2805a210df015ab10de45d36fdcb0fb17b7d770a90a858cfe5dc78e261628aa7e3caa41aa2fb124cd1fd2b71d8f110ecb1bfd85ad3ba046b2d6351e390b3b72e8f7a5d2ff8d1da2c4f8e33b2babb3fa69cd56f8f8b26616f668b3c12aeb397cc33962d1929e52c8798687b547a3446202c434425af2c78162f9b4587eae2b5ad853c0a65b7ba58b4f6df1b130b3b69851186fdf487985b8b4b18b411bff064166c800747f0dfdae8b859cc145f0c1d0fdc41bc118e0139fa6f057d24b57ed26fcb3538fc3bf5786ee0f6f1d84ad3d4d92b2af1b236282eb1ce49b2789ec613c1d25a0eb83e51108d4488e4fee4a70fe41af707a5fd4cd5b78b9fe4fefa29abadc8290d9123f5c9f868385f917629f955c629ae5d9cb9227212757af47a076c35314c3fe2d2333ac16ad450fd8d7a37063b52c82f47d9162f00f69d33d4115c9cfa96f8b695952f6b178098249972358f09df0b2231c82b87d1d7193afec50bae0db3979b5d30e2394b0bea97cffb34dd2ff5d2df706c8079748cfe3639f3a913d33e7f5fc3a1a3525e3a1f2acfb5855d13da5a252152d20e8c9d08d7e067cad35b0db4ca4e9860a46f535e590ce6ed37c10d2263282b9f9ba504fa20c34e63593bfd5a453af7e0fd4d34d7fab96748bff1e308372123cfa1a2a1b828fac6d08e8b935b88bf1037445d990d9cd30ff60165fc6e99b83ec50019cdd06145ca60360588166d493d73db7974c6109fa6642b6e2dc73c6140bbd561cac403ce353c8477286aa2aadf74cda4e8cb631c282263df9125d940a14948921e530b9c077fac9302c2386c93a991746d380e4523b94dcda323dbfe3420e7ffc627d3767c805e95abf0ea238b7a386b2e0e16060e76872b84bd2743b500c715c3ee4cf959a217a8d30f74db83b952769ffdd72849e05ad3ac995219c80dd1b5af1dafdd87e314d8710a52f6fb7f229cc04fc2921f0e67a9cb9d40f0af07c630ab660d0da4b320cdef264c4954b33803215875550a6e8f9d80230972b30d109993bbc1dc6e14cefcfc49c0f27ad7c580beb5c463634ce2148888e3201a9c835c11aacd8c382562826c445f7892277e59e6e22f6e63da3c78c299a56e8238e3e0f6987b8f71152f61a72a0232d9ae9bcb52a20fd7a30e67af69dba1cad89042175761692a30e9f5beed4a642a502e8dd1771c38b2acec99a49ba7c084424a3530596b3338f1d18276da3547d0c72d88205f579efd6fd1478744098ca445fd8caee522891e7343a7d36b67905a7e766a9c66c07bc6305fdd6a7003564ef1b3b94914d3d2e984e6daf1cc622fe8493324514ed4b6211316edf4e3933b1b228250fab5fb4e889ecd1b1a4066fa71d2e953d11b4235084181e215a0cf97b8c9cd27c502579268fe1e42ce1ddfe6ab15056c4ab8bd8b7662cc28a956226a13c48864628995952b2e37a7efc952d67b80bf0bd6ba6bb7b47a6fe770a5d06c8a172ecd825406a57dd1bd163ad207d49d4f808617b7f052e2d831071369de4c25017b513d847b9dd6a7319afb0bf19ab1021ceddc24f3357921314ef22d8702a3f050485ba1d9620312e2f222bb09f1fdf71dc4aaf7690ad99d1c3fb03d1796878c9d8e52e56225d339f3496ff1e6b36b1913a2757a493fb140d72339f944a732a4c70989ef715d8345ddf3e02ca870e9f7822826812219f6a3d1b37e14a76063083133ea79224a33a271ab98e4ceb7c7955aee7e08cc015cff25f9a0d868aaaf719afe16c0673c8faa5929b62514aa1b721c43c7c3d97fdc4958f1ee686ff9afb8e7bb1b68679b125a77a49ab3a9186592e62525b24c28b43995e1738c0943868347f0b73dc7785b679a3dd697f119c03e4f31eedbc95bb0ec615b965ddc7a88ab5f1919d279cdc0f7a62d045c29d0c6fdc7fc0ff348df01228a452283ee12b54e8579fe86f2806d9e84b3ba368cff95cb6faa2e3dd147c6dd4f5bb4bb60777336dafdbb4373f87cefcd7ee6da404970362869e1f5f53ac8e1a1a3b24b92b18cfc5c2af9d7e3746f9a359510835e6ff861329881a627230970df818f88ec2cb2342cb38192b55b0ac825488eb35b78289090519241171fb904e9f9f0a27173fcc42208d3a092ea74a0a7f9640769c32826dc3664d73c2e6def87c399ba7b629bce2b65589a95c304c32449bd50975743e2dd3809ef1f89af29476b882eefc43ae8e2e1db2000d4c68255b021d9877a166fd6180bfa73d0badd49b0dda52faae38d651433466e325ace2e2f78764488908d17aad2d65eef2f8d204f8426c73c954f622a86a589740d39ca7a0f75596a93755a5c336a3ea6fadc86f4588ba21717c398f1ff35e34e1984f3892ebc90fdc6f4bcf2b5ab9556d0adf7e0e7c526664aeb8865ed5d92cbe2fa7c9caea4e544b3a9e9384fed0c5d95a1e927c39886026049a98d395a092a35ec62013c9879ea24d0f9d6aaea9c8ef82707d586a649e304c51fe237f567eb59ad4d59ead756dc8c0f6798821de0432a4bc3e0f2a8af9b67ef306626d534c0744ae267f0412a655a1df652e77bb48c66d677a25d65b1fb5f7416c7b22b3a522b21d5e05056e5b65a95d760e9a7215dd3ec7bf588898337ecb06eedd97236027a1406ffd5f24f4b1cffd12cd70dc54a7bb2bf1d98e770f341774933133a72704aa631bb032d3f2dce7c7487dcd2ce3eada31a3d0719b9e0edda651199fbe2990d951a5c8b4aa4625567f487cdc891933b7be08ae70b3618a9260dd5c52e78554e77dbfb3d1095ed6312e89859363c93ee6c3f9e1f9db69b933922e8bf416d79fb1955a45d50971bcdcff3d8cb0aa2cf08844716bd9d10ed20ffcdb4191de3187ec5a5eeb0c6efba192c2f01d72c3030cdfa50ffa47d88e3d9e83a606f66914fde60e1d4645118a7fc9988b10c4df93e3053cc72efdc6edd9a87d078e49cd6be548c1f0656b9deda8cefc5a809ca4bf357151ac582c1cae27b7c9eaa017c"}) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000002ac0)=0x40000000000000) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000480)=0x100000001, 0x4) mount$bpf(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000004c0)='bpf\x00', 0x2000080, &(0x7f00000005c0)={[{@mode={'mode', 0x3d, 0x8}}, {@mode={'mode', 0x3d, 0x2}}, {@mode={'mode', 0x3d, 0x4}}, {@mode={'mode', 0x3d, 0x1f}}], [{@euid_gt={'euid>'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@dont_appraise='dont_appraise'}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@context={'context', 0x3d, 'user_u'}}, {@obj_role={'obj_role', 0x3d, 'port'}}, {@fsname={'fsname', 0x3d, 'port'}}]}) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x400000, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000280)={0x2}) 18:09:36 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000300), 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth1_to_bond\x00', 0x2}, 0x18) ioctl(r1, 0x800000000008982, &(0x7f0000000080)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="290000000600000000000000000000000400000000000000030000000000000000000000000000000069127fbcdab56d0f1f4cb25800000000000021b0c9e06ea050325f77726e71bff4c99eef500ade32c424020f322903f5bad93a"], 0x5c) ioctl$TIOCNXCL(r0, 0x540d) perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x0, 0x82) getsockopt$inet_buf(r1, 0x0, 0x27, &(0x7f0000000440)=""/237, &(0x7f00000000c0)=0xed) r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000100)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r2, 0x40140921, &(0x7f0000000040)={0x0, 0x1, 0x0, &(0x7f00000000c0)}) [ 271.522431] Unknown ioctl 21382 [ 271.625869] md: invalid raid superblock magic on ram0 [ 271.656630] md: ram0 does not have a valid v0.0 superblock, not importing! [ 271.693570] md: md_import_device returned -22 [ 271.699910] Unknown ioctl 1074554389 [ 271.727444] md: invalid raid superblock magic on ram0 18:09:36 executing program 1: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002840)={{{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f0000002940)=0xe8) syz_mount_image$btrfs(&(0x7f0000000500)='btrfs\x00', &(0x7f0000000540)='./file0\x00', 0x3f, 0x1, &(0x7f0000000580)=[{&(0x7f0000002780)="7c28cd3bfbeb616aab58002b93c6a6c0d0e0ac231ea8e26ec65f21044d2b3dc53c6e3de2aa4accb8e64f1479074910ed955652fde76856820ead2f0068afdf65c1f30eae59bc54fb0e75d24d9bd6e1dcf18360af74b4c675a68cb3d72d3aa6a2921d5e6af8122a4997ffa38ac23c8cc221894e7bc326f1c887a46cea5378f1a627c10b15782e2a9255090a69c693ad945e7b62812bcee65c61a5aca09ce2a0acd2fc9e70b5a4a0a46e059cd99e56f1e21420c7e1c0bde1c05bd888", 0xbb, 0x10001}], 0x2840, &(0x7f0000002980)={[{@noinode_cache='noinode_cache'}, {@nodatacow='nodatacow'}, {@nodiscard='nodiscard'}, {@nodatacow='nodatacow'}, {@degraded='degraded'}, {@datasum='datasum'}, {@compress_force='compress-force'}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'fsname'}}, {@audit='audit'}, {@obj_type={'obj_type', 0x3d, 'func'}}, {@uid_eq={'uid', 0x3d, r0}}, {@hash='hash'}, {@smackfsdef={'smackfsdef', 0x3d, 'vmnet0%'}}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@obj_type={'obj_type', 0x3d, 'func'}}, {@smackfsroot={'smackfsroot'}}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x3ffffffffffe) r1 = memfd_create(&(0x7f00000000c0)='port', 0x4) setxattr$security_ima(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='security.ima\x00', &(0x7f0000000380)=@v2={0x3, 0x0, 0xa, 0x100, 0xc7, "1364c660acd0af334681b61873b773c8de79f80b9938a7bce737a9be3ed72590eef3267b2cb6305512a1afa4923e84caa4374e4cd4ece4eda0788180473f50fa9b5af5b8a4556cd4493456e8d82dfaee3ad10cc45f59503670e3978f7a2186763c676f5377b27ab36e8701e830802dd9802f942b97485c1a6866404cda26e2bf2b36ee4d01bd26b82d4f80f1205a1e05c435115156ed39af732b2dcf8c35ca621f7cf43e124930a7d4dadd1250b6c020010aca5346f9e4ba998d8f6b4bd063a314c5bacb122286"}, 0xd1, 0x1) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000001c0)) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) truncate(&(0x7f0000000240)='./file0\x00', 0x0) ioctl$KVM_SET_NESTED_STATE(r1, 0x4080aebf, &(0x7f0000000700)={0x3, 0x0, 0xffffffffffffff1b, {0x6000, 0xd000, 0x1}, [], "28b5048419d1046930797ea8cf8e10574b344f85f0e812cb4f9d1b87fc38c5614aafb485737cb2f31838e55613e5c5e3de1f85066e68d512f49c5028ff1e5e7e4430aba40318705f08738f50f0f28fab040a0a547563907029ccfa58a5860b259a9f7a37c6ace53f71a4352da52d6581ba3cb3861b0ecb7a0298ab59f430796fff8fe40cc1761ccda6b7024de7cd35ef28e9dbe67feea8274ba9b7b9fdbbe214f6b55acc695f075ea1f9a39bce13b1cb36bc919f1740a1c68848a1e3c3fbe47739b70539585a923f2d19f3a6cd3736feb3ee9dec0168d57efe864d87409390d19f0a0276e484f9de4aa1904567615800bb62b0d2ee2ef9fcc688572f8c230ed05d592e7746b84f30605b8e42deebd6866f2960d8bcc59ca9527e4acb1d26113b43ab1dc2117fbf6c61970a1036153355dffb6afdddcf791520fd1d3e8529a0099698f1bf821e1355b9865acadf68374ed93cf1fbc0f0d4bf668562c8a1443ad987528a19b33044ba2541fcc659a1beba1a68762c0064a9b0ba827bb0c2c6ab7dbc254bf977eb9f3d015d3a0e31f7563acde9954b35cbdbd12474c9a2cec0676167bf325314b5af94ba71b05c40acb75602cb88855930cd77218d71fda327c306a0be1376529a38db13f6cd5ec263e7a752b0797e9b02b5db5277d2d2246e4e7cea3a45919f39f7558f5f6b3f3b73968a69c4dd6309846c04bfd40a3566963a10042b3b6ddb7ee6aa2b0a715f5a026878b52c4236781e9cb53d8e70010d312899ed8c655e8b8b3dde5a1d20c3dbb695a0f1c1d961d33cee4827dd8f921e233130227d1db0cd985a1a70095c9a0414b3f0eb016dc121dc88e18521c47b6f7cf65f04dec10acdc5590538e42d3256b29b850dd6d87a01c5fb935741c9f8fe1f020869cfedeaa8b257c1e99fd88f9687aa899d412bba624dfd94da5185392c90769b6b798d9964a62be444b4c5b9945e6c6b6c7113a8b7a526d860b5c956e34cd152f67d024e313e6f3f1c56bb172b08a97e4254442f851d153b73be50c28e3cd3e73736bc3bf4b8cf5c9354c4b9a05a5e7666c521c47f476043ff461969fb1d888c40c49046c311e20efd6370d848176270cc96cb52ad7d446ef2ccee355a3f7aa22fba659b910b5ec9ce31343d384330db888a7967c760093b65a7a460576b8734aaf337bde5cd1b38eab722f7f47624ec93d2500cdec69520a3c838e8be13e5104a1a78b379700de93c1364a3674503668864b67ed06a6eab8383b04a5867eedf302b99e9fac0325d2b6151000d3274e204d4cccbba22c878bf06de5eb8379041218f00aed875a2b61a341c65a264de4fd85c754e8a39659169a77c66fece37f3bef68bc6d9fc5f4c1a5d7b23f7a106ebba6daa02b2dbee2ac197077dded68665a38e4dbc1a245b1699aecc81bae577a0d0cc82f106cf89f4d15cf7937908bcc5359918367a2fdb1bb4b0a35915b3748b58c849e9779188039b6f6013000c1e032edf0d1dede6585765c02ab19842e6cc53a839019d46e7b040a00459ac86c01b16ce1c18a1beb6989bd0e7e0d4edf6f1f98757404152d2da0df4ec898d2e862818ce402c8ac470c02b142893eb278b9b3d8c50f1d216254b78ad1571d58fdff0f3eec341090d48c9c8a3468b00ed07e0a00a8d6d25e9095a3abaf470233f63966021849963143c39811ba1e3736b277c428f50228a615727d8dfb08be199c3e32e99664214e33e9e7697d9d3199a5445ca96718d8cd48fb68de3557a42faaa70bba85752b50a9dd8ca9a269e04886023a7cf48b00917b935681ee7f9113081e31a5d66e79731b3cea896168bf1e57428374941d0dba1073cd07e0686a5e7056a095a177b28e6d0a45a56868b1baa8a6157730e923a0222cc16b583b9ee6c291e030fe42db96ca37a05055aa5b40afd26e037939b600201b5dfb43ae2fd5d7a37b58ace1a522460cf3d7dcd35a0ef9e53bee321eea9cf33638d194983d266cabb56a328e2fd30e0f47cadeb4db4056a687b6c568aa21249ad716d049df78822b1d4d7c7733a4122f3115db2e8e6472bf669b02d6260f835df02ba045ff6587c7296bb42ca92984b943b3c8217d1e4ff4b47e51737ac838fc22126e1313a0879847063806c4ebf32bb18dfe362acb7ddae44877312747d825cdea9f8dfd595ca82b2a87d2126abced36984848a5df080593f8facf020fdc31d7525fd145a29d9321ec3101acc3bed22994ca1fe28acd3c0d8b35dca561711913c61d46561a1102eefa42f28b69519bb7ae3373d9f650cfaea8601eafd436074d6fc99d3ad70d032bff96e0eca3c1db666830e4f9571e9d2ffff7345abda28fb3e9d91cd41bff3cd32cb010ed502279824b8cbe2c6b9321d648fa5c528e4e12194810698d4752181369785f74959abe47e594ed88bee791c392b1809c50c1b2fe7fee63f166d7044c5a9ddb827d1b960f42a4def8782f4baffe7ad15e0b8e3c34150ae57a6b0d4f3390b272044f54c586568b2e21f42e8198efed0a65557196c760c4f07a1104d3dd0c821d727b1b604787f8c6b4bfd120c1103ca08837ed3a7b21a10652321d4aef3a6d1c0d45f9b39b44ff816aeae6fa3c990509cef5bf27b05efc6e4f8d31c8e68300612d5f3efdb2c63ffd9eec2c5b7fe3855394070cb81da62dd496d20482658516e991cb111090aec878bb92199087c01c94aafd279ee346c09b4379bdcf22c177b9c2c7b7f8352c528ad77cc204a40415d3b11f8cf3d4da771b94eefd7362c48bd5f31cc5ee626ee26bba3d19c02b9ca33e6f94a0f8b99b83b4b3505252fa608456b2e25dc59adb434872fb5c02e28e69887875a35467a3eae2055513d4a5e27c9aa46c0ac60702d9e635d111850608f95c9338da2bec66906aa6b42f4bcf156710be7774a2bc928f5364fcd07b7eefe2b81d05c91b9bf7cdf83c4c86fa8c854cd5ca0ce120fe43532e14a236c1c930bdd7e436321bd609681331f2832e00749fc9e5c22170b5ae952739bd5826115dc427b8f5850cd852542d56eb844785f7c597be50e4335065eec3a39ed7a88b604418e96dfcf872e0700e1b59354b8cb8c1c96859df5133ad56a32600a5bb4a689e1d1b33d0dbbe4262b8a4f88fa10ef706914d12ab3492184e5111f5be9c2bd2d33baa2924035e2c0c2d32c73045cfb27d8fd221701750ea708d1bd1ed7252f1a4ef04556211bf63f8275462282f3fa29f56d89aff259fe462074d9886ea1da03ecf28f27e141e177c572d87e924fe7e687df22df72201714429198e45e2de70a60361802a7322ab0670ca4bf12cc61cbb6535389bd86e30d6c6605b9826f8f756aae1584915460928cd8921e16a627ba2c227390bc86251279a1750742c1ded8ef52f6758f8d17aaf1f383e813522a37b4692d465cc94d12908ed280c4567b2984dcf9b8b5f64f16c30f5b0e9c6e2f88c415ee321983d6261eaf8f24371e481c290cf27819fa0200b963057d98c4e4ac9bb6c5a219391fe4ff194c143ff84844aaa9849dac8eabfecd5332678241132bc74f6cb39b4b216a4c7cf5c57c805dc57188d09b0535e1185b3f6d9a11043caab67a6bc5d974e11fecfa41676dc3345865076559ed400170ff6f63b1bf9be997621ebeee0d08300733684474804b191acc8029326a0bd953607897be1405362d758e5cf55b55e75e3797c165ed3ab3f9533ead88d038c4912dc2b74303e1965920b06fc2e40281fef5e9eaaa6e7636bd845faf164e82f02bbce4e469c433184fe4d7ca41a059b50de040c18a9f015055b884c5bfff1c452c95555642298dab488625ab0cc89a2b81f80e33c82a2f790d0608790fef791a585a3ed7c2043e6744bb852e098374e45473543987deaea126282b0e166f9e5e61ba6ed1918c9f74a2bf8fb8c8d2b2ec98390740acf0384655ba5d2f3b3aca53224b01104a7d470c7a5cf725c5ae3f0a4c4abc4ac84eb78e1e7c69b87981be9a0caa3b823c775c349e6c373219a20ec4e6821ecb4d737dc91c5205b0ff23efc9f3db60db48d07c73f218ef972aa779b3e1251e976fe3431f841dbbe47e10529569d37dba4458e863a967dceda0e1cf7ee505074a26e4dde5834bb0d75104c57a4671ce677cfa565dbd9ca73f2237669733bd55c84397ac3e7885fcd97274ca091d198500d35600cd07a90b0e8345e329b2939b0ed8b1b90215f79ca93d60282cb85a8a2c496f52eaa52f7a983696148b93facf451a84e2175796b1fabd969b1ed648f63d4cda08e6559055726bdfbdb0efef8cef96e707c9f97fb9486ebf21c9b0a89515dc1b20c10b6aa88f48bf11f071d2db254768c66335864e703fc0b03fc4b05039e38c33642ad4420bd2b2a0a39a25f650c235c0a0de48f1d4dea74e0c9139b4864d8f87a8906cbeb84c4a455a1570d02657c82e42e57ae98a9c6089910f2192b8a8731feed5ff8981bef2f172816315e427088d40c8b0cd35dae0e23f7d5569b90ac2ce7548a10a9ee55a35cdadaeb642e7c81470293ec6d9aa2e10b9f8ab5413dc48ced9b406e2f235c75b2840b5dbeaee0d0afa20455793dfbb0a7556744bde12ba481223c5665e8e3fe22722a145359bc0a50f6e05df90e7b9873f4877de390a4e9c31fb2e61f39b164ca9ff160981dd4e2b5e9eda5614728725e9464545cf18239250501f2ac51008eba3c1bedb5d400c942dc713e4b87fc1d96a4aafaa9e2a86cf0b1ebbb457f3b3a505b319e9d718922e5a8c55e3587b7011025d08f688dc61aa62606e00baa69194e745997a617786d5dc63ee9bfaf3169d68a517811aa49fd5a89edca0ae39dc6bd5dccc6b5a0660023d6a3eb702027d8dfd1cbde6525c843c2badffe3e7d8e9a5c9c19c20b72d878bebc74d5209c2d52328a80d8aff13643c068818d6f18023e1f2df1643c3f6206752f770eb6002885cc4fcbe6f2043d671b361fd33f775ae39ef7b5ebe71c3f09fcb5ed39db76253ba2899f008c12ff11d63ac164501c84e50bafc9d4021d1b68c14b7f808d367661f6ac28416ddd8de1c3207aae9d95955b0d77ce1541e81d125a848ecc967253935a3fe4ceb25cd92f63a5c42ac1a4e934c6d641af5c4220c9d27a2d0b571ee8fd17b4daa5636b2217883eae1c84e37382100f2eaf88c70e42ba3e11ab66f79c85b448fdbaf577c9747e1470b7ee3b904070f3a813dc8826a030b2fec4ddf6fea1b2f852c054ee739c52c12ac4a89b5a3212722130da8871c251b739ed3c28e27f5360375236d46b4301c5786059e54082f39997933e2c742a6218072a372510ab5f01371ceec37160e3d5180f2a953f4fbde2812a39728d01639642f330ed858edb745e417c9349165e76c68718211972167d74f33f08a436247a173efef2fd807486651b01d699f90411a9aea3e9bc28e601f9e6f04ebe2d83d785f3ec89464cb074bc7c066d8c9e4486eae4b57a707605744438187e572a2653f3cd394d3d6d394e442530012bf3e985603c351883a38d192572b3485dd7f165e40f63ad65c22684638ba10b002357bc30cdfc678646b1d036a38ef6310c40ff52cc4fda4936e52bfe420674f527522c6e343409215efcf486f041ee015945182f504c5fac7a57f30199bea0a317e868974587953220e3bd07dd79af31c91930af280f8b5f170d5511a94d7829deb44fe2021dc4ebce091bc7fccd54d3954797c0983f527e0f1179b0f64ff1b64fbc33847160cf77d21af53659b4450c07c2d34bf72345835c0ca75624e4654c74aeb607764701311cae75faa14a63dd1f287b206faecc7f8878b1e8fbeb2db5c96", "57b476ce5446660a3983577794421b0b66adab6130fa474d05b17903d64e7b843e9be22490d032256325b69fd3f6915ed62ab7a7a5fb56a9340412a10f87c1471a509086339e499a563be2d6ab7e688c7405ffad076a69ee9006815a4b2151a1471290f100d26cb5a94274ec7a17f27c5532d064913d799fa5b63f58997e334a443cfe1cc8976a28a60bcf36d560a03fe3d241af679d167fd553313afed89f89d63afdbc01ab568ee3174285a81a304b0090c76aec65bec2cdb40f12656625c69339984807142ba9b7ec1b407f6f620c0aa533edb4252576d3e2f980dcd3b4395ec63c876f5a44a9451689fae8ca5d03eab67ac802de592d964cbd4c0e4408a4b04de0c2d6af9ec126e782f195fb6a6eba2f0c6485992a7ed36e14bd5f01ab8d8e7845ccc908497a3d90f4db4a77c26b746e74ea6df721e242cdc447e0ee907b9d71ed4608c499c5ae1fe7ebde87e6000fafb45b8e7f660a012f04c71e192cb3e31c0d60044cadeb75757824bf8a5e25361ae86386e415c0b5bb02b385d01ab6cdde6c08352394a5d42a93bf6ff7bf29851a9920840ecf2439560e05b2996d80065c36adcc6a084f6e3964f649f30463867acd6b0ec09076f6326ab7a76efe748c92a6b73935d5c2e1aecaa364e85c2a8c8e003ec7382ec793c21d9ac609e3bb865dc8422984a3fc11c7ff8a13e7c6343213b7ad5cc074d981c7b4743fe6eb7ee039725b5abf5d2502e38511c58b4d8c99d72dd2da72bf02c0424c7eb5ce43807ab1ad2e13d8ffc6c2232e91eb93c01dc2e6ae05973e6b98c192573fc7abef26db877f3ed1cca13689809fb6ce93f58b67646974d226535877897c7d2619333db4857d08a2f489a08d58a7980a3a2593618e7d3e5a4b99b29cee794f723a0f9cc0183f7933b80979e56c5ad6a9172ff0e1848612048bcdc9a9e7cca346313eda7a16a0ccbfcea8265f1c2cba831a25e18506093e1736599855f093af179b944b75166cce3e7b7539b96b1fe4cf9aea53a65cf637f4b3d57b79200764219732a0668aaac8d63161d4d362f9f3fb6748c78dc80d2fe04004784f4202fd63b2709c6f2fd0b959b34e58f0c34d5c8e6f32ec0fa7a45fc119812bda11f5eb77ea51e1c5322035e7051b77eedc83cced17da4d25ae9f6253384fd2a9bca40b649fcd1ee3fe6e1d60dbe8b0af4a8d3f0a24aedadc5650811d2af9388246ccaefbd737a5d948273f2470e77a3ffa7b11789087ed6dc0e902a1cc725c0ea216069ab5c8b40ca65b4747a4c6d74391cac4c634a6830a3403ac71559b4c47aab33bc43a92cc61cfcb8ed69d517ce990d2aa2b2d314e892e712f4c26d8a95664e34bd3b0ce08fd93660e8ac521cf0ece14523a75c0cb665e7af3b3543c2bf5bb1ea5b5e951b83213652c5b8958a9a60de0765be1c1b7baffaa2fd7a6569a2be268ab8c69e74e23c475d99ae89072b1b4394cf06815f7173d9bdf79e92a458a5b7bf5cb8ce4be7eb55fde9496dc63d9a5b45ad3d315de6fc670e86e16cdae390c774ad5d1d261abedf0c9e6f6356199a846b8f22ad4ff329baccaddd4b4697863bfcc26f5a38f134fb1ab407a50fc1b085792394863d17c071b01b1e373a8bd8b7830e0bb11019f1aeffddba09335803d3301995ad38a9abaacf286b23d876a9ad0916fb65b810b8973d479128b24cce66182ceb9c5fa31cb439db42af6c906650ef8c35e6be6d406361324d5c66502fdfdee86f9432f977bd1c15a2477bdbe881d878d491281e3a6d8aeabbdcd22974f91c7bce4da333db82569b82852029072b026a89abb3bce5bcc69fd7fccb6b7579cebc6b24a6c542c028d0ff481e663446351e785b38b0d830bda5aef23e3b0aa404a90b6e08a1a75ed539169115684e009d6f106737b681a8f461acfeaa011320073b11d986029b81dd009eb6f85a39ca6aa6a63c7432e0254057d2c2ca52dc6c04d3c59e1b336b8af72c4c2a52b0d11f4ce7d8a2a28039c3c0307cd5a628541586648bb0937b03f7c42362b733cf2254897a06679b68908d80ccd6e63ecd2f7dadab61e9038d85b0b90ff724a0d6a99945c59065f9e42590a680d9ca535c3817787894b4cd9a7be09d8e09732d507180497a34ead50d6f2c2186520fbbb4e884ce4bc33cd1cb5e6524903460915cc4a8b56014eb13c020846fc0609a53c93631ddc54dae8446a3f8a188fd629231a9ba36f9b94bb4800bb3b8d5230c390b577979ec7a8501aea8876be2e971a189fce50f534e26e129e80a248ddea13b763645765b8b3be2e7a134966ec706a168279de8ddc986cbc249e91b7b9995e2039dde89712805ade80cae2ceeea772b701a9bb8cda2017606896964309a1267fd0c26bc8a292689aef7484ab19d47c946ffd8b2d371b1cb424a00863386b8c0de539dd3ac27466ab5235d3b6e182d8db5091c401cf5aada4878a064c0b506f6616c12bcda5bcd8dba55e5abc4c804563c13cb257439a4decf496bbe47974cdb3123b1a9ef176d9480a83e548caa2a865551e1abc9b17b5d8a629bbcc5c8f6ad6fb2ecd5a10c749e30746a5fb26fdd2aba1a15ce03abfc0bd4ba153afee563c2c2118892968dfc452c4d17c95b2caed8118d3fe25e7d92934c0c237227bfcb9b26831960cda0f15abcbc3e95a712feda42a148a00ff73ef8c89477c47e5b927216e1e65a43f2605c1e8272ca1ac3a80c1659d2ecf1dc60c68618ca43dbe128b226241f34c42bbab32d655e928ad1bf7aa60d9995dce160dd1b47eba9f7a04758dc76f703c4bcf7b456c4270114fa7f030a98ce3489e8ab894aea73a51e20e2805a210df015ab10de45d36fdcb0fb17b7d770a90a858cfe5dc78e261628aa7e3caa41aa2fb124cd1fd2b71d8f110ecb1bfd85ad3ba046b2d6351e390b3b72e8f7a5d2ff8d1da2c4f8e33b2babb3fa69cd56f8f8b26616f668b3c12aeb397cc33962d1929e52c8798687b547a3446202c434425af2c78162f9b4587eae2b5ad853c0a65b7ba58b4f6df1b130b3b69851186fdf487985b8b4b18b411bff064166c800747f0dfdae8b859cc145f0c1d0fdc41bc118e0139fa6f057d24b57ed26fcb3538fc3bf5786ee0f6f1d84ad3d4d92b2af1b236282eb1ce49b2789ec613c1d25a0eb83e51108d4488e4fee4a70fe41af707a5fd4cd5b78b9fe4fefa29abadc8290d9123f5c9f868385f917629f955c629ae5d9cb9227212757af47a076c35314c3fe2d2333ac16ad450fd8d7a37063b52c82f47d9162f00f69d33d4115c9cfa96f8b695952f6b178098249972358f09df0b2231c82b87d1d7193afec50bae0db3979b5d30e2394b0bea97cffb34dd2ff5d2df706c8079748cfe3639f3a913d33e7f5fc3a1a3525e3a1f2acfb5855d13da5a252152d20e8c9d08d7e067cad35b0db4ca4e9860a46f535e590ce6ed37c10d2263282b9f9ba504fa20c34e63593bfd5a453af7e0fd4d34d7fab96748bff1e308372123cfa1a2a1b828fac6d08e8b935b88bf1037445d990d9cd30ff60165fc6e99b83ec50019cdd06145ca60360588166d493d73db7974c6109fa6642b6e2dc73c6140bbd561cac403ce353c8477286aa2aadf74cda4e8cb631c282263df9125d940a14948921e530b9c077fac9302c2386c93a991746d380e4523b94dcda323dbfe3420e7ffc627d3767c805e95abf0ea238b7a386b2e0e16060e76872b84bd2743b500c715c3ee4cf959a217a8d30f74db83b952769ffdd72849e05ad3ac995219c80dd1b5af1dafdd87e314d8710a52f6fb7f229cc04fc2921f0e67a9cb9d40f0af07c630ab660d0da4b320cdef264c4954b33803215875550a6e8f9d80230972b30d109993bbc1dc6e14cefcfc49c0f27ad7c580beb5c463634ce2148888e3201a9c835c11aacd8c382562826c445f7892277e59e6e22f6e63da3c78c299a56e8238e3e0f6987b8f71152f61a72a0232d9ae9bcb52a20fd7a30e67af69dba1cad89042175761692a30e9f5beed4a642a502e8dd1771c38b2acec99a49ba7c084424a3530596b3338f1d18276da3547d0c72d88205f579efd6fd1478744098ca445fd8caee522891e7343a7d36b67905a7e766a9c66c07bc6305fdd6a7003564ef1b3b94914d3d2e984e6daf1cc622fe8493324514ed4b6211316edf4e3933b1b228250fab5fb4e889ecd1b1a4066fa71d2e953d11b4235084181e215a0cf97b8c9cd27c502579268fe1e42ce1ddfe6ab15056c4ab8bd8b7662cc28a956226a13c48864628995952b2e37a7efc952d67b80bf0bd6ba6bb7b47a6fe770a5d06c8a172ecd825406a57dd1bd163ad207d49d4f808617b7f052e2d831071369de4c25017b513d847b9dd6a7319afb0bf19ab1021ceddc24f3357921314ef22d8702a3f050485ba1d9620312e2f222bb09f1fdf71dc4aaf7690ad99d1c3fb03d1796878c9d8e52e56225d339f3496ff1e6b36b1913a2757a493fb140d72339f944a732a4c70989ef715d8345ddf3e02ca870e9f7822826812219f6a3d1b37e14a76063083133ea79224a33a271ab98e4ceb7c7955aee7e08cc015cff25f9a0d868aaaf719afe16c0673c8faa5929b62514aa1b721c43c7c3d97fdc4958f1ee686ff9afb8e7bb1b68679b125a77a49ab3a9186592e62525b24c28b43995e1738c0943868347f0b73dc7785b679a3dd697f119c03e4f31eedbc95bb0ec615b965ddc7a88ab5f1919d279cdc0f7a62d045c29d0c6fdc7fc0ff348df01228a452283ee12b54e8579fe86f2806d9e84b3ba368cff95cb6faa2e3dd147c6dd4f5bb4bb60777336dafdbb4373f87cefcd7ee6da404970362869e1f5f53ac8e1a1a3b24b92b18cfc5c2af9d7e3746f9a359510835e6ff861329881a627230970df818f88ec2cb2342cb38192b55b0ac825488eb35b78289090519241171fb904e9f9f0a27173fcc42208d3a092ea74a0a7f9640769c32826dc3664d73c2e6def87c399ba7b629bce2b65589a95c304c32449bd50975743e2dd3809ef1f89af29476b882eefc43ae8e2e1db2000d4c68255b021d9877a166fd6180bfa73d0badd49b0dda52faae38d651433466e325ace2e2f78764488908d17aad2d65eef2f8d204f8426c73c954f622a86a589740d39ca7a0f75596a93755a5c336a3ea6fadc86f4588ba21717c398f1ff35e34e1984f3892ebc90fdc6f4bcf2b5ab9556d0adf7e0e7c526664aeb8865ed5d92cbe2fa7c9caea4e544b3a9e9384fed0c5d95a1e927c39886026049a98d395a092a35ec62013c9879ea24d0f9d6aaea9c8ef82707d586a649e304c51fe237f567eb59ad4d59ead756dc8c0f6798821de0432a4bc3e0f2a8af9b67ef306626d534c0744ae267f0412a655a1df652e77bb48c66d677a25d65b1fb5f7416c7b22b3a522b21d5e05056e5b65a95d760e9a7215dd3ec7bf588898337ecb06eedd97236027a1406ffd5f24f4b1cffd12cd70dc54a7bb2bf1d98e770f341774933133a72704aa631bb032d3f2dce7c7487dcd2ce3eada31a3d0719b9e0edda651199fbe2990d951a5c8b4aa4625567f487cdc891933b7be08ae70b3618a9260dd5c52e78554e77dbfb3d1095ed6312e89859363c93ee6c3f9e1f9db69b933922e8bf416d79fb1955a45d50971bcdcff3d8cb0aa2cf08844716bd9d10ed20ffcdb4191de3187ec5a5eeb0c6efba192c2f01d72c3030cdfa50ffa47d88e3d9e83a606f66914fde60e1d4645118a7fc9988b10c4df93e3053cc72efdc6edd9a87d078e49cd6be548c1f0656b9deda8cefc5a809ca4bf357151ac582c1cae27b7c9eaa017c"}) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000002ac0)=0x40000000000000) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000480)=0x100000001, 0x4) mount$bpf(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000004c0)='bpf\x00', 0x2000080, &(0x7f00000005c0)={[{@mode={'mode', 0x3d, 0x8}}, {@mode={'mode', 0x3d, 0x2}}, {@mode={'mode', 0x3d, 0x4}}, {@mode={'mode', 0x3d, 0x1f}}], [{@euid_gt={'euid>'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@dont_appraise='dont_appraise'}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@context={'context', 0x3d, 'user_u'}}, {@obj_role={'obj_role', 0x3d, 'port'}}, {@fsname={'fsname', 0x3d, 'port'}}]}) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x400000, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000280)={0x2}) [ 271.760439] md: ram0 does not have a valid v0.0 superblock, not importing! 18:09:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 271.842886] md: md_import_device returned -22 18:09:36 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80}}], 0x1, 0x0, &(0x7f0000003280)) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x200000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r0, 0x0, 0xa, &(0x7f0000000000)="9f3a6b657972696e6700", 0xffffffffffffffff}, 0x30) r1 = getpgid(0x0) r2 = syz_open_procfs(r1, &(0x7f0000000280)='net/raw6\x00') preadv(r2, &(0x7f00000017c0), 0x1d5, 0x0) [ 271.946867] binder: send failed reply for transaction 81 to 8337:8338 [ 271.955972] binder: 8337:8338 ioctl c0306201 2000efd0 returned -14 [ 272.031853] binder: undelivered TRANSACTION_COMPLETE [ 272.044646] binder: undelivered TRANSACTION_ERROR: 29189 18:09:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf"}], 0xaaaaaaaaaaaac60, 0x0, &(0x7f0000000100), 0x330) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x2800, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0x0, 0x101}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 18:09:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf"}], 0xaaaaaaaaaaaac60, 0x0, &(0x7f0000000100), 0x330) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x2800, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0x0, 0x101}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 18:09:37 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10003, 0x80011, r0, 0x0) syz_mount_image$reiserfs(&(0x7f00000001c0)='reiserfs\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, &(0x7f0000000580), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="410078bf7bab688c322ec6629d0c2308223f70867e6c2a30a37a053d52c4914d4f03fb7ce685f95fda496c815c305ff77216"]) 18:09:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x10, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:37 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000cfd000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x200003, 0x0) socket$unix(0x1, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r2) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x5) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r3 = creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) write$binfmt_elf64(r3, &(0x7f0000000180)=ANY=[], 0xfffffd97) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000440)='./file0/file1\x00', 0x0, 0x1) r4 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000600)="f95e0139fa7af261f6ed534b45e15c3b90ef064a30515b8a92ddccfb83d9a7ea9cf8730f0bb5a208f067a3fc5fe3861130fe9653824b2a8a9dceed203d10ba3d991192c9fe9135f23e9caa900c617cbcfe040f3d52ff6aeb96", 0x59, 0xfffffffffffffffe) keyctl$update(0x2, r4, &(0x7f0000000680)="74d1f36114c27a1ed317970050e154f41c8d673f680ff5934c080a163d9ac030b66f7239e11f4e3205bba780dd8600344a95dc7cbd8b1e47f5186867228aef82ae32e18492f6d14d8bae2b741f423f4b24ca0f3255a01f5ea1306d0dcc61dbf4e680787d6ab9bf1cfdbb592ded2ccd7fa3bda4654a", 0x75) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f00000000c0)={0x53e4, 0x5, 0x7f, 0x3}, 0x8) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000140)={0x2, 0x6, 0x5, 0x7, 0xadb, 0x0, 0x189, 0xfff, 0x3, 0x10000, 0x5b, 0xa9c}) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) ioctl$VT_RELDISP(r3, 0x5605) r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r6 = openat$cgroup_procs(r2, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) dup2(r5, r6) fdatasync(r6) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c832, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000040)={&(0x7f0000c15000/0x1000)=nil, 0x8, 0x0, 0x2, &(0x7f0000961000/0x2000)=nil, 0x6}) syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x100000001, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000000)={0x7fffffff, 0x5, 0x0, 0x7}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000140)="360f303e0f01df6766c74424000900000d6766c7442402020000006766c744240600000000670f011c240f20c06635200000000f22c0263356470f0764f30f2a342e260f0f970a008e0f08660f5808", 0x4f}], 0x1, 0x0, &(0x7f0000000200), 0x0) [ 272.265274] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "A" [ 272.371129] FAT-fs (loop4): Unrecognized mount option "/dev/kvm" or missing value 18:09:37 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x800, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = semget(0x1, 0x0, 0x4b1) semop(r2, &(0x7f0000000100)=[{0x3, 0x5}, {0x4, 0xa2e0, 0x1800}, {0x1, 0xb72e, 0x1000}, {0x4, 0x1ff, 0x1800}, {0x5, 0x80000001, 0x1800}, {0x2, 0x2, 0x1000}], 0x6) r3 = memfd_create(&(0x7f00000002c0)='security\x00', 0x3) ioctl$KVM_SET_NR_MMU_PAGES(r3, 0xae44, 0x3) semctl$IPC_STAT(r2, 0x0, 0x2, &(0x7f0000000b40)=""/4096) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000340)={0x1, r1}) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200800002100140025bd7000fddbdf25022034ff200000000000000008000000"], 0x20}, 0x1, 0x0, 0x0, 0x20000084}, 0x800) syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000a80), 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="69546f1f000000342c"]) r4 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x8, 0x40040) accept$packet(r4, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) [ 272.636349] XFS (loop0): unknown mount option [iTo]. [ 273.018941] binder: release 8357:8362 transaction 83 out, still active [ 273.029002] binder: undelivered TRANSACTION_COMPLETE [ 273.047693] binder: send failed reply for transaction 83, target dead 18:09:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000040)={@dev, @multicast2}, 0x8) socketpair(0x1b, 0x1, 0x4, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000080)=0xab) 18:09:38 executing program 0: perf_event_open(&(0x7f0000000180)={0x4002, 0x70, 0x3e5, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, [@sadb_x_sa2={0x2, 0x13, 0x2}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}, 0x58}}, 0x0) 18:09:38 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000cfd000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x200003, 0x0) socket$unix(0x1, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r2) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x5) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r3 = creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) write$binfmt_elf64(r3, &(0x7f0000000180)=ANY=[], 0xfffffd97) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000440)='./file0/file1\x00', 0x0, 0x1) r4 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000600)="f95e0139fa7af261f6ed534b45e15c3b90ef064a30515b8a92ddccfb83d9a7ea9cf8730f0bb5a208f067a3fc5fe3861130fe9653824b2a8a9dceed203d10ba3d991192c9fe9135f23e9caa900c617cbcfe040f3d52ff6aeb96", 0x59, 0xfffffffffffffffe) keyctl$update(0x2, r4, &(0x7f0000000680)="74d1f36114c27a1ed317970050e154f41c8d673f680ff5934c080a163d9ac030b66f7239e11f4e3205bba780dd8600344a95dc7cbd8b1e47f5186867228aef82ae32e18492f6d14d8bae2b741f423f4b24ca0f3255a01f5ea1306d0dcc61dbf4e680787d6ab9bf1cfdbb592ded2ccd7fa3bda4654a", 0x75) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f00000000c0)={0x53e4, 0x5, 0x7f, 0x3}, 0x8) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000140)={0x2, 0x6, 0x5, 0x7, 0xadb, 0x0, 0x189, 0xfff, 0x3, 0x10000, 0x5b, 0xa9c}) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) ioctl$VT_RELDISP(r3, 0x5605) r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r6 = openat$cgroup_procs(r2, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) dup2(r5, r6) fdatasync(r6) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c832, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000040)={&(0x7f0000c15000/0x1000)=nil, 0x8, 0x0, 0x2, &(0x7f0000961000/0x2000)=nil, 0x6}) syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x100000001, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000000)={0x7fffffff, 0x5, 0x0, 0x7}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000140)="360f303e0f01df6766c74424000900000d6766c7442402020000006766c744240600000000670f011c240f20c06635200000000f22c0263356470f0764f30f2a342e260f0f970a008e0f08660f5808", 0x4f}], 0x1, 0x0, &(0x7f0000000200), 0x0) 18:09:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mlock(&(0x7f0000121000/0x4000)=nil, 0x4000) r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402) r1 = syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x0) read(r1, &(0x7f00000004c0)=""/163, 0xfcc1) write$binfmt_elf32(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c460000000000000000000000000200010081000000"], 0x18) write$binfmt_elf64(r0, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r2 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x6, 0x0) accept$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, r3, 0x3}, 0xc) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000000000)=0xa, 0x1, 0x0) 18:09:38 executing program 1: openat$dsp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp\x00', 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rtc0\x00', 0x800, 0x0) syz_open_dev$vcsa(&(0x7f0000000540)='/dev/vcsa#\x00', 0x100, 0x8000) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000580)='/dev/hwrng\x00', 0x8001, 0x0) sendto$inet6(r0, &(0x7f00000004c0), 0x14e, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local}, 0xfffffffffffffea6) r1 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r1, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000002000010000000000000000000a00000000000000000000000000000029cea1839ff1a4128225bc773f2c4384875931a51dc294c029"], 0xf8}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 18:09:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 273.203043] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 273.206372] mmap: syz-executor3 (8404) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 273.233616] FAT-fs (loop4): Unrecognized mount option "/dev/kvm" or missing value 18:09:38 executing program 2: perf_event_open(&(0x7f0000000d40)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0xf4400, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x100000000, 0x9}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r1, 0x9}, &(0x7f0000000140)=0x8) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r2, &(0x7f0000000180)={0x11, 0x10}, 0x18) 18:09:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mlock(&(0x7f0000121000/0x4000)=nil, 0x4000) r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402) r1 = syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x0) read(r1, &(0x7f00000004c0)=""/163, 0xfcc1) write$binfmt_elf32(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c460000000000000000000000000200010081000000"], 0x18) write$binfmt_elf64(r0, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r2 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x6, 0x0) accept$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, r3, 0x3}, 0xc) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000000000)=0xa, 0x1, 0x0) 18:09:38 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mlock(&(0x7f0000121000/0x4000)=nil, 0x4000) r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402) r1 = syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x0) read(r1, &(0x7f00000004c0)=""/163, 0xfcc1) write$binfmt_elf32(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c460000000000000000000000000200010081000000"], 0x18) write$binfmt_elf64(r0, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r2 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x6, 0x0) accept$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, r3, 0x3}, 0xc) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000000000)=0xa, 0x1, 0x0) 18:09:38 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x4}) setsockopt$packet_int(r0, 0x107, 0x80000000000a, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000140)=@req3={0x8000, 0x2, 0x200, 0x80, 0x0, 0x923}, 0x1c) connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) lsetxattr$security_evm(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="04115d94170600f600080000f3ee0f17"], 0x10, 0x1) 18:09:38 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) syz_emit_ethernet(0x437, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev, @local, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780)) 18:09:38 executing program 0: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fsetxattr$security_ima(r0, &(0x7f0000000080)='security.ima\x00', &(0x7f0000000040)=@sha1={0x1, "8c3693e2b8811d845ced725cc1fd5760eab464d3"}, 0x291, 0x0) [ 273.535555] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 18:09:38 executing program 2: perf_event_open(&(0x7f0000000d40)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0xf4400, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x100000000, 0x9}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r1, 0x9}, &(0x7f0000000140)=0x8) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r2, &(0x7f0000000180)={0x11, 0x10}, 0x18) 18:09:38 executing program 4: syz_emit_ethernet(0x33, &(0x7f0000d53fc1)={@link_local, @random="7d79e5afaec3", [], {@generic={0xef0d, "5eed12f97bb82c736b85102e93286c5e9b201e4782e54c76f10436eb233d5d09dffd0bbb2b"}}}, &(0x7f0000ea3000)={0x0, 0x0, [0x0, 0xb09, 0x0, 0x789]}) 18:09:38 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000280)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x5207, &(0x7f0000000000)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x800, 0x0) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f00000000c0)=""/207) 18:09:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) getpgid(0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0xa00) r4 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x1) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_GET_LOW_DMA(r3, 0x227a, &(0x7f00000002c0)) sendfile(r4, r5, &(0x7f0000000040)=0x2e, 0x10000000000443) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000100)={0x0, 0x5, 0x4, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x8, 0x5, 0x5, 0x80000000, 0x6}) bind$vsock_dgram(r3, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, &(0x7f0000000300)="67660f3a400300baf80c66b85fbeb78066efbafc0cb0e3eeba200066edc30f350f20e06635200000000f22e0660f3830b3708f3e0f060f01712166b9800000c00f326635000100000f30", 0x4a}], 0x1, 0x10, &(0x7f00000004c0), 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000840)={&(0x7f0000ffe000/0x2000)=nil, 0x2000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000540)={0x4, &(0x7f0000000500)=[{0x0}, {}, {}, {}]}) faccessat(r3, &(0x7f00000005c0)='./file0\x00', 0x1, 0x100) ioctl$DRM_IOCTL_SWITCH_CTX(r4, 0x40086424, &(0x7f0000000580)={r6, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000200)={0x9, 0x1, 0x1}) ioctl$UI_DEV_CREATE(r2, 0x5501) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x93, "003989954a43bf909ce2eeeb2d8ab607a6f961949af63c4ee1968ea5306bb53163cd0bc8779e7c2cdc4fbc1a41f108f227f822404a6ddfc0df985541db9d0bcaf776dfef54d8d23b9749206a43bdd78d897187e7bc3a0da6ca28565522a0719f19c777d44e37edd0dcbbf64b07a5f016021a60c940507b242484d108b4d268f12d579e23d29a9751a0ac8e988fb81087871a56"}, &(0x7f0000000440)=0x9b) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000004c0)={r7, 0x2, 0x1ff}, 0x8) 18:09:38 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r0, 0x0, 0xffffffffffffff0d, &(0x7f00000000c0)='syz1\x00'}, 0x30) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) waitid(0x1, r1, 0x0, 0x2, &(0x7f0000000fc0)) listen(r2, 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000540)={0x0, 0xe00, 0x8481, 0x4, 0x2c4b5952, 0x81, 0x5, 0x2, {0x0, @in6={{0xa, 0x4e24, 0x8000, @empty, 0x4}}, 0x0, 0x0, 0x0, 0x6, 0x6}}, &(0x7f0000000600)=0xb0) r3 = gettid() setxattr$trusted_overlay_nlink(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)='trusted.overlay.nlink\x00', &(0x7f0000001100)={'L-', 0x7}, 0x28, 0x1) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{&(0x7f0000000480)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000640)=""/186, 0xba}}, {{&(0x7f00000060c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000007440), 0x0, &(0x7f00000074c0)=""/31, 0x1f}}], 0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000440)=0x8) fcntl$lock(r4, 0x7, &(0x7f00000007c0)={0x2, 0x4, 0x6, 0x0, r3}) perf_event_open(&(0x7f0000000840)={0x0, 0x70, 0x3f, 0xb3, 0xfffffffffffffffa, 0x2, 0x0, 0x5, 0x0, 0x0, 0x3ff, 0x6, 0x4, 0x0, 0x0, 0xfff, 0x3, 0x9, 0x1000, 0x5747, 0x1000, 0xf75b, 0x54876bdc, 0xa20, 0x382, 0xed4, 0x1, 0x2, 0x0, 0x0, 0x3, 0xe6d, 0x20, 0x8, 0x5a9, 0x100, 0xd32, 0xffffffff, 0x0, 0x67e, 0x0, @perf_bp={&(0x7f0000000800)}, 0x1, 0x2, 0x100000000, 0x7, 0xfffffffffffffc00, 0x100, 0xe0}, r1, 0x1, r0, 0x2) r7 = syz_open_procfs(r1, &(0x7f0000000e80)='net/ip6_mr_cache\x00') ioctl$GIO_FONT(r7, 0x4b60, &(0x7f0000000ec0)=""/197) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000dc0)={0x0, 0x0}, &(0x7f0000000e00)=0xc) syz_mount_image$xfs(&(0x7f0000000980)='xfs\x00', &(0x7f00000009c0)='./file0\x00', 0x2, 0x7, &(0x7f0000000d00)=[{&(0x7f0000000a00)="eaefb4c702cc4c841331da947f1c8cb18c5337b79276589b8063e62583e5878d1d2f14a8f84dd02d19ee41", 0x2b, 0x2}, {&(0x7f0000000a40)="7bc61c6ddd5c5036bb6784d2a1715e339250c453f3c76a4088942bc4dc21fddd4d2d3df0c0144c386e5dcc2de6e916a17e71295e880d8af55536bbce949bfbcd6af24709ad313cb6365f4a38b5305f0a9e52cd3fa77c6f38d5c7be102cc0f075111d8e7d52fb97bb456c", 0x6a, 0x8000}, {&(0x7f0000000ac0)="fa2063495769040f026efc7d8a5fa36a8ec966bed5752be9", 0x18, 0x101}, {&(0x7f0000000b00)="a06d4ff982d685b6e9b2a6002870023586350ebc0c09797a2905bbac6a1c2e7522230b810c6c4de2e26538fe622cccf8852c79b3e7266b34a5bcdb229ee66031d5d9f805606602a3e9727098fc0c4cff5dd335279701434e2a285120c582e8a80cb93f0bf2b4e7d663c55c080b533025cc62039916840860869f2625317e9eddf977a1a2a2bed740f23cb2ab07ec159897e0fd465f013093ba805540e06e0106dd6c04b4fbf1e443881d8873a37f6c0e2db1d6e1f04a1dc1975bf2c885dffcf198d978d89ea51e217e6ad6dbe30c9897afd22bde5e34b4d009a7781de97da29face624031ae18dbe", 0xe8}, {&(0x7f0000000c00)="4fe644a0a76048021abe9a9a8310", 0xe, 0xfffffffffffffff8}, {&(0x7f0000000c40)="eab3aeda6ffab91ef0644924ed7eb7ffc90066c013ebd1c2453487703ce7bbb397375ab5cfcc8b57abf5ef109fdc72564769efd7d4", 0x35, 0x80}, {&(0x7f0000000c80)="15bd74949d362a75c48a14f7c048fa42a8394d38d428e3c7dbf5c45b43c210f36a600b36d25d36249cff7a771135d7be0f27e7cabf54acdf59ee7d10ab3ef7778d97c81183f8322908885d22bb519e99da2f5e5df56bdd2c67720ab9621c", 0x5e, 0xfffffffffffffff9}], 0x80000, &(0x7f0000000e40)={[{@attr2='attr2'}, {@gquota='gquota'}], [{@measure='measure'}, {@fowner_eq={'fowner', 0x3d, r9}}]}) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000780)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000740)={&(0x7f0000001140)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB="000127bd7000fcdbdf25010000000800040009000000080004002000000008000500fc050000580003000800030001000000080007004e200000080005000000000014000600fe800000000000000000000000000014140002007665746831000000000000000000000014000600ff010000000000000000000000000001300bc59326547fbdda2c26b1"], 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x1) setsockopt$inet_sctp_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f0000000500)=@assoc_id=r6, 0x4) recvmsg(r5, &(0x7f0000000200)={&(0x7f0000000140)=@nl=@unspec, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000380)=""/153, 0x99}, 0x10000) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000240)={{0x0, 0x0, 0x1000, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', &(0x7f0000000040)}) setsockopt$inet6_int(r4, 0x29, 0x0, &(0x7f0000000080), 0x4) [ 273.985486] binder: send failed reply for transaction 85 to 8390:8391 [ 273.995798] binder: undelivered TRANSACTION_COMPLETE 18:09:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000380)="153f6234488dd25d766070") setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000180)={0x8, @remote, 0x4e23, 0x4, 'rr\x00', 0x20, 0x21a3, 0x65}, 0x2c) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000040)="66baf80cb820437a8eef66bafc0ced26470fc76c8e19b805000000b94d8a4dba0f01c1b805000000b9044f00000f01d966ba2100b008ee65f4440f0175a44b0fc76f08c461fc2b9f0000010042dfcd", 0x4f}], 0x1, 0x0, &(0x7f0000000180), 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@dev}}, &(0x7f00000003c0)=0xe8) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = geteuid() mount$9p_virtio(&(0x7f00000001c0)='selinux\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x100400, &(0x7f00000004c0)={'trans=virtio,', {[{@dfltuid={'dfltuid', 0x3d, r4}}, {@privport='privport'}, {@aname={'aname', 0x3d, 'posix_acl_access'}}, {@access_user='access=user'}], [{@smackfsroot={'smackfsroot', 0x3d, '/dev/kvm\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@uid_lt={'uid<', r5}}, {@smackfshat={'smackfshat', 0x3d, 'em1'}}, {@uid_gt={'uid>', r6}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@context={'context', 0x3d, 'system_u'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}}) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x5, 0x0, [0x40000021, 0x3]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 18:09:39 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x8, 0x3, 0x76, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x300000a, 0x42010, 0xffffffffffffffff, 0x0) r4 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0x1010, 0xffffffffffffffff, 0xe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000008c0)={0x108, 0x0, &(0x7f0000000980)=[@increfs, @clear_death={0x400c630f, 0x1, 0x2}, @reply_sg={0x40486312, {{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x60, 0x40, &(0x7f0000000400)=[@ptr={0x70742a85, 0x0, &(0x7f0000000380), 0x1, 0x4, 0x3c}, @fda={0x66646185, 0x1, 0x0, 0x17}, @fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f0000000480)=[0x78, 0x28, 0x20, 0x0, 0x40, 0x78, 0x40, 0x38]}, 0x7}}, @reply_sg={0x40486312, {{0x0, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0x40, 0x50, &(0x7f00000004c0)=[@fda={0x66646185, 0x2, 0x4, 0x1a}, @fda={0x66646185, 0x3, 0x0, 0xb}], &(0x7f0000000680)=[0x0, 0x20, 0x18, 0x38, 0x0, 0x78, 0x28, 0x58, 0x48, 0xdb7bb57fd07be52b]}, 0x8}}, @reply={0x40406301, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x30, 0x28, &(0x7f0000000700)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x3}, @flat={0x77682a85, 0x101, r3, 0x2}], &(0x7f0000000740)=[0x70, 0x0, 0x28, 0x28, 0x0]}}, @increfs_done={0x40106308, r4}], 0x17, 0x0, &(0x7f0000000780)="17b7f0e23ee32ef948c8c794353b20cc8b7d42f06ee97f"}) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, 0x6e) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$dspn(&(0x7f0000000900)='/dev/dsp#\x00', 0x3f, 0x0) write$P9_RCREATE(r5, &(0x7f0000000940)={0x18, 0x73, 0x1, {{0x92}}}, 0x18) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r1) pipe2$9p(0xfffffffffffffffe, 0x0) umount2(&(0x7f00000007c0)='./control\x00', 0x0) rt_sigaction(0x0, &(0x7f00000002c0)={0x0, {}, 0x0, 0x0}, &(0x7f0000000300), 0x8, &(0x7f0000000340)) syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x400) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000600), &(0x7f0000000640)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000800)={0x0, @in={{0x2, 0x0, @loopback}}, 0x0, 0xfffffffffffffffe}, 0x90) ioctl$FS_IOC_GETFLAGS(r5, 0x80086601, &(0x7f0000000140)) rt_sigaction(0x0, &(0x7f0000000500)={0x0, {0xa11}, 0xc8000006, 0x0}, &(0x7f0000000540), 0x8, &(0x7f0000000580)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000100)=[{0x50}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002240), 0x1ba, &(0x7f00000022c0)}}, {{0x0, 0x0, &(0x7f00000026c0), 0x0, &(0x7f0000002700)}}], 0x75a, 0x0) 18:09:39 executing program 1: mkdir(&(0x7f0000027000)='./file0\x00', 0x0) mount(&(0x7f00000000c0)=ANY=[], &(0x7f000001c000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x0, &(0x7f000000a000)) mount(&(0x7f0000000200)=ANY=[], &(0x7f000000fff8)='./file0\x00', &(0x7f0000000100)='mqueue\x00', 0x7ffbf, &(0x7f00000001c0)) clone(0x100000200020fe, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) removexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@random={'trusted.', 'ramfs\x00'}) [ 274.112753] binder: undelivered TRANSACTION_ERROR: 29189 [ 274.168493] sctp: [Deprecated]: syz-executor4 (pid 8457) Use of int in maxseg socket option. [ 274.168493] Use struct sctp_assoc_value instead 18:09:39 executing program 1: r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000080)="db", 0x1, r0) r2 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x10000, 0x5) write$FUSE_STATFS(r2, &(0x7f0000000100)={0x60, 0xfffffffffffffff5, 0x5, {{0xb9, 0x101, 0x0, 0x2, 0x80000001, 0x8f54, 0xb, 0x7}}}, 0x60) fcntl$notify(r2, 0x402, 0x21) keyctl$link(0x16, r1, r1) [ 274.283007] sctp: [Deprecated]: syz-executor4 (pid 8474) Use of int in maxseg socket option. [ 274.283007] Use struct sctp_assoc_value instead 18:09:39 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r0, 0x0, 0xffffffffffffff0d, &(0x7f00000000c0)='syz1\x00'}, 0x30) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) waitid(0x1, r1, 0x0, 0x2, &(0x7f0000000fc0)) listen(r2, 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000540)={0x0, 0xe00, 0x8481, 0x4, 0x2c4b5952, 0x81, 0x5, 0x2, {0x0, @in6={{0xa, 0x4e24, 0x8000, @empty, 0x4}}, 0x0, 0x0, 0x0, 0x6, 0x6}}, &(0x7f0000000600)=0xb0) r3 = gettid() setxattr$trusted_overlay_nlink(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)='trusted.overlay.nlink\x00', &(0x7f0000001100)={'L-', 0x7}, 0x28, 0x1) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{&(0x7f0000000480)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000640)=""/186, 0xba}}, {{&(0x7f00000060c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000007440), 0x0, &(0x7f00000074c0)=""/31, 0x1f}}], 0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000440)=0x8) fcntl$lock(r4, 0x7, &(0x7f00000007c0)={0x2, 0x4, 0x6, 0x0, r3}) perf_event_open(&(0x7f0000000840)={0x0, 0x70, 0x3f, 0xb3, 0xfffffffffffffffa, 0x2, 0x0, 0x5, 0x0, 0x0, 0x3ff, 0x6, 0x4, 0x0, 0x0, 0xfff, 0x3, 0x9, 0x1000, 0x5747, 0x1000, 0xf75b, 0x54876bdc, 0xa20, 0x382, 0xed4, 0x1, 0x2, 0x0, 0x0, 0x3, 0xe6d, 0x20, 0x8, 0x5a9, 0x100, 0xd32, 0xffffffff, 0x0, 0x67e, 0x0, @perf_bp={&(0x7f0000000800)}, 0x1, 0x2, 0x100000000, 0x7, 0xfffffffffffffc00, 0x100, 0xe0}, r1, 0x1, r0, 0x2) r7 = syz_open_procfs(r1, &(0x7f0000000e80)='net/ip6_mr_cache\x00') ioctl$GIO_FONT(r7, 0x4b60, &(0x7f0000000ec0)=""/197) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000dc0)={0x0, 0x0}, &(0x7f0000000e00)=0xc) syz_mount_image$xfs(&(0x7f0000000980)='xfs\x00', &(0x7f00000009c0)='./file0\x00', 0x2, 0x7, &(0x7f0000000d00)=[{&(0x7f0000000a00)="eaefb4c702cc4c841331da947f1c8cb18c5337b79276589b8063e62583e5878d1d2f14a8f84dd02d19ee41", 0x2b, 0x2}, {&(0x7f0000000a40)="7bc61c6ddd5c5036bb6784d2a1715e339250c453f3c76a4088942bc4dc21fddd4d2d3df0c0144c386e5dcc2de6e916a17e71295e880d8af55536bbce949bfbcd6af24709ad313cb6365f4a38b5305f0a9e52cd3fa77c6f38d5c7be102cc0f075111d8e7d52fb97bb456c", 0x6a, 0x8000}, {&(0x7f0000000ac0)="fa2063495769040f026efc7d8a5fa36a8ec966bed5752be9", 0x18, 0x101}, {&(0x7f0000000b00)="a06d4ff982d685b6e9b2a6002870023586350ebc0c09797a2905bbac6a1c2e7522230b810c6c4de2e26538fe622cccf8852c79b3e7266b34a5bcdb229ee66031d5d9f805606602a3e9727098fc0c4cff5dd335279701434e2a285120c582e8a80cb93f0bf2b4e7d663c55c080b533025cc62039916840860869f2625317e9eddf977a1a2a2bed740f23cb2ab07ec159897e0fd465f013093ba805540e06e0106dd6c04b4fbf1e443881d8873a37f6c0e2db1d6e1f04a1dc1975bf2c885dffcf198d978d89ea51e217e6ad6dbe30c9897afd22bde5e34b4d009a7781de97da29face624031ae18dbe", 0xe8}, {&(0x7f0000000c00)="4fe644a0a76048021abe9a9a8310", 0xe, 0xfffffffffffffff8}, {&(0x7f0000000c40)="eab3aeda6ffab91ef0644924ed7eb7ffc90066c013ebd1c2453487703ce7bbb397375ab5cfcc8b57abf5ef109fdc72564769efd7d4", 0x35, 0x80}, {&(0x7f0000000c80)="15bd74949d362a75c48a14f7c048fa42a8394d38d428e3c7dbf5c45b43c210f36a600b36d25d36249cff7a771135d7be0f27e7cabf54acdf59ee7d10ab3ef7778d97c81183f8322908885d22bb519e99da2f5e5df56bdd2c67720ab9621c", 0x5e, 0xfffffffffffffff9}], 0x80000, &(0x7f0000000e40)={[{@attr2='attr2'}, {@gquota='gquota'}], [{@measure='measure'}, {@fowner_eq={'fowner', 0x3d, r9}}]}) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000780)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000740)={&(0x7f0000001140)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB="000127bd7000fcdbdf25010000000800040009000000080004002000000008000500fc050000580003000800030001000000080007004e200000080005000000000014000600fe800000000000000000000000000014140002007665746831000000000000000000000014000600ff010000000000000000000000000001300bc59326547fbdda2c26b1"], 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x1) setsockopt$inet_sctp_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f0000000500)=@assoc_id=r6, 0x4) recvmsg(r5, &(0x7f0000000200)={&(0x7f0000000140)=@nl=@unspec, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000380)=""/153, 0x99}, 0x10000) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000240)={{0x0, 0x0, 0x1000, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', &(0x7f0000000040)}) setsockopt$inet6_int(r4, 0x29, 0x0, &(0x7f0000000080), 0x4) 18:09:39 executing program 2: r0 = syz_init_net_socket$llc(0x1a, 0x80000000000002, 0x0) r1 = dup2(r0, r0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) connect$rds(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0xfffffdbb) 18:09:39 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x1ff) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) sendmmsg(r0, &(0x7f000000ac80)=[{{&(0x7f0000001240)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000001600), 0x0, &(0x7f0000001640)}}, {{0x0, 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000040)=[{0x10, 0x29, 0x43}], 0x10}}], 0x2, 0x0) 18:09:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$packet(0x11, 0x2, 0x300, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000100)=0x1000, 0x4) get_mempolicy(&(0x7f00000000c0), &(0x7f0000000200), 0x8000008000, &(0x7f0000ffa000/0x2000)=nil, 0x3) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000240)={{0x7c, @multicast2, 0x4e21, 0x1, 'lblcr\x00', 0x4, 0x40, 0x1b}, {@loopback, 0x4e20, 0x2, 0x3, 0x4, 0x7ff}}, 0x44) syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x316, 0x2100) 18:09:39 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) io_setup(0x3, &(0x7f0000000240)=0x0) r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r2) socket$inet_smc(0x2b, 0x1, 0x0) io_submit(r1, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={"62726964676530000000008000", &(0x7f0000000140)=@ethtool_flash={0x33, 0x5, "a7417c1d676be3cb4b4b64858aa26053335bfce31360e6324d512e29c68725cdf63fe90dfdf9b1e97c6e39d0fc5bbc8df21a071cb4a4a23d84ee55d3b1945321cb899ac7ab413b583374a822bc20e8ec6f481ac9b97398942de4baa26d01b76884c787ee27743ab0812ccf25018e1fb646ae2a238e928d3fa612075f36b5ed8d"}}) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x800, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0x12}, 'veth1\x00'}}, 0x1e) [ 275.004434] binder: send failed reply for transaction 87 to 8470:8472 [ 275.011173] binder: undelivered TRANSACTION_COMPLETE [ 275.044422] binder: undelivered TRANSACTION_ERROR: 29189 18:09:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) getpgid(0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0xa00) r4 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x1) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_GET_LOW_DMA(r3, 0x227a, &(0x7f00000002c0)) sendfile(r4, r5, &(0x7f0000000040)=0x2e, 0x10000000000443) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000100)={0x0, 0x5, 0x4, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x8, 0x5, 0x5, 0x80000000, 0x6}) bind$vsock_dgram(r3, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, &(0x7f0000000300)="67660f3a400300baf80c66b85fbeb78066efbafc0cb0e3eeba200066edc30f350f20e06635200000000f22e0660f3830b3708f3e0f060f01712166b9800000c00f326635000100000f30", 0x4a}], 0x1, 0x10, &(0x7f00000004c0), 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000840)={&(0x7f0000ffe000/0x2000)=nil, 0x2000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000540)={0x4, &(0x7f0000000500)=[{0x0}, {}, {}, {}]}) faccessat(r3, &(0x7f00000005c0)='./file0\x00', 0x1, 0x100) ioctl$DRM_IOCTL_SWITCH_CTX(r4, 0x40086424, &(0x7f0000000580)={r6, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000200)={0x9, 0x1, 0x1}) ioctl$UI_DEV_CREATE(r2, 0x5501) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x93, "003989954a43bf909ce2eeeb2d8ab607a6f961949af63c4ee1968ea5306bb53163cd0bc8779e7c2cdc4fbc1a41f108f227f822404a6ddfc0df985541db9d0bcaf776dfef54d8d23b9749206a43bdd78d897187e7bc3a0da6ca28565522a0719f19c777d44e37edd0dcbbf64b07a5f016021a60c940507b242484d108b4d268f12d579e23d29a9751a0ac8e988fb81087871a56"}, &(0x7f0000000440)=0x9b) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000004c0)={r7, 0x2, 0x1ff}, 0x8) 18:09:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5, 0x8, 0x2000, 0x100000001, 0x0, 0xffffffffffffffff, 0x0, [0x5f]}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f00000003c0)=""/200}, 0x18) listen(0xffffffffffffffff, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @rand_addr}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e22, 0x3ff, @dev={0xfe, 0x80, [], 0x10}, 0xffffffffffffff28}, @in6={0xa, 0x4e21, 0x1, @ipv4={[], [], @multicast2}, 0x7}, @in6={0xa, 0x4e21, 0x1, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1a}}, 0x20}], 0x74) 18:09:40 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000018000)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x18, 0x1, 0x0, 0x0, {0x10001}, [@typed={0xc, 0x1, @u64}]}, 0x20}}, 0x0) 18:09:40 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x8, 0x3, 0x76, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x300000a, 0x42010, 0xffffffffffffffff, 0x0) r4 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0x1010, 0xffffffffffffffff, 0xe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000008c0)={0x108, 0x0, &(0x7f0000000980)=[@increfs, @clear_death={0x400c630f, 0x1, 0x2}, @reply_sg={0x40486312, {{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x60, 0x40, &(0x7f0000000400)=[@ptr={0x70742a85, 0x0, &(0x7f0000000380), 0x1, 0x4, 0x3c}, @fda={0x66646185, 0x1, 0x0, 0x17}, @fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f0000000480)=[0x78, 0x28, 0x20, 0x0, 0x40, 0x78, 0x40, 0x38]}, 0x7}}, @reply_sg={0x40486312, {{0x0, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0x40, 0x50, &(0x7f00000004c0)=[@fda={0x66646185, 0x2, 0x4, 0x1a}, @fda={0x66646185, 0x3, 0x0, 0xb}], &(0x7f0000000680)=[0x0, 0x20, 0x18, 0x38, 0x0, 0x78, 0x28, 0x58, 0x48, 0xdb7bb57fd07be52b]}, 0x8}}, @reply={0x40406301, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x30, 0x28, &(0x7f0000000700)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x3}, @flat={0x77682a85, 0x101, r3, 0x2}], &(0x7f0000000740)=[0x70, 0x0, 0x28, 0x28, 0x0]}}, @increfs_done={0x40106308, r4}], 0x17, 0x0, &(0x7f0000000780)="17b7f0e23ee32ef948c8c794353b20cc8b7d42f06ee97f"}) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, 0x6e) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$dspn(&(0x7f0000000900)='/dev/dsp#\x00', 0x3f, 0x0) write$P9_RCREATE(r5, &(0x7f0000000940)={0x18, 0x73, 0x1, {{0x92}}}, 0x18) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r1) pipe2$9p(0xfffffffffffffffe, 0x0) umount2(&(0x7f00000007c0)='./control\x00', 0x0) rt_sigaction(0x0, &(0x7f00000002c0)={0x0, {}, 0x0, 0x0}, &(0x7f0000000300), 0x8, &(0x7f0000000340)) syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x400) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000600), &(0x7f0000000640)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000800)={0x0, @in={{0x2, 0x0, @loopback}}, 0x0, 0xfffffffffffffffe}, 0x90) ioctl$FS_IOC_GETFLAGS(r5, 0x80086601, &(0x7f0000000140)) rt_sigaction(0x0, &(0x7f0000000500)={0x0, {0xa11}, 0xc8000006, 0x0}, &(0x7f0000000540), 0x8, &(0x7f0000000580)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000100)=[{0x50}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002240), 0x1ba, &(0x7f00000022c0)}}, {{0x0, 0x0, &(0x7f00000026c0), 0x0, &(0x7f0000002700)}}], 0x75a, 0x0) 18:09:40 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r0, 0x0, 0xffffffffffffff0d, &(0x7f00000000c0)='syz1\x00'}, 0x30) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) waitid(0x1, r1, 0x0, 0x2, &(0x7f0000000fc0)) listen(r2, 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000540)={0x0, 0xe00, 0x8481, 0x4, 0x2c4b5952, 0x81, 0x5, 0x2, {0x0, @in6={{0xa, 0x4e24, 0x8000, @empty, 0x4}}, 0x0, 0x0, 0x0, 0x6, 0x6}}, &(0x7f0000000600)=0xb0) r3 = gettid() setxattr$trusted_overlay_nlink(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)='trusted.overlay.nlink\x00', &(0x7f0000001100)={'L-', 0x7}, 0x28, 0x1) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{&(0x7f0000000480)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000640)=""/186, 0xba}}, {{&(0x7f00000060c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000007440), 0x0, &(0x7f00000074c0)=""/31, 0x1f}}], 0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000440)=0x8) fcntl$lock(r4, 0x7, &(0x7f00000007c0)={0x2, 0x4, 0x6, 0x0, r3}) perf_event_open(&(0x7f0000000840)={0x0, 0x70, 0x3f, 0xb3, 0xfffffffffffffffa, 0x2, 0x0, 0x5, 0x0, 0x0, 0x3ff, 0x6, 0x4, 0x0, 0x0, 0xfff, 0x3, 0x9, 0x1000, 0x5747, 0x1000, 0xf75b, 0x54876bdc, 0xa20, 0x382, 0xed4, 0x1, 0x2, 0x0, 0x0, 0x3, 0xe6d, 0x20, 0x8, 0x5a9, 0x100, 0xd32, 0xffffffff, 0x0, 0x67e, 0x0, @perf_bp={&(0x7f0000000800)}, 0x1, 0x2, 0x100000000, 0x7, 0xfffffffffffffc00, 0x100, 0xe0}, r1, 0x1, r0, 0x2) r7 = syz_open_procfs(r1, &(0x7f0000000e80)='net/ip6_mr_cache\x00') ioctl$GIO_FONT(r7, 0x4b60, &(0x7f0000000ec0)=""/197) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000dc0)={0x0, 0x0}, &(0x7f0000000e00)=0xc) syz_mount_image$xfs(&(0x7f0000000980)='xfs\x00', &(0x7f00000009c0)='./file0\x00', 0x2, 0x7, &(0x7f0000000d00)=[{&(0x7f0000000a00)="eaefb4c702cc4c841331da947f1c8cb18c5337b79276589b8063e62583e5878d1d2f14a8f84dd02d19ee41", 0x2b, 0x2}, {&(0x7f0000000a40)="7bc61c6ddd5c5036bb6784d2a1715e339250c453f3c76a4088942bc4dc21fddd4d2d3df0c0144c386e5dcc2de6e916a17e71295e880d8af55536bbce949bfbcd6af24709ad313cb6365f4a38b5305f0a9e52cd3fa77c6f38d5c7be102cc0f075111d8e7d52fb97bb456c", 0x6a, 0x8000}, {&(0x7f0000000ac0)="fa2063495769040f026efc7d8a5fa36a8ec966bed5752be9", 0x18, 0x101}, {&(0x7f0000000b00)="a06d4ff982d685b6e9b2a6002870023586350ebc0c09797a2905bbac6a1c2e7522230b810c6c4de2e26538fe622cccf8852c79b3e7266b34a5bcdb229ee66031d5d9f805606602a3e9727098fc0c4cff5dd335279701434e2a285120c582e8a80cb93f0bf2b4e7d663c55c080b533025cc62039916840860869f2625317e9eddf977a1a2a2bed740f23cb2ab07ec159897e0fd465f013093ba805540e06e0106dd6c04b4fbf1e443881d8873a37f6c0e2db1d6e1f04a1dc1975bf2c885dffcf198d978d89ea51e217e6ad6dbe30c9897afd22bde5e34b4d009a7781de97da29face624031ae18dbe", 0xe8}, {&(0x7f0000000c00)="4fe644a0a76048021abe9a9a8310", 0xe, 0xfffffffffffffff8}, {&(0x7f0000000c40)="eab3aeda6ffab91ef0644924ed7eb7ffc90066c013ebd1c2453487703ce7bbb397375ab5cfcc8b57abf5ef109fdc72564769efd7d4", 0x35, 0x80}, {&(0x7f0000000c80)="15bd74949d362a75c48a14f7c048fa42a8394d38d428e3c7dbf5c45b43c210f36a600b36d25d36249cff7a771135d7be0f27e7cabf54acdf59ee7d10ab3ef7778d97c81183f8322908885d22bb519e99da2f5e5df56bdd2c67720ab9621c", 0x5e, 0xfffffffffffffff9}], 0x80000, &(0x7f0000000e40)={[{@attr2='attr2'}, {@gquota='gquota'}], [{@measure='measure'}, {@fowner_eq={'fowner', 0x3d, r9}}]}) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000780)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000740)={&(0x7f0000001140)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB="000127bd7000fcdbdf25010000000800040009000000080004002000000008000500fc050000580003000800030001000000080007004e200000080005000000000014000600fe800000000000000000000000000014140002007665746831000000000000000000000014000600ff010000000000000000000000000001300bc59326547fbdda2c26b1"], 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x1) setsockopt$inet_sctp_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f0000000500)=@assoc_id=r6, 0x4) recvmsg(r5, &(0x7f0000000200)={&(0x7f0000000140)=@nl=@unspec, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000380)=""/153, 0x99}, 0x10000) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000240)={{0x0, 0x0, 0x1000, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', &(0x7f0000000040)}) setsockopt$inet6_int(r4, 0x29, 0x0, &(0x7f0000000080), 0x4) [ 275.154953] netlink: 'syz-executor2': attribute type 1 has an invalid length. [ 275.174225] binder: send failed reply for transaction 89 to 8522:8524 18:09:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x8, 0x3, 0x76, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x300000a, 0x42010, 0xffffffffffffffff, 0x0) r4 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0x1010, 0xffffffffffffffff, 0xe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000008c0)={0x108, 0x0, &(0x7f0000000980)=[@increfs, @clear_death={0x400c630f, 0x1, 0x2}, @reply_sg={0x40486312, {{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x60, 0x40, &(0x7f0000000400)=[@ptr={0x70742a85, 0x0, &(0x7f0000000380), 0x1, 0x4, 0x3c}, @fda={0x66646185, 0x1, 0x0, 0x17}, @fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f0000000480)=[0x78, 0x28, 0x20, 0x0, 0x40, 0x78, 0x40, 0x38]}, 0x7}}, @reply_sg={0x40486312, {{0x0, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0x40, 0x50, &(0x7f00000004c0)=[@fda={0x66646185, 0x2, 0x4, 0x1a}, @fda={0x66646185, 0x3, 0x0, 0xb}], &(0x7f0000000680)=[0x0, 0x20, 0x18, 0x38, 0x0, 0x78, 0x28, 0x58, 0x48, 0xdb7bb57fd07be52b]}, 0x8}}, @reply={0x40406301, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x30, 0x28, &(0x7f0000000700)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x3}, @flat={0x77682a85, 0x101, r3, 0x2}], &(0x7f0000000740)=[0x70, 0x0, 0x28, 0x28, 0x0]}}, @increfs_done={0x40106308, r4}], 0x17, 0x0, &(0x7f0000000780)="17b7f0e23ee32ef948c8c794353b20cc8b7d42f06ee97f"}) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, 0x6e) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$dspn(&(0x7f0000000900)='/dev/dsp#\x00', 0x3f, 0x0) write$P9_RCREATE(r5, &(0x7f0000000940)={0x18, 0x73, 0x1, {{0x92}}}, 0x18) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r1) pipe2$9p(0xfffffffffffffffe, 0x0) umount2(&(0x7f00000007c0)='./control\x00', 0x0) rt_sigaction(0x0, &(0x7f00000002c0)={0x0, {}, 0x0, 0x0}, &(0x7f0000000300), 0x8, &(0x7f0000000340)) syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x400) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000600), &(0x7f0000000640)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000800)={0x0, @in={{0x2, 0x0, @loopback}}, 0x0, 0xfffffffffffffffe}, 0x90) ioctl$FS_IOC_GETFLAGS(r5, 0x80086601, &(0x7f0000000140)) rt_sigaction(0x0, &(0x7f0000000500)={0x0, {0xa11}, 0xc8000006, 0x0}, &(0x7f0000000540), 0x8, &(0x7f0000000580)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000100)=[{0x50}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002240), 0x1ba, &(0x7f00000022c0)}}, {{0x0, 0x0, &(0x7f00000026c0), 0x0, &(0x7f0000002700)}}], 0x75a, 0x0) [ 275.204452] binder: undelivered TRANSACTION_COMPLETE [ 275.223859] binder: undelivered TRANSACTION_ERROR: 29189 18:09:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0xfdfd, &(0x7f00000001c0)}) 18:09:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) getpgid(0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0xa00) r4 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x1) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_GET_LOW_DMA(r3, 0x227a, &(0x7f00000002c0)) sendfile(r4, r5, &(0x7f0000000040)=0x2e, 0x10000000000443) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000100)={0x0, 0x5, 0x4, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x8, 0x5, 0x5, 0x80000000, 0x6}) bind$vsock_dgram(r3, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, &(0x7f0000000300)="67660f3a400300baf80c66b85fbeb78066efbafc0cb0e3eeba200066edc30f350f20e06635200000000f22e0660f3830b3708f3e0f060f01712166b9800000c00f326635000100000f30", 0x4a}], 0x1, 0x10, &(0x7f00000004c0), 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000840)={&(0x7f0000ffe000/0x2000)=nil, 0x2000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000540)={0x4, &(0x7f0000000500)=[{0x0}, {}, {}, {}]}) faccessat(r3, &(0x7f00000005c0)='./file0\x00', 0x1, 0x100) ioctl$DRM_IOCTL_SWITCH_CTX(r4, 0x40086424, &(0x7f0000000580)={r6, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000200)={0x9, 0x1, 0x1}) ioctl$UI_DEV_CREATE(r2, 0x5501) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x93, "003989954a43bf909ce2eeeb2d8ab607a6f961949af63c4ee1968ea5306bb53163cd0bc8779e7c2cdc4fbc1a41f108f227f822404a6ddfc0df985541db9d0bcaf776dfef54d8d23b9749206a43bdd78d897187e7bc3a0da6ca28565522a0719f19c777d44e37edd0dcbbf64b07a5f016021a60c940507b242484d108b4d268f12d579e23d29a9751a0ac8e988fb81087871a56"}, &(0x7f0000000440)=0x9b) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000004c0)={r7, 0x2, 0x1ff}, 0x8) [ 275.564965] binder: send failed reply for transaction 91 to 8540:8541 [ 275.590260] binder: undelivered TRANSACTION_COMPLETE 18:09:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0xfdfd, &(0x7f00000001c0)}) [ 275.634180] binder: undelivered TRANSACTION_ERROR: 29189 [ 275.666359] sctp: [Deprecated]: syz-executor4 (pid 8537) Use of int in maxseg socket option. [ 275.666359] Use struct sctp_assoc_value instead 18:09:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) getpgid(0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0xa00) r4 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x1) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_GET_LOW_DMA(r3, 0x227a, &(0x7f00000002c0)) sendfile(r4, r5, &(0x7f0000000040)=0x2e, 0x10000000000443) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000100)={0x0, 0x5, 0x4, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x8, 0x5, 0x5, 0x80000000, 0x6}) bind$vsock_dgram(r3, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, &(0x7f0000000300)="67660f3a400300baf80c66b85fbeb78066efbafc0cb0e3eeba200066edc30f350f20e06635200000000f22e0660f3830b3708f3e0f060f01712166b9800000c00f326635000100000f30", 0x4a}], 0x1, 0x10, &(0x7f00000004c0), 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000840)={&(0x7f0000ffe000/0x2000)=nil, 0x2000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000540)={0x4, &(0x7f0000000500)=[{0x0}, {}, {}, {}]}) faccessat(r3, &(0x7f00000005c0)='./file0\x00', 0x1, 0x100) ioctl$DRM_IOCTL_SWITCH_CTX(r4, 0x40086424, &(0x7f0000000580)={r6, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000200)={0x9, 0x1, 0x1}) ioctl$UI_DEV_CREATE(r2, 0x5501) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x93, "003989954a43bf909ce2eeeb2d8ab607a6f961949af63c4ee1968ea5306bb53163cd0bc8779e7c2cdc4fbc1a41f108f227f822404a6ddfc0df985541db9d0bcaf776dfef54d8d23b9749206a43bdd78d897187e7bc3a0da6ca28565522a0719f19c777d44e37edd0dcbbf64b07a5f016021a60c940507b242484d108b4d268f12d579e23d29a9751a0ac8e988fb81087871a56"}, &(0x7f0000000440)=0x9b) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000004c0)={r7, 0x2, 0x1ff}, 0x8) [ 275.736270] binder: send failed reply for transaction 93 to 8554:8555 [ 275.746607] binder: undelivered TRANSACTION_COMPLETE [ 275.777735] binder: undelivered TRANSACTION_ERROR: 29189 18:09:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0xfdfd, &(0x7f00000001c0)}) [ 276.027713] binder: send failed reply for transaction 95 to 8565:8566 [ 276.037021] binder: undelivered TRANSACTION_COMPLETE [ 276.042151] binder: undelivered TRANSACTION_ERROR: 29189 18:09:41 executing program 0: socketpair$unix(0x1, 0x4000000000000002, 0x0, &(0x7f0000002640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x20000126, &(0x7f0000000200)=[{0x3f, 0x0, 0xa921, 0x9}, {0x1, 0x3fb, 0x4, 0x41c3}, {0x7, 0x4, 0x400, 0xffffffff}, {0x870e, 0x1b8, 0x9, 0xfffffffffffffffe}]}) r1 = syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x34e, 0x8000) setsockopt$inet6_buf(r1, 0x29, 0x0, &(0x7f00000003c0), 0x0) prctl$getreaper(0x1b, &(0x7f00000003c0)) r2 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x200, 0x7fffffff, 0x3, 0x49, 0x0, 0x0, 0x2000, 0x8, 0x1000, 0x8001, 0xb0, 0x6, 0x7, 0x4, 0x692c, 0x0, 0x8, 0x1ff, 0x400, 0xffff, 0x6, 0x1, 0x1, 0x5, 0x7, 0xfffffffffffffffe, 0x8, 0x3, 0x1, 0x4, 0x0, 0x1, 0xfffffffffffffffe, 0x2, 0x1, 0x2, 0x0, 0x3d2, 0x2, @perf_config_ext={0x1, 0x80000001}, 0x10000, 0xfffffffffffffc00, 0x6f, 0x0, 0x800000000000000, 0x6, 0x7f}, 0x0, 0xe, 0xffffffffffffffff, 0x3) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='memory.current\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e24, @multicast1}}, 0x9, 0x2, 0x100000000, 0x100000001, 0x3f}, &(0x7f00000000c0)=0x98) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000300)={r4, 0x5}, &(0x7f0000000340)=0x8) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f0000000140)=""/141) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x2) 18:09:41 executing program 4: r0 = socket(0x2, 0x2, 0x0) r1 = open(&(0x7f0000b91ff9)='./file0\x00', 0x68042, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f00009c1000)=0xff, 0x4) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000000)={0x6, 0x4, 0x9, 0x7, 0x101, 0x7, 0xffffffffffffffff, 0x5, 0x3}) fallocate(r1, 0x0, 0xffff, 0x9) sendto$inet(r0, &(0x7f000038cf97), 0x0, 0x0, &(0x7f0000821ff0)={0x2, 0x4e20}, 0x10) sendfile(r0, r1, &(0x7f0000000080)=0x400, 0x10001) sendto(r0, &(0x7f0000000140)='U', 0x1, 0x0, &(0x7f00000001c0)=@nl=@proc, 0x80) 18:09:41 executing program 1: r0 = memfd_create(&(0x7f00000000c0)='/duv/loop#\x00', 0x7) pwritev(r0, &(0x7f0000001540)=[{&(0x7f0000001640)="a4a4", 0x2}], 0x1, 0x1ffffe) 18:09:41 executing program 5 (fault-call:9 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:41 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000080)={0x0, 0xf001, 0x0, 0x0, 0x80000000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x4) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0xd}, 0x1c) syz_open_dev$sndpcmp(&(0x7f0000001440)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x4000000000002c7, 0x0) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000100)=0x4, 0x2) syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f00000000c0)='./file0\x00', 0x4, 0x5, &(0x7f0000000380)=[{&(0x7f0000000180)='f', 0x1, 0x800}, {&(0x7f00000001c0)="c670cebfa573e88879fe2e3ac3121f77a97b3511046329949e60a0ad0d45021cb1f89607da7bf79f217130b4a8634694aa43cdf335904af4401010c8ea", 0x3d}, {&(0x7f0000000200)="f42e92423e057fb723fbc70c1b68ecbb3301feaa758a718ed0cec8c6a242748365f1c02c0dfff1e60a5de80bec68c8c02cdf85e00d68676e6e71ab4be4489fbed676d422cd25c7e85d883372cc6994ebff190b5605468ec7456117c23e26ca23780d900667d806d0b80d49b2763140c5923dd5b93c37f330d947a8dcae8cc6228f83ae56d627ad9df6c55e1bd49a6df2a17c22407143c7c66cb139ddae12462f83c10aa621c2955bf17781f91daf5a05414dda40eb90235265794b27ea6f", 0xbe, 0x4}, {&(0x7f00000002c0)="38fff36a719dad7137c9acd5b7b4f9ed23c56cf611ea85043b7b4cb537ce4eb78095362c4a84201ba69948f4430bb9bd2d5f1ed3e92d69af2069a6d3610ed0936a58573ba3ed85832ecd51683f9a44d3ad0495ba2648c5a5", 0x58, 0x1}, {&(0x7f0000000340)="c33d15caef0069e8c163ac", 0xb, 0x10000}], 0x100000, 0x0) 18:09:41 executing program 1: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x1}) syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="024344303031", 0x6, 0x8000}], 0x0, &(0x7f0000000180)) unshare(0x400) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x0, 0x0, 0x1000}) fcntl$lock(r1, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3f0}) [ 276.273873] binder: send failed reply for transaction 97 to 8575:8576 [ 276.281735] FAULT_INJECTION: forcing a failure. [ 276.281735] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 276.315385] CPU: 1 PID: 8576 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 276.323818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.333180] Call Trace: [ 276.335797] dump_stack+0x244/0x39d [ 276.339451] ? dump_stack_print_info.cold.1+0x20/0x20 [ 276.344671] should_fail.cold.4+0xa/0x17 [ 276.348757] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 276.353878] ? zap_class+0x640/0x640 [ 276.357610] ? zap_class+0x640/0x640 [ 276.361343] ? __lock_is_held+0xb5/0x140 [ 276.365426] ? __lock_is_held+0xb5/0x140 [ 276.369508] ? fat12_ent_blocknr+0x1e0/0x1f0 [ 276.373952] ? lock_release+0xa10/0xa10 [ 276.377935] ? perf_trace_sched_process_exec+0x860/0x860 [ 276.378002] ? rcu_softirq_qs+0x20/0x20 [ 276.387568] ? __might_sleep+0x95/0x190 [ 276.387591] __alloc_pages_nodemask+0x34b/0xdd0 [ 276.387609] ? __alloc_pages_nodemask+0x568/0xdd0 [ 276.387630] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 276.406163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 276.411720] ? kernel_poison_pages+0x15a/0x290 [ 276.411833] isofs_fill_super: bread failed, dev=loop1, iso_blknum=32, block=64 [ 276.416329] ? kasan_unpoison_shadow+0x35/0x50 [ 276.416345] ? preempt_count_add+0xbc/0x1b0 [ 276.416377] ? kasan_unpoison_shadow+0x35/0x50 [ 276.416393] ? kasan_alloc_pages+0x38/0x40 [ 276.416409] ? get_page_from_freelist+0x16db/0x5340 [ 276.416425] ? mpol_shared_policy_lookup+0xf7/0x150 [ 276.416448] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 276.416467] alloc_pages_vma+0x11e/0x4a0 [ 276.461232] shmem_alloc_page+0xa5/0x190 [ 276.465312] ? shmem_swapin+0x230/0x230 [ 276.469329] ? print_usage_bug+0xc0/0xc0 [ 276.473435] shmem_alloc_and_acct_page+0x248/0xdb0 [ 276.478382] ? shmem_getattr+0x2c0/0x2c0 [ 276.482466] ? __lock_acquire+0x62f/0x4c20 [ 276.486723] ? print_usage_bug+0xc0/0xc0 [ 276.490800] ? mark_held_locks+0x130/0x130 [ 276.495054] ? print_usage_bug+0xc0/0xc0 [ 276.499135] shmem_getpage_gfp+0x71d/0x4840 [ 276.503500] ? shmem_add_to_page_cache+0x1950/0x1950 [ 276.508646] ? mark_held_locks+0x130/0x130 [ 276.512894] ? __lock_acquire+0x62f/0x4c20 [ 276.517138] ? __unlock_page_memcg+0x53/0x100 [ 276.521648] ? lock_downgrade+0x900/0x900 [ 276.525806] ? check_preemption_disabled+0x48/0x280 [ 276.530872] ? __lock_acquire+0x62f/0x4c20 [ 276.535117] ? mark_held_locks+0x130/0x130 [ 276.539369] ? zap_class+0x640/0x640 [ 276.543106] ? mark_held_locks+0x130/0x130 [ 276.547364] ? zap_class+0x640/0x640 [ 276.551082] ? find_held_lock+0x36/0x1c0 [ 276.555170] ? __mem_cgroup_threshold+0x261/0x7b0 [ 276.560051] ? print_usage_bug+0xc0/0xc0 [ 276.564119] ? find_held_lock+0x36/0x1c0 [ 276.568205] ? free_one_page+0xcae/0x1700 [ 276.572369] ? lock_downgrade+0x900/0x900 [ 276.576542] ? trace_hardirqs_off+0xb8/0x310 [ 276.580966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.586528] ? trace_hardirqs_on+0x310/0x310 [ 276.590956] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 276.596522] ? kernel_poison_pages+0x15a/0x290 [ 276.601117] ? kasan_unpoison_shadow+0x35/0x50 [ 276.605713] ? kasan_alloc_pages+0x38/0x40 [ 276.609959] ? get_page_from_freelist+0x16db/0x5340 [ 276.614997] ? print_usage_bug+0xc0/0xc0 [ 276.619070] ? print_usage_bug+0xc0/0xc0 [ 276.623152] ? rb_erase_cached+0xc78/0x3720 [ 276.627493] ? __isolate_free_page+0x610/0x610 [ 276.632106] ? __lock_acquire+0x62f/0x4c20 [ 276.636383] ? mark_held_locks+0x130/0x130 [ 276.640640] ? print_usage_bug+0xc0/0xc0 [ 276.644714] ? lock_unpin_lock+0x4a0/0x4a0 [ 276.648958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 276.654523] ? lock_unpin_lock+0x4a0/0x4a0 [ 276.658776] ? print_usage_bug+0xc0/0xc0 [ 276.662869] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 276.667990] shmem_fault+0x25f/0x960 [ 276.671727] ? shmem_read_mapping_page_gfp+0x1f0/0x1f0 [ 276.677018] ? print_usage_bug+0xc0/0xc0 [ 276.681097] ? __lock_acquire+0x62f/0x4c20 [ 276.685381] __do_fault+0x100/0x6b0 [ 276.689021] ? lock_downgrade+0x900/0x900 [ 276.693188] ? pmd_devmap_trans_unstable+0x220/0x220 [ 276.698312] ? mark_held_locks+0x130/0x130 [ 276.702562] ? mark_held_locks+0x130/0x130 [ 276.706804] ? print_usage_bug+0xc0/0xc0 [ 276.710877] ? __lock_acquire+0x62f/0x4c20 [ 276.715129] ? print_usage_bug+0xc0/0xc0 [ 276.719202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.724754] __handle_mm_fault+0x3ca6/0x5be0 [ 276.729184] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 276.734041] ? print_usage_bug+0xc0/0xc0 [ 276.738112] ? print_usage_bug+0xc0/0xc0 [ 276.742212] ? __lock_acquire+0x62f/0x4c20 [ 276.746476] ? zap_class+0x640/0x640 [ 276.750223] ? zap_class+0x640/0x640 [ 276.753950] ? find_held_lock+0x36/0x1c0 [ 276.758036] ? handle_mm_fault+0x42a/0xc70 [ 276.762772] ? lock_downgrade+0x900/0x900 [ 276.766929] ? check_preemption_disabled+0x48/0x280 [ 276.771963] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 276.776903] ? kasan_check_read+0x11/0x20 [ 276.781064] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 276.786354] ? rcu_softirq_qs+0x20/0x20 [ 276.790351] ? trace_hardirqs_off_caller+0x300/0x300 [ 276.795467] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.801014] ? check_preemption_disabled+0x48/0x280 [ 276.806048] handle_mm_fault+0x54f/0xc70 [ 276.810128] ? __handle_mm_fault+0x5be0/0x5be0 [ 276.814739] ? find_vma+0x34/0x190 [ 276.818342] __do_page_fault+0x5d6/0xe40 [ 276.822426] ? zap_class+0x640/0x640 [ 276.826165] do_page_fault+0xed/0x7d1 [ 276.829984] ? vmalloc_sync_all+0x30/0x30 [ 276.834146] ? error_entry+0x76/0xd0 [ 276.837875] ? trace_hardirqs_off_caller+0xbb/0x300 [ 276.842907] ? find_held_lock+0x36/0x1c0 [ 276.846978] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.851833] ? trace_hardirqs_on_caller+0x310/0x310 [ 276.856870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.861735] page_fault+0x1e/0x30 [ 276.865198] RIP: 0010:__put_user_4+0x1c/0x30 [ 276.869619] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 40 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 276.888534] RSP: 0018:ffff880182356f50 EFLAGS: 00010287 [ 276.893905] RAX: 0000000000007206 RBX: 00007fffffffeffd RCX: 000000002000ffbd [ 276.901181] RDX: 00000000000000bc RSI: ffffffff81b13913 RDI: 0000000000000282 [ 276.908457] RBP: ffff8801823576c8 R08: 1ffff1003046adc7 R09: 0000000000000008 [ 276.915773] R10: 0000000000000001 R11: ffff8801c563c480 R12: 000000002000ffbd [ 276.923047] R13: 0000000000007206 R14: dffffc0000000000 R15: ffff8801d9575980 [ 276.930341] ? __might_fault+0x1a3/0x1e0 [ 276.934421] ? binder_thread_read+0x1218/0x4910 [ 276.939125] ? binder_free_buf+0x640/0x640 [ 276.943378] ? print_usage_bug+0xc0/0xc0 [ 276.947455] ? print_usage_bug+0xc0/0xc0 [ 276.951541] ? finish_wait+0x430/0x430 [ 276.955439] ? print_usage_bug+0xc0/0xc0 [ 276.959521] ? check_preemption_disabled+0x48/0x280 [ 276.964554] ? print_usage_bug+0xc0/0xc0 [ 276.968717] ? print_usage_bug+0xc0/0xc0 [ 276.972793] ? __lock_acquire+0x62f/0x4c20 [ 276.977042] ? print_usage_bug+0xc0/0xc0 [ 276.981115] ? find_held_lock+0x36/0x1c0 [ 276.985207] ? mark_held_locks+0x130/0x130 [ 276.989458] ? __lock_acquire+0x62f/0x4c20 [ 276.993725] ? mark_held_locks+0x130/0x130 [ 276.997980] ? mark_held_locks+0x130/0x130 [ 277.002225] ? print_usage_bug+0xc0/0xc0 [ 277.006304] ? print_usage_bug+0xc0/0xc0 [ 277.010376] ? ima_get_action+0x7e/0xa0 [ 277.014363] ? print_usage_bug+0xc0/0xc0 [ 277.018439] ? zap_class+0x640/0x640 [ 277.022162] ? __lock_acquire+0x62f/0x4c20 [ 277.026410] ? zap_class+0x640/0x640 [ 277.030152] ? find_held_lock+0x36/0x1c0 [ 277.034235] ? __might_fault+0x12b/0x1e0 [ 277.038314] ? lock_downgrade+0x900/0x900 [ 277.042476] ? lock_release+0xa10/0xa10 [ 277.046469] ? perf_trace_sched_process_exec+0x860/0x860 [ 277.051959] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 277.057507] ? _copy_from_user+0xdf/0x150 [ 277.061685] binder_ioctl_write_read.isra.42+0x42c/0xb90 [ 277.067152] ? kasan_check_read+0x11/0x20 [ 277.071324] ? binder_thread_write+0x2b50/0x2b50 [ 277.076109] ? _raw_spin_unlock+0x2c/0x50 [ 277.080274] ? _binder_inner_proc_unlock+0x3f/0x80 [ 277.085226] ? binder_get_thread+0x1b6/0x880 [ 277.089650] ? binder_new_node+0x8d0/0x8d0 [ 277.093901] ? perf_trace_sched_process_exec+0x860/0x860 [ 277.099362] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 277.104913] ? rcu_pm_notify+0xc0/0xc0 [ 277.108825] ? binder_ioctl_write_read.isra.42+0xb90/0xb90 [ 277.114462] binder_ioctl+0xab0/0x1940 [ 277.118370] ? binder_ioctl_write_read.isra.42+0xb90/0xb90 [ 277.124004] ? find_held_lock+0x36/0x1c0 [ 277.128082] ? __fget+0x4aa/0x740 [ 277.131561] ? lock_downgrade+0x900/0x900 [ 277.135716] ? check_preemption_disabled+0x48/0x280 [ 277.140750] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 277.145689] ? kasan_check_read+0x11/0x20 [ 277.149864] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 277.155154] ? rcu_softirq_qs+0x20/0x20 [ 277.159148] ? __fget+0x4d1/0x740 [ 277.162619] ? ksys_dup3+0x680/0x680 [ 277.166364] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 277.171338] ? binder_ioctl_write_read.isra.42+0xb90/0xb90 [ 277.176970] do_vfs_ioctl+0x1de/0x1720 [ 277.176988] ? __lock_is_held+0xb5/0x140 [ 277.177008] ? ioctl_preallocate+0x300/0x300 [ 277.177024] ? __fget_light+0x2e9/0x430 [ 277.177041] ? fget_raw+0x20/0x20 [ 277.177058] ? __sb_end_write+0xd9/0x110 [ 277.177080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 277.177097] ? fput+0x130/0x1a0 [ 277.177114] ? do_syscall_64+0x9a/0x820 [ 277.177130] ? do_syscall_64+0x9a/0x820 [ 277.177148] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 277.177169] ? security_file_ioctl+0x94/0xc0 [ 277.177186] ksys_ioctl+0xa9/0xd0 [ 277.185126] __x64_sys_ioctl+0x73/0xb0 [ 277.185146] do_syscall_64+0x1b9/0x820 [ 277.185162] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 277.185180] ? syscall_return_slowpath+0x5e0/0x5e0 [ 277.185196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 277.185215] ? trace_hardirqs_on_caller+0x310/0x310 [ 277.185233] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 277.185251] ? prepare_exit_to_usermode+0x291/0x3b0 [ 277.185274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 277.185305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 277.278137] RIP: 0033:0x457569 [ 277.281351] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 277.300257] RSP: 002b:00007fecc1487c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 277.307980] RAX: ffffffffffffffda RBX: 00007fecc1487c90 RCX: 0000000000457569 18:09:42 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) r0 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x70, r1, 0x301, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x33}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1ff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4805) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r3) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 277.315251] RDX: 000000002000efd0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 277.322535] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 277.329806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fecc14886d4 [ 277.337077] R13: 00000000004be858 R14: 00000000004ce4d0 R15: 0000000000000007 18:09:42 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x14, 0x4, 0x1, 0x319}, 0x14}}, 0x0) socketpair(0x7, 0x3, 0x3, &(0x7f00000002c0)) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={&(0x7f0000de2ff4), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x1, 0x1, 0xffffffffffffffff}, 0x14}}, 0x0) fsetxattr$security_smack_entry(r1, &(0x7f0000000200)='security.SMACK64IPIN\x00', &(0x7f0000000240)='+\x00', 0x2, 0x3) 18:09:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) mount$fuse(0x20000000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000580)='fuse\x00', 0x7a00, &(0x7f0000000300)=ANY=[]) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents(r1, &(0x7f00000025c0)=""/4096, 0x1000) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) quotactl(0x3, &(0x7f0000000040)='./file0\x00', r2, &(0x7f00000001c0)="fd1fd78e0ee80d661ce9d4f88775ba56e00507b0bbb21b7d72ff1bd4ee64a0a50f01889949f4b60c4ecfccfc6666612d524de0ba02bc1f300fbd15541b4e0d0e97142671d1c7d4900fc330ef4eae7c937aa18c74d1c641f1c1ff5797c54c4511c6f0b662a8cdd0a7") 18:09:42 executing program 1: r0 = socket(0x1e, 0x2, 0x0) bind(r0, &(0x7f0000afb000)=@generic={0x1e, "01030000000000b9000000004700000000a979f321b30c7bc8790405c7bad62e0a63a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb3151d24acef1f1622ca5bdb9c8ea31000077aeb81c90001d6d7c980400000000f70dc136cb184a"}, 0x80) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000240)={0x0, 0x1000}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffff, 0x30}, &(0x7f0000000300)=0xc) sendmsg$nl_generic(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000029002d0800000000000000000100150044a3c35306000000022008a2bbb080ac8b0b5b3d8bdda6c5efb24c0e5e6f71b8b796236a023e09d76371d046bbbc30ae5d5115fae8d734fc2cfbdb19c5f3206baa946655561d2034e2cd3144d46d222b58d272d184db61a138498a0b6b8bbde5603a1689f03b09a5ad0a55c0546dce6233255ebc74a676365485b82423dd2db7e7acbb0b22a9285ef7b7f9ee8c2f9baa57ea81c1d41541fa32527cea06225e61a7a9f383b6ac4a0a8e3a6574a800a0b7"], 0x1c}}, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x5, 0x2, [0x4, 0x1809]}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={r3, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000200)=0x84) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) [ 277.424422] binder: 8575:8576 ioctl c0306201 2000efd0 returned -14 [ 277.430884] binder: undelivered TRANSACTION_ERROR: 29189 18:09:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:42 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="240000002a0007101dfffd946fa2830020200a00090000000600000ea20000000d00ff7e280000001100ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47a6268e3406cf055d90f15a3", 0x4c}], 0x1}, 0x0) 18:09:42 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x20000, 0x0) sendmmsg(r0, &(0x7f0000000dc0)=[{{&(0x7f0000000ac0)=@in={0x2, 0x4e22, @broadcast}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000cc0)="110a9d01f95a262c76842d2cc2efc3e8ab25a32ef2c48e63c6cc64237cdde6fb73a825a67fe8a822647535eb9735bde348837288d60f54e9276499893bc64808a0ae7384a7cc54976a8e461b5c6757a12693e3dae0b2bb8bfa4fd672dfd4456c982a5980b7b6e8e88cc557686cd93397433aaaa9d88986cdf292d97275730c9a931d64aaa986f584c91589b0f6f3db98d4aa949688dc1b044da757bb92be95d75fd54cd8c88a12ae1ea0ba6335ed25249c806d9f2a3681ea4e2e4e4da076083215edf8db684817d24e49e5f192f6c9133806661f36", 0xd5}], 0x1, &(0x7f0000002b40), 0x0, 0xcd5cdc1c961eee63}, 0x7}], 0x1, 0x4000) open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000100)={0x9, 0x20000000001, "eb"}, 0x2f64) clock_gettime(0x0, &(0x7f0000000000)) clock_nanosleep(0x4, 0x1, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000080)) 18:09:42 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x40}) read(r0, &(0x7f0000000300)=""/128, 0x80) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002c6000/0x4000)=nil, 0x7ffffffff000, 0x0, 0x0, 0x0) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000540)={@local, @broadcast}, &(0x7f0000000000)=0x8) 18:09:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 277.630718] binder: send failed reply for transaction 99 to 8609:8612 18:09:42 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000340)={'ip6_vti0\x00', {0x2, 0x4e20}}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @multicast1}}, 0x7fff, 0xffffffffffff0000, 0x9, 0x1, 0x40}, &(0x7f0000000080)=0x98) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000280)={r3, @in={{0x2, 0x4e21, @multicast1}}}, 0x84) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000400)={r3, 0x48, &(0x7f0000000380)=[@in6={0xa, 0x4e22, 0x0, @remote, 0x5}, @in6={0xa, 0x4e22, 0x1, @mcast2, 0x5}, @in={0x2, 0x4e23}]}, &(0x7f0000000440)=0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x14, 0x4, 0x4, 0xb}, 0x2c) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0xddb) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000c88000)={r4, &(0x7f0000000180)='A', &(0x7f000089b000)}, 0x18) 18:09:42 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000080)=0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x8400, &(0x7f0000000240)="e8b4aa0f8cc963d811f33232ae5bf5b1c11e9a17cc1735ab2ac4059a1fcb2c99b6e15c03dbd1bbe40cb83266e9be3025dc2ed5de06f8cb0ffa3aed963e6958f7606baad566be2d989f717366a594be2ca68e159e8b7ec9894adc68240dfedb64e16a684e63a481357a2ee3cf264a1fb73876600a93a288aec910869bb54a950ca5142b80ad04ea20259abfa6b5be4314984d435e129735a80c20ee04daca4c9ae0857efa1bbfe6eeb418447463dbe92ee5da20ed366a97ce1d16d1fc236e3423ab5466db06c466e225764a8ad959d6a095ccc2076f5b491a", &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000440)="8a411ef57f1779ad5d3dd44f10e208f398509355dca314ca3b31399b98f80711ce077f4704a72d6705fa7a98b3ca779952c16d3539c9a5f864fe5f050dcf4cf7a27b615b55deef6ee9376a8ef8f54a6e8cee58f188532e87b6335c1d56423dd2757b168616445ecf410171bc048faeeaab38bb2b85c9664a0d3464ed242a978983c17614524921c135a7288101d6ad6bb02b844f16fbd8b48f8b1601dc8c8f96053267780d8ca105c5f40499cf32e4fc5df4898f5bc1768a3c3e4f94cd9a5f5d9e527b7efe62f9ab121c993e4e5b8df984192c70971d326acc19ad77fa0547a71f25fbc86b75e0af95015aa9a92368c49ca3cdf85a025a1dee3f1a5b08c68b") ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, &(0x7f0000000840)={[{@fat=@nocase='nocase'}]}) [ 277.889743] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 277.929212] binder: send failed reply for transaction 101 to 8628:8631 18:09:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 277.953774] binder: undelivered TRANSACTION_COMPLETE [ 277.962933] binder: undelivered TRANSACTION_ERROR: 29189 18:09:43 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) r0 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x70, r1, 0x301, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x33}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1ff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4805) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r3) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 18:09:43 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf637bdbf1311920c8a26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$P9_RUNLINKAT(r1, &(0x7f0000000340)={0x7}, 0x7) fallocate(r0, 0x0, 0x800000, 0x10001) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0xc000) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) [ 278.100717] binder: send failed reply for transaction 103 to 8644:8645 [ 278.107912] binder: undelivered TRANSACTION_COMPLETE [ 278.140410] binder: undelivered TRANSACTION_ERROR: 29189 18:09:43 executing program 4: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) signalfd4(r0, &(0x7f0000000100)={0x400}, 0x8, 0x80000) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f00000002c0), 0x1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x202040, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) connect$llc(r2, &(0x7f00000000c0)={0x1a, 0x322, 0x70e, 0x800, 0x90, 0x4ef}, 0x10) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) connect(r0, &(0x7f0000000180)=@xdp={0x2c, 0x1, r3, 0x2}, 0x80) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "0049d13d339c3a83b57716ee817c892fe57dda6e3ac07858a088ca4db18e363c2dea8bdb564a22c9bc8faf6c532aaab9b6ba0630f11c15b164a12d3e48f3fd"}, 0x60) getsockopt$nfc_llcp(r1, 0x118, 0x0, &(0x7f0000000200)=""/177, 0x70c000) 18:09:43 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x40, 0x40) r1 = perf_event_open(&(0x7f0000000d40)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r0) [ 278.190904] FAT-fs (loop1): bogus number of reserved sectors [ 278.224710] FAT-fs (loop1): Can't find a valid FAT filesystem 18:09:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x2, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:43 executing program 4: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) signalfd4(r0, &(0x7f0000000100)={0x400}, 0x8, 0x80000) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f00000002c0), 0x1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x202040, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) connect$llc(r2, &(0x7f00000000c0)={0x1a, 0x322, 0x70e, 0x800, 0x90, 0x4ef}, 0x10) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) connect(r0, &(0x7f0000000180)=@xdp={0x2c, 0x1, r3, 0x2}, 0x80) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "0049d13d339c3a83b57716ee817c892fe57dda6e3ac07858a088ca4db18e363c2dea8bdb564a22c9bc8faf6c532aaab9b6ba0630f11c15b164a12d3e48f3fd"}, 0x60) getsockopt$nfc_llcp(r1, 0x118, 0x0, &(0x7f0000000200)=""/177, 0x70c000) 18:09:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 278.351941] binder: send failed reply for transaction 105 to 8670:8671 [ 278.387607] binder: undelivered TRANSACTION_COMPLETE [ 278.392785] binder: undelivered TRANSACTION_ERROR: 29189 [ 278.521973] binder: send failed reply for transaction 107 to 8675:8676 [ 278.529562] binder: undelivered TRANSACTION_COMPLETE 18:09:43 executing program 2: r0 = socket$inet(0x2, 0x3ffffffffffffffd, 0xffffffffffffffff) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fe, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x20002, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xc40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x70, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'irlan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4da}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000180)={{0x2, 0x4e22, @loopback}, {0x306, @broadcast}, 0x10, {0x2, 0x4e20, @local}, 'nr0\x00'}) sendmmsg(r0, &(0x7f0000003f80)=[{{&(0x7f0000000100)=@nl, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000001ac0)}}, {{&(0x7f00000002c0)=@nl=@unspec, 0x80, &(0x7f0000000440), 0x0, &(0x7f0000002cc0)}}], 0x2, 0x20000800) 18:09:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:43 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0x4004550d, &(0x7f00000001c0)) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000200)=""/150, 0x96}, {&(0x7f0000000080)=""/91, 0x5b}, {&(0x7f0000000140)=""/82, 0x52}, {&(0x7f00000002c0)=""/62, 0x3e}, {&(0x7f0000000300)=""/113, 0x71}, {&(0x7f0000000380)=""/158, 0x9e}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x7) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x10000, 0x400) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000040)=""/33) 18:09:43 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x3, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000180)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000140)=0x100000002) ioctl$KVM_RUN(r3, 0xae80, 0x0) 18:09:43 executing program 4: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x0, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000480)="2f7f1b8800d0bef5540dae734797ece5382185ac50f48e7f24c33572a0a536807f6a1e608c7f97ab343b2fa4a4393aad1e003811b3af11e564a282bc9021e1a087d25a36cd68d3499f33e1b498dfdde7a9d7f2d7f2dd4779052a2a2fb66bedce02cc2629bb32b40ff18a800a32671386f151c8d1f191a96a80aae711879cd600f7ff9116cd777eadc6fb6810ca7b550ee9d1e5ebc9bb11500ccf4628acfab00fa45ca27e343b51d45f62fbe4d43fd918a6cea99ea4879a5cb1fa3ddeccc52b6ec46c41e84b8dccf142777cb815128f324d985f8c2ba5b0a924357d701e4005052fe2f9f2a6e40f82c47feb59641997e8f3a46a8c3a6bf91d29b9c839dcd76d833b1dfd94eadf72a60f35c2da8a4fc8a93caf0d09154651e05d3346270d52831cf0feb5ac01cfb269ac4b74be6e8ef7f9070272168db4d308ab4c4d81ed3aa9e0c4715b2e562a155cbe50f7e1b336030e83b9ecf50b0f0f068819c25ab019ceda7fd66fe69c719b4a9b8cf80d200263e7af7b9cf2292f0c3a6fc8a36399ea9504202691219b6d067417a53892540d574c95cfb83c74817a7b6406cfbdd9b964e3057e1a89e40aec139773abbc511fb9ba25daae75260e597e1e45f8637de31ff509b9b0135f4348f097e327eb37bc11ec0862ac229ee7d0cf2729386eb002400f799e87eb3f1dbc1313207a0516748246fd9b3f59645c872c36d5c734bf9765c433c25d18a7beb023b4bae972c97d5f9e7e83514fbf2bda4f5502dd44c76fc2121fb8a6739647aaf38130e85b84b2f606fbcfef27318a02404d80e9422fe920e86a75aa7d289b6ae499f7070acca4de696c1e655c85e5a3956430d5d0517ed0338d9f42edc6c9046413368d09f19cfe06fc0583bfda2bf1c00ed1fe99b35683e252cddc2872c0db41759f6d479cd498b305593744d1ad536b169961c8b435addf1ef00685a548ca19af45ba689cb6a10dbaf7560d662b84f23dc1a362273eeebb864b046aa7db1d4a089e4f2aca916a1046d18aa1a409aec89b7ff5ae870ebc09ec997879991d9597ca903a02e906102ae05e8951a6506dc8e25a4926ffc68327a2a01a7494b631e78e31ba9b7398b00b93dd60019f421a621df199b538f5eb230bbf6c9cdd8b1c1dc7d1baf35656a10faa7f45d21946f1cf28fea1069c8ab825e9f4c1950b400cc7bf39d94d5bc7d1138cd402e4e822b8939d6130e3e23a2819866ab2503cf88bb3ca260a60201a270de29ba8573417aa62975a5e9a5c75b9ef05b1b1848f8c949d0b828f6d27ab4f8be5c4e469dd45c9868ec3205b8246b45c2460888e6fe60911bb0e7b14feb74331980be61194b44e533371a06b816a9020e42adef37e0176207f36cfc3648b259e37223e2d9ab4158d13ab01e8155f968b37d8f3260faa7ec66dd31149bcdf5a52d9a4d6edfb1399fa9d9a4d13bc4ee915a9fbe76e5c9363043c8d169a46b880a80151154182ee344f2c8694387f938db9c443f0c045e732b24645ddd1724ae1f485b8e10a84ae5a444600406bf597661bae326b84efd55904efa203b77a1fd0b6c1284d26f2926c439c876d99e5c18c05d5eaecaaa299456d4e87d3fa6041d9a69dd8ba727b1647e1b5a86bd2cfe22c47c6890e3e9fdf0b2b927fb6e34d527cb4bef5d9e20e91cce11df5c5bf564793b9008f410d05482a627e95cded0060b0217b8abd0d73127b6e4291dfcd93cfebd1d0dbf8acdb9818628ac17b920880718c2567eab81e6fc284f17ecf8319e86d776c144bb0ee75f68b2d81f39ebcad129be46e1dc4d462169460cf9cc67e6abe7943df2a7b36c62d483f5802e9c95d5ba40dff084e9ae085a1c6dff03ed8347406f405bbbd1ca0393ded7bb15ecae9a4d48b4fe595c9f4b0ce313bf465e02f53ce8efe317b271a4525d580032a7106c24679388412d45d9d3c5e39c9027efe467356db9de2dc2379fa745622e13196cc1fe235ec8becbdfc635fe83d0bef4c64e466097597fd98340fb2709cc22871f2d7c70b5b288490ae34293486536e067865a9808be5221b598c1af7432186285b208d03742a2fbedbc7c3af79af27297a378b2edaf905ffc646944df1ffe7bbdccd6c78322cc385fab0bde85bd707c16f773ed6eb7945b30dcd0781ebf72e6973533c507d29f6b7fc854e4ddd75e5710a37fb6cfc8cabde73d1a3dbe49b7ec29b578429f1bf2f841961badfc384545a7e3fceecf2874f110105d895a355c9fed3ac2932335571312e4de9ef64c6be6074dbac7e76f43f47ba1ea14384b0443b822d7364ec2d8fc014e3bf2294c0785b1b6b4261a6e0a53862d9ca75d30fbbfea748c46b1c1fd01172a681098fa174bf509163d3f531731e6f42a93cb9af56d140ea9c4813f94658dd7b10f3dc91598f8ca009328f4bfdde959ed72cec00723ebc3a8ef6a67d778e5ff513889029e2122d310a79ad17c4742b2a4f97a9d9f100cf170f46a056104de07ceeff1fc1e21303a2577bb7d20bcfb08d3073cca92a83752e6c18b8fa0b12942bc3cd40423fc12374e37e5d837120197a1a1c3addd6959385c1b87a709e264cb66382a8776a69946c337dd6cc5748e7a3223672cb04c6e7a3a7b8a411f71295f283a718bd3d37763fc074e322ca68bd5bcedd8d2173d0fb5949c9424a5656dc1aed3e09031b03b4c50c9ddf22f3bd09543bc20c5e1ed4ff296a4aaf41c12bd928b9bab4ac442f059b4e7f2839c0094e60213268598b1893dbe14868bf2624eda17d9da199dea99fcee9cec33b148b7eb2fb131e4e971bd506d88e4464a99a1bf3d7a02f6affb9b212162cd983a0f189d44c3669c2bfaf311066f60599d4c0d88a128ca3982555e4362084dd9def445d93ec8ac14833d5ebcaadb3a33c62ba03dac1b6c73aafa2e91faff7fdda16649eaf2206eec66a9be2b17757a88c414de8dd2a94cc610650cd1fb39cb2806f656de10354829033473701e565a99a5252f9a58c7e0d798d733e25799331eac404e09d736e9f4727b08bb38f3d9ddad9c6ed0ca8ab5272937e08f7c64655ed28ca2880f6d1d987c5b65b38effe5c0fa70d1fc434ff4661b89c14ce155dd2ff52c230b1be5d0f7daa17dc2ece81d59a6bee56374f86f926b9fff34059573ca807e0428ee4024ee6d460d71233d6fb53fc286f3ed590d497a9b38617687f6eea9c0b74e569aab0eb69a601767e334ca99412970bdddbd7dd820f4194e35c2878b8440281c7cc3bf9696640817e347e23f6cdbf6d86c81c1bd7c075f5fd3dfea11bf758da07aeb739796bdd7816557575697559b237b330d1d997ccec2b246e6c016d773775d36dbd62d668dd6553f3c3ce4fe15be1231665a436e98e7c9c38b56902e02919592837fd03a2aa3d328e3dfc592fa36ab4b1df084a246e31ecc10efaf3410828e38929082603cab040b7f41475808b039f4943f15a238eb5c5cbb4588fb142faa6cb4b289f40bb87ba6fc912e8b5b359d61a4cb521579ca3b2a39f0228492414dca76df7b5593d099ca293fee4fb30cced0669e98926e4b012f9ef11057daa00e1eef26ba9ddf16218c1301576342ea01d56f41b6e414ff6a76c0cb2e372b93d453563f516eb23dd4c1c4e9ca5e5801f68661aa309352950426f92af747fbb81a417b437adc74e8342a2a83c36eb2f7a3618b6f32b7ef3a4efd91566f34aa6e8a176ef810ba833e330be432dd9f88ac3186c9313470c886143f1e3072be3cde6a26b4a3a8f01974120d89a6f6ddda2e0e093d7dae62251a23b0da4a19a0952aa597a1c7aebfb9bc6da79025be3d16b9cf545907ad545b76662c12759815684e0852f7c8a285b08f45f601d0751343ec0081f58bf66c5b94eb9a433cef2852922f91e42fd40d4e6da408c7d66f034f2d0674f3aebffac1f845e8acb5e2764f101a575cc2044c116e20d22a0fc30cab1a94743a78e8077f34f351813f34627f28caf9b010cf79c0fd1cb41d7fb081bc23f376cef62e956447b1af5232fdf34ca836e4e3b7b7a1c68004b956bbb1fb3544b553cc068bec52fcef22d3eb3b11b55d92a21815cf4a1fd26f0986d28fefe2782c07ef8ffc3a08b8f0ca976872f5bbf57ff12d6fa53c88bbde067e8b0c799699603be430ab084ffd540c1f392c747e450981a0c43b75e38a717b0771afa4d4106da2a53b446d827c035467a6fd31a463f0ab2a767e2b2ab0b5a258f773add37a7f6ebd3b374b7d8a42c14c920e77b4d97e8401c5b611103ecdcf6a18dfe95f0ddd4d8278c21af05d39b4f8671a8f85cd65a915861efc95c603b539f40deb268914be9662643d377dbadc17a30ad72c55774936b47ce3bffadbeff2afca8fa81c9a7fc502263933fc1756b4400452d309fe6a463a4bc2660e11dadf4082a0f01b789d838c4a15ecc7bf93aa67139c9b4363a47a76a45af28488f2243b4e8dfbc72301f3cf09e4498a493fc4b519bb83c6db723740feae67dd8ab5b461c6db07b27bd19b6df2f7d18cd2d73165d2f831a0eaeb7f5f0d1fe074277e8fd2a7ef7c21b684f0d38c1ab0227802c176a64a135e27ccaac5f5c79bb577e787454675dde5fab9dc6ee736b14eefc3d2dba5a08c4da13412563b40cf9f87dc78437fd895b2e2bc01a037db3b33ef981973c9650404958f0531288bd76df4c9dab6a421494511ceb0b2ea6a630bf2162ac21976392eec1c7748f814bc7d63ccac8cc65ec33cd77cc52d10c888ab852f1cd1c82d21c7be7e9f991f74a6d804ef3d2343437fe97ee218f6350dbaabe6ce80b1b6d1c11a72d55f87c85b741d99d9a37d63cea73fb79e1d628e238ff5d61a21589dcdb6c6b0e322c348dae1664e66bf7536c5df773d9a6865d662f6297cdcf8a26503733e976f89430fb977d6462992f361084cf704a6e1fb3b501ccf96fb69cae46d4d1ed3deaac01d9bed1f3c0ee5516688c23f56075ca6fffe709c801f500a3b026b5dd72819819b7ff28f555e5edf553c39fc799564bd5e8b4e139ba715a4c7ee1d9f4483703d261b65acbef719c9289d7571b74aca49aeaaf7eab26c60d7e8589539f04c452eee051b18be5b0d9e7ffcf0b89d9957be84659f0f3eb06ebb047b3831c0d9428b4e3107567aef47fcbb272aff1540e751b41fc1d08d0d5647b2d910e592946827e2dad3be6120c29eacdd5ae5c90947c3c4ffc93ee9b18cae5480142e88fe428a563e1e6bd5c8b9fbe835ea513685e548fc7cd708bcf2b6b3c819cfcde173d4a4284c6117f45c2d8b53551efbdc1aebc368fc812779f080a68ffc4ba09b8f2d96563de4a5c1cb26b858e0246010d7ada4a46726365ef0b3ff0cea4f9da19d485b4567cc0b52447116e542b4e72f72861c797d0cc56686c421d786ed24d7e8f471dd4f0f65922b89bd84341fc4243556fc57d64dddbf706db0133beb9d3e5210b0013a607fc249a1b74dc63e9ff3dcab3c659f540aec8126b33f0c3aa1ecafef82ff43f526dba703de839a3e1aedc2897a667964f6fe94630151cf3bb07e1a721fed9b7dc69a57b3fa78fc2e32a44347429255e6c5c48be2dc14e5fc36f240423fd8716d3cfb964e42fd17ccebab5e1b6352eee9939af2aa82190a0d98cfc62f04bda344ebe7fa2609f748034ebffa7a09b1e2f857d6851dd45d247f81c13ba2a42eed0a2af11d7df475372c033eb8e1abb9e633babfe313b4860fa6e543339ae68f95cd649d0e75fab4ec518d3809f32ebe4b9148e85ae6e61a58814c46a8b595c5e15352eef97a252a148de1dbc9e43fd1ea1ea650fbe67e1ac142f392cef5749834f589dc94d1c438d56b41a49b0900ae81d6e", 0x1000}, {&(0x7f0000000080)="3ecb9b91415b81d5e46ac582ea9593b608bef7908a437515d3e0e4d6790ddf14bcbcca1297", 0x25}, {&(0x7f0000000200)="faf95cc2613ee085d8b9ed730e30b386410bad57630230b2f9c431e361e7ee9622557bd7e9510d22a62c9059e99c049fed6a57780abfd5a4142be25498dc4edd959945a356482d2ef55b933f912e9b727e3148f73c1e93e31d8d3183d95d328126ce4859159789923caa1b80a489b18ff67a3f82bf3dc7dbbc2848955b4f1813347e9c852197369defbfa6050ed6b388c9753569e8a6743c24e0484aa33010cbe2b6b1f5385a505d64a3b39545d67227c2e825708cd437fa00a1175c5196109503a7db68fd06177a43f6e4f3163cb307399dbbe6b447a8093debe88731cdef", 0xdf}, {&(0x7f0000000300)="86a9d29250039392f7ea043883e29c7c3b91d85301d6d4802dc9dd09d2bc33a8d1da2f9bc57bedfffdc654db7e56a4775e399d5945bb870c78a647f451be8755b1b454879d4b27d6281ae39eb2a15c7c4bbb85b264785596f03b77b39bfdcfe1aaaae6c52f138d4dcfc4037405e583fd3095133f8e5e44124f4f4773d5bd7157e92461e299d38bac4f14ae1d92a6ab4b2cb5b65e55b7538a0adeefc88ed58d7e91125279a1ac0b8ea4174f1031ce48626d36bed0c2dfbf806080920b39a4d4a3a983286848d4dc99617c36a3d7b16700e63673a1ab2da336eaacb259909d69b1b9c7209dac1741", 0xe7}, {&(0x7f0000001480)="903d252b51a20a1613fc3853c2a4f152484975616f33fa9230852f08b58bb0015bb26d21ba48a09b375841be64391b0bae6ec4dd3ffa9170c0c7eba42875c90be79aa815ba5249bb3f3e5a2d5d9a142c0081cad69f28c6b6d767a662ff15622dc091a4e2c96f7220bd46addb17c36869766474960c21fe365019686c374c267b7eedc96fdeb3b724b7c5daeccf576067ede954ffdfdfbf91d4f3c5661731865e7ffbf917c81eaf4c2791959397bc90b1fc9cb3b5fc26231506c480fbe4e3e4f37bf3687b40e5f69cd1281eb5d8eee33cf39eedc7688e06", 0xd7}, {&(0x7f0000001580)="ffb73b52bff1ae2e7eb7d51d9ae6a1bc4c65620d1c3ada6825fd7faf59fbcdfd33e8d8beb68e3663e98718a8337905e879683f89e96f27a85059a9ed272bae4a9a281369aaff28fcd23fd7a59ce338a5c154e8fdd654316b7d4fd86b3ed9f587b5a66218cf61e2219586c5646b1e45f7c1eb4640d21aa2f730acbc95bb46c157b99e23418e2a69b48804735b0f7bfe8071e44de89c94fbb06009ca501845b30d49406e0ead6ca1fa46101347b2d78952ef3ced6416048551a9fc17af8ee6bf7d40c7eccc1eb5426c3ff9773d195deb1aaf4c7290d7ce53d1ba806c7ad303d4c5ddbd69bfd77350ae3e0f3148", 0xec}, {&(0x7f0000001680)="6b3cd592d41f5ca716f0385dea8fdd61013bac03a7b2e6b1f98471c4982319020d4a43ca8aa2076484ebef0fbf41fcc93a8fd711b221cb576c0fd049ac65105923b48773e39da557c4387605a9ba85f3a79484f6e4a03980587799bc1624e5fc702a59a873ea3c0b61a0a7e28128c54b80799ded49790df7081de44fbea1b17ba1b459dc4dc581ba73bffe387f2c8cbcf10e033f5b176258c722814ec7accf42faab7c421593d674df16f8376eee40002d882670fee9f74668d21a526aeb509ef5ccae7a8a1a5cda", 0xc8}, {&(0x7f0000001780)="0ba4b8739e75f618b2b670fe9e2d67634f606acd251aaa9e6200f91e360c43df223ef3f1c4927cae61d5bd985ff7b383f0df9a904a81a0f480d1284ed7c4454b31307e32c230d77422b8509d497085cfec150f46a23bed0a03630ea0d005f86350842af80cc773617550e821025e9bb40dbe0b698d5ece2694a1631e670b210cf66cc26cd4", 0x85}], 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='coredump_filter\x00') writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='+4', 0x2}], 0x1) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000001840), &(0x7f00000000c0)=0x68) [ 278.781689] binder: BINDER_SET_CONTEXT_MGR already set [ 278.810067] binder: 8688:8690 ioctl 40046207 0 returned -16 [ 278.817686] binder: send failed reply for transaction 109 to 8686:8689 [ 278.829707] binder: 8688:8690 transaction failed 29189/-22, size 0-0 line 2834 18:09:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5451, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:43 executing program 1: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x200000032, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000200)) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000240)) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x9) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14) syz_open_dev$sndpcmc(&(0x7f00000002c0)='/dev/snd/pcmC#D#c\x00', 0x9, 0x80000) ioctl$TIOCCONS(r2, 0x541d) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000001640)=""/4096, &(0x7f0000000040)=0x1000) r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80000001, 0x101000) write$UHID_GET_REPORT_REPLY(r3, &(0x7f0000000080)={0xa, 0x7fff, 0x101, 0x93}, 0xa) syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x8, 0x202100) ioctl$TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f0000000300)=r0) 18:09:43 executing program 2: r0 = socket$rds(0x15, 0x5, 0x0) ioctl$int_in(r0, 0x541e, &(0x7f00000000c0)=0x7bd) socket$key(0xf, 0x3, 0x2) r1 = socket$alg(0x26, 0x5, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000880)='/dev/dsp\x00', 0x800, 0x0) ioctl$DRM_IOCTL_GET_STATS(r2, 0x80f86406, &(0x7f0000001f40)=""/4096) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000007c0)="f1829f09080e2a1eb6dd3759e2c9acb443edd07ecf350568da7f92b0f429ba35f69821ff938fceacc2e3a9a47bd6bdabe38b267c1891ce2dc7ac9150e08c863e6dba0b466fd0acfe3f4ae327869e6954d1977fd162bbdea0d260c99fc2f52687", 0x60) r3 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x4, 0x404001) r4 = accept$alg(r1, 0x0, 0x0) ioctl$UI_GET_SYSNAME(r3, 0x8040552c, &(0x7f0000000840)) write$binfmt_script(r4, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmmsg(r4, &(0x7f0000000980)=[{{&(0x7f0000000000)=@ax25, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000600)=""/187, 0xbb}], 0x1, &(0x7f0000000540)=""/14, 0xe}}], 0x1, 0x0, &(0x7f00000009c0)) ioctl$KVM_GET_DEBUGREGS(r3, 0x8080aea1, &(0x7f0000000900)) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000140)={{{@in6, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000240)=0xe8) sendmmsg(r0, &(0x7f0000000500)=[{{&(0x7f0000000280)=@ll={0x11, 0x1f, r5, 0x1, 0x1, 0x6, @local}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000300)="b56af3c1300fb60dd67171c53b24b0f825a671b5b4976e6c556691e000ca9d51213688bc61a60879934545c4ef63f22be6f56f55c73a83a503a0619368", 0x3d}, {&(0x7f0000000a00)="b61ab6f560580a87b3600c10a15cf611019532f85c69a60a403e9e14bebf3a46cd7dab99f5466d7852a6a24689de2e4fd82f11067c7dfbde30dd18d93712a0e2dc37e6976b4d220817eb828a6a31e5c56abb68eb0b8734d8667f7f554549d6f5f346f619ca262137fe488d9866afbb8dfef3ddf01d006a3f7bdd39a242f84d923f6c295418caa4ba3375229807b7a1d923b85b448b9ef023926660004fcba2ca0ccb3bd87ab8b863d6963e98f9f82f741385e0bbd38b3baeeb3a81b3d65770c484d791122141b65e80db6e82c5f76252ca5a4b905f06e33c48d62b357d470380e62c59d2d51663910819bd326ba3cc7363b122c030a0287a950f14208a0a4f5ea7c9cb262c9693b6b64de51c2ef3f936344ebc850970d2aa40c48121e7102dec858994bfecaa3a8fa7b3a9efd4695475e75e2db8842c7ce540bd31595f5dd01b6cc26f62b76ac4c0706d7696ff9b316b7fedd6e67829a2015b18ba2d8b16582df2efc8aa0aff7f78dec8651f10b5ae5581b5ad2e9e3512acf071d9e351fb300b99fcbea039e0b3d55839405dde842f76774e3d2d826ad5416df1e3ec186bf40af32d09e0bd43d360e5d1578d8838b051acff259032dd27f12c3e0d9fa60a63a8b0782e0f60d11457e836e6b5b4238416fd228db3e90bccd442f6565882bfd334c9fffe1e11872e2222feda3034d2a7e29c0d53645e097c52be1f9523385c4531f1a983e9322366d9ffeb62b028b60483661f038c0f12622ca3a8dc78ce6330afa1280fed95bf7ea91cb18abd4597085293f73e48565a178ff63894aaba72ba76ab6f1b8e5e8da50f2a858220bc5288b610db18379c3a10c860d201decb154be78536e3373e82b0556267285c89822759c324e82513b00abfb77ddd24de4bfb7cd32d4ea3740cad655392b763c27f4b093baa033b1d34bee3b3701278707f660bad5ee5a87ba573ed2df07b4d1efe315ec65b181568f21b3adf64279dd65e2da498a218f0b75414253abad7744e6297629c8e684b0fca118f3522d829ae02b6c4832776a67e8dc5ff4a648e5d102499f6ed254389bc01aac08982ff2afcd69db4aed7e5ce1c166c52e9fdb88e1b68d058b7d26557746ed15114809f3907987a885af73225cec671e307122ba27030b6fa09ecb86ff379fbc78047e707044918ef7eecc9135ebaec1fa9b36bff4d86e51d28ce304c2e87073b1f3fa60c2b0cb02f80dc0245cd30f1c61546ee30d1c54c7f3542bceda8112cf01ae3890f6db66eade357e4d4d04d40b172616db18d33c0e3db00e6d3d0f0f2ed2384ec17c1929bb7cbab0cbaa5e2f42f512a071213a1ebe6f984445dd21ea7ce05e81d0764762b234d8f062315e76bfa024584385285b4af5946d0b725ca000596149e296f7f6d305f5b2ea22cc2a069c8767fb7addd782e12c155f91054ce33f12d51a7c8042e8d24f60600cc90629092e1108762ad2849b3d46717ab43089991f69c5e987f1181d0e5e1c52989c6b988fa35535c8caf77aae8ab1b319a9ab3d95d6bae6243657ff9070bcaf6219c1ec55a781bdaac2bb4fcd250271cda0dab3f3ed6a35c92b8d6c7acb7626f9460072682efcec22f8f174f846911582f5c956ef2bfbd930274eea8452f52ac26ba48a2a4a0cfa7750901a4219f3b2ee8dd36ea070b272348a96c52f68e446175001c73a5a4a9694a49ac93e4e2a9f5b5ab55015308d2275f89711dddbc82e0827409362e45a7898cd0ee4835b519d41fa62277e06a62834e0287dda8ea45c4d22f53974e7860a9ba88a9da62964cd7eaa654dadbeef03714e9268cf869d19f8442fc236c7b6fa5f962f5e83c0c6ef2e8ca41f4b97ee6e69051c1ebcbc41e6cc0694353696aebc030e2ae0f3931f08f3a19fbdb6023e3561250329e218e29a9f79ae41868bb7bd2fb3952a53d90c8cca1e225a0c58475f17760da8be1a16c3d892df6a8f7cdf20c2ceb6fa82c032bd040e67487c6bbf7673db7ea0e81a937d8c91364a79a942fed49fd7dda61b423cba8ed3b9089aca518bf6588ed6d35fef61b0787e9550658ad0866d23a8242bdcc68b01f5c19b1d0b51a7ac9889529afd9e67cc09cef83da9773dfbfb3d9ca64940d738eedbf3db25df839b3452d0a856614d11983e491f8964331dd88c47cba35b6c052d784653af244725454e71d3c2ecc19f77ee1ed019222fbe2aad0553bef465247e44174e0e6d01db084ee5f21565ee3cd8679f1d06c9b40ab07bc83e9e96cc50058f192da6b2e6041093edc5db230a3e1715b18d1c1ce4063f3f31b9f7e782a8b126a0f847f01885d49ac3e5d592e317407b04ce7221ac013aef3f94cb04522beed455666721eadbb548af12db597fa6e6ebd19178317b462d2ba9ddad2727decc21248f67253c9f785e62bab4567c6b39609a586514474615b3d9552d903c647c6c0f862eb66df2d7ef1e5b1522c70d7a14ce874ff4531ca4ef1a681df367bebb25bac16dd0c618705e32b768a4e5616338d8fe42867f9ded5e568396e444abb208e0cb54040af84d41608dd3036d333f77c2ecf843bf00538369012f2d9211a4a87b415611b9318bf665336be6350897629e8fe6cb6bf66e639083341fd805aadf0db741f6f221d53f20147bc18bf5d4ed0513b95f3d73ba49f8ab34759847dbd5f4b4fe5aaf4cd5b5dc5ba23c0744df88ed9b47ee1f6719a551a3145246f252d8597327773dbacdf7212650c1a8975275730169654ccbdf5857a8167ce92d6cf92a16f2ad449538461e446d16c5795547d8d1bf2aca56f3415aff74c278d66781b7e97fdb11f0043fcaad2db06f96e3f93b3058fd7d5885a821db6f238a1f79d5c434fb1b72f404cf7287f4af29a2385478b9a60da893ce8ba06f61f788ae69fdf32a8a48defe74b0ae45e5475cb341027e7babda612e90717d3d545e0562f4da94ce3e9ff05799b62e66af86e9abe0ace614c8940db47f18acbe74432f23d49b3db45f6a66a0594f0bf6f481217033f3fe972b7504daae1cfac37fe7d6b97e1b40b438007482b23c1dcb97f6050035faa61dd71e08c9f9eb199b4017608588e6d6ec0859c917b60fa76718f29f1f69f1f5603ceb71ee368635cfbd2d21ae167ba319b45f796d5fcd1e32db20bb00432e763623e6b373d479f0062befcf86a0064010d1c7a0aef1b727208257d9b9417c502a0b1bec5cef33d495b18fec5e7b395f925233d932a124bafd24deca710b5b774c766661a02fae9d2faf1c8df5d36ce3dfdee29d10e2313654b5ee52b20f0456684ed19ee4a25e15cbe621abd91f50989d3209dd391dbecc82501b6b8f77b351e4c291bc9536a42e3c6a0745a4d1ab6e43f58ebc7e02b1c0055369a4825cbd89803adef843feafd292db392ce37924bf429b267d521c1eaacdc6dd1b063130f83907f710d8162b3d3ce93a17b9b8a13c0c2f905f94c06f1e7581851ff7e81776bdb76450277b5682eb76f0f839fe77b937573f1d572d56aaa1913922f69b1b8f6c68f1c323a7586842a8637886d647e36480d3338929b0c5a2422324af1f9da197fee13eca54435a4b82c95a3c91aaef87a148d6aa54105a25675a174ec3ee4ac8f7aeffb88b08dcd17a0e0c376a257279e9bb0b99e63de30a467495e34dac4e930aa93980624d20ab173eb4ca43b6edc63350c193147cfb338c55c89fc24a80f19aaf6252d14f8a3bb5ea3ad5654bf85cf03585c154b93c12eb83b98e094a5514519e228af9a321320cdc081e705fe803d909cd7d04acf5b7da37ec7de5e7905b2cfc551dc3894bff2bdc400fe0c60f36d8f84eaa8e3481ecc3d2d5f866aec5f4903d44dead6d1d92b8a0a8f48315dbc6181e14a976875d776ca8613c3ded0ed4bc6c09bb74182a2a8967f29111ebdfc76ced84856fb5240048bd73ae718c55ca8299ad3d64435c05b9a2a8bd85e679a9f1b808e4c9fbba733e11e8b42e870b2c6323270d3089d0175289082dba67080f18710c5f75a93bb802251e4f55e06b9660ad3ee003e6440eea060b45e98dcd105aab582b37997da302f0e8063693e0e8e22fbda0c6f902bcc368a433d921ecd32563e203879c3cbf0a806b3630dc986eb361d5a56ff1d8eb3f69898ceaed2a33f6eebf14bc3007e7105f9e0712d6b826e567fe7fcb1a78dbd98610fbce8e84d264fa3562cc901bac1a876bb7c332bac1d8959d755eac60fbf40987a793d4f2bb734cab57907d72710c6d2305b21ca606a510520359491a38a0898bda60fd3f99fb29be25da2ee5f107a47e23d21a24d7be8dc59ab0acf21d3a50773c4fbd88855ae22e6d9c82b8dd8ad9aa80d4fca4310e41ef844b5ce72164365bd73bd7be525b707a5463eb2b6150758fa34949c37100eba4a3a7edfbe42b7aabe4873954ec7994266890c98886321ea52ad38b15cbf19975ac7e91d5007c5d2d79a1261b8221b8da01b1211e6a16eaa7781223fae482251c6d1c547db6cd16b7d56ba3567229cefbcbe352fc2f6fc54cc739297024dd307f2151dcdb2f15d529d1cdf09cfb87a6fb12ecc65df5219215d3464f702f81c74d16b256cbd196556cc103cb8fbb075e56f23e9acf5c8fad8780f1f8e9445995c7a50ab1bf7f5d047ba3559a207f10628d56a04f00f4709d0771c201585c96504771af261e01dd47b45ee9d150fdd00d3843cf4289b5e01058dddb05a228b2afc0dbdaba25717e33de3da6a0c2bc4f12eb660ba8d443c9c56289c43aac7abe653bfe6c8e05b4c94316918f2911306e85710468cbee34919f192d70ecf3e78616c19aabecdf4238dadc3b115d2517840a8e3fa82915132255115bf0bc428ea558b61a8b914870f31f1861df2a2303558e748216580c7fdbdb561db5c749b72f58af0fa22761e6356b1b3644f639dad0256bb6badf8fee1ffdeb6065aee97f1b3557c20bef73116dd5d5ef052322a58363dac4b2ff15d651f19b9d9d9c2a431ced03c6e41775fec6093a726e1c2ce03318aa83d50298dfdeeb1b9e7a0db105d71ed24871191ada7a8188c5f056d3bd46dbb30411cac23899390f7791a4a329936d8286f0303e7dcf77c7fca2ddc125656e0751595d2b21eea139804a4cb767cca12634af25d174dd55afc386f3d4a7a47c8b061d528f0d594766e8aba3f0dfbe242031a15ad9289518db68eb09725ec9b4846e1d54ca6a1bd36ba137b58e3359639ec99c8f5a79497e3c4d33bf1eadff2fad29f5b6f298e672c261aba29b33fefa322c70023c27ea77cfdd470ab3b34b45b14fd93aad9404ea85eeb16ab23b6445d1da489fdffc3b4d779c8681210b27f54708f32a598a0c054de812f007a4caafc0f72920a5d2fd19c6f740e41e441208a8e719d036d5c412c0639bee40fa10a23a0c50b021bea508ccd98f170948bcc231bf1ecf1e4c7c8064cf057076558493e2756aed9c588df5fa0333215faa87ea5fb121cf9cbe2b56f8b9e59c121abb3d03020308dc88265a448f1a7abbc7da5a07d673a01a4211d4c771d4df407af7ebfe3a3c3b545c550d9650c9fca1c0dcf677ef742b10c938fde6b66e8d22350e8a905f1832d6489dea0102420a61dd5644c99a6260d3144ebc07f087d029dd032b2e19b80b7bcbdbfd14418abce2f9c97ffe9ae85e36ddc703a530ca4af249da1ce05d3ca87cd67ed115a74be6724645e28579f36da2f2514c997858d90fd663ee0fd29a3b9b5ca914772d1236035d234f31e74f35a071be43277cce9aab3dacc1185b0e7bc66c40df491569d5b9212f8c58e4dbe09e41bc906932886886148e04943dae81e07c12427f69e2382609b95f68956", 0x1000}, {&(0x7f0000000340)="e5a199397af6d746c979ba143c897be52b755c966d6127c452365b0e814abd8bb7341f8ce9cdb7082e6ac9278ff9e8a84d39a9ac7d8a88c9746bae00ff4fe6", 0x3f}, {&(0x7f0000000380)="48527f56d26353e6f7d782fa2a8d030f0ea99842fa2879305ebe9bc4354b4e9c77a5b4ef9723e8e8c7978b043e5a079fe8f8ee46c87ce498e313b6c3718d50342e5bff57b9ca12de9a19ff5c186dbe6a26c803a3c9", 0x55}, {&(0x7f0000000400)="e8afdb1f71298a9da725d5cca29dba9d4ac11f94de6ec708d99cd2767770f060117f5899cd481df6b8612dfad79f247656ba1e98b6d8af97e207e87825de6835e00e195bc1fcb46d6ce0a802c011d66f156a174abecc98f242cffb3a973be09c50d8768081bec81503a8259f9dcf0a98a5691c60a43b1081110e48bbdb186753072cb240f7d726587c96545170c9ce75d621198465a8db4302b87d596143d55186ba1380ddb07153869a0384efe012b39204aed9156f1e39f67c8494517ae2f8e109f37bc50c42739aad025a64a6db4a617eef288cb8b1f2e5684d5fac14c888652fd18ca8", 0xe5}, {&(0x7f0000000580)="160546e34e78fba37b86d66c0936de2a993afbca74c699795d915cb169abfc9dd68db1d5c6198469ead9330983fa082badcb467cea77010737f1e82cc622598887e11ad51347a3a241acff10568b08ee3bd00d", 0x53}, {&(0x7f00000006c0)="37245f044002059349e9ebeeab979cc280363bb3d9a12828e9c6c7e09e0f26256fffc6b5a1f17ae3e1628ac75c8c38fd7ac1997a7c30354b500f87d4cc85d47003fdb6195c7668c01f42f9def7f26fb5e478d9b8146ea6bce51be9d233afe483c1940424df23688171e2d62a3e05bba9231e95", 0x73}], 0x7, 0x0, 0x0, 0x4000}, 0x2}], 0x1, 0xc815) recvmmsg(r4, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x400002d, 0x0, &(0x7f0000005c00)={0x77359400}) [ 278.865921] binder: undelivered TRANSACTION_COMPLETE 18:09:43 executing program 4: clone(0x2102001dfe, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff) request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000440)={'exz'}, &(0x7f0000000080)='\x00', 0xfffffffffffffffe) 18:09:43 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x24240, 0x0) ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000500000000000000c9020000000000001f00000000000000010400000000000009ff070200000000000000000000006d951238c27ba05fcb4e8e00000000000000000000000000ff0000000000000005000000000000003b570000000000007f0409ff00000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000a82786fdbbd28f5700000000000000000000000000000000008000060000240000000000000000000000000200000000000000ff000000000000000100008000000000de0103000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000b623650700000000010001000000000040ffff09000000000000000000000000000000000000000000000000"]) r1 = syz_init_net_socket$llc(0x1a, 0x106010100000001, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='gretap0\x00', 0x10) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000280)={{{@in=@multicast1, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000080)=0xe8) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000380)=r2) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x31e, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) 18:09:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306205, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 278.958357] binder: send failed reply for transaction 112 to 8706:8707 [ 278.986398] binder: undelivered TRANSACTION_COMPLETE 18:09:44 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x42204138}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7fffffff}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x10) r2 = socket$inet6(0xa, 0x80003, 0xff) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000240)={0x6, 0x4, 0x1}) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000200)={0x5, 0x6, 0x1}) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote}, 0x1c) 18:09:44 executing program 1: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$TIOCNOTTY(r0, 0x5422) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x8, 0xb0, 0x1, 0x0, 0x0, [{r0, 0x0, 0x584}]}) write(0xffffffffffffffff, &(0x7f0000000400), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) fadvise64(r1, 0x0, 0x9, 0x1) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000380)={@mcast1}, 0x14) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000100)={{0x0, 0xc7fa}, 'port0\x00', 0x19, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x1086bc91, 0x0, 0x0, 0x6}) sendfile(r0, r1, 0x0, 0x10000) 18:09:44 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0xa5d, 0x2000) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000001c0)={0x8, 0x3}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x800, 0x400000) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) read(r1, &(0x7f0000000400)=""/7, 0x7) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000280)=""/198, &(0x7f0000000380)=0xc6) syz_open_dev$sndpcmc(&(0x7f00000003c0)='/dev/snd/pcmC#D#c\x00', 0xffffffffffff68a9, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$void(r2, 0x5450) ioctl$KVM_GET_ONE_REG(r2, 0x40046104, &(0x7f0000000140)) 18:09:44 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x3ffffd, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00') ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000001c0)=0x7fff) fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000380)={{{@in=@multicast2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000000280)=0xe8) capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000000)) r3 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_CLEAR_SOCK(r3, 0xab04) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000680)={0x0, 0x0}, &(0x7f00000006c0)=0xc) r9 = getuid() getresgid(&(0x7f0000000700), &(0x7f0000000740)=0x0, &(0x7f0000000780)) fstat(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = getgid() getresgid(&(0x7f0000000840)=0x0, &(0x7f0000000880), &(0x7f00000008c0)) lstat(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000009c0)={{}, {0x1, 0x4}, [{0x2, 0x0, r1}, {0x2, 0x2, r2}, {0x2, 0x2, r4}, {0x2, 0x7, r5}, {0x2, 0x6, r6}, {0x2, 0x6, r7}, {0x2, 0x4, r8}, {0x2, 0x0, r9}], {0x4, 0x4}, [{0x8, 0x1, r10}, {0x8, 0x4, r11}, {0x8, 0x1, r12}, {0x8, 0x3, r13}, {0x8, 0x2, r14}], {0x10, 0x1}, {0x20, 0x4}}, 0x8c, 0x2) write$vnet(r0, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/53, 0x35, &(0x7f0000000200)=""/82}}, 0x68) [ 279.096864] audit: type=1800 audit(1540663784.045:36): pid=8731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=16590 res=0 [ 279.157696] binder: send failed reply for transaction 114 to 8732:8734 [ 279.165089] binder: 8732:8734 ioctl c0306205 2000efd0 returned -22 [ 279.181042] audit: type=1804 audit(1540663784.045:37): pid=8731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir802018207/syzkaller.jBTnQf/60/file0" dev="sda1" ino=16590 res=1 [ 279.250247] binder: undelivered TRANSACTION_COMPLETE [ 279.263656] binder_release_work: 4 callbacks suppressed [ 279.263662] binder: undelivered TRANSACTION_ERROR: 29189 [ 279.269407] audit: type=1804 audit(1540663784.125:38): pid=8731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir802018207/syzkaller.jBTnQf/60/file0" dev="sda1" ino=16590 res=1 18:09:44 executing program 0: mmap(&(0x7f0000013000/0x1000)=nil, 0x1000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), 0x4) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fchmod(r0, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 18:09:44 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0xa5d, 0x2000) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000001c0)={0x8, 0x3}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x800, 0x400000) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) read(r1, &(0x7f0000000400)=""/7, 0x7) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000280)=""/198, &(0x7f0000000380)=0xc6) syz_open_dev$sndpcmc(&(0x7f00000003c0)='/dev/snd/pcmC#D#c\x00', 0xffffffffffff68a9, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$void(r2, 0x5450) ioctl$KVM_GET_ONE_REG(r2, 0x40046104, &(0x7f0000000140)) 18:09:44 executing program 4: r0 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0xa5d, 0x2000) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000001c0)={0x8, 0x3}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x800, 0x400000) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) read(r1, &(0x7f0000000400)=""/7, 0x7) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000280)=""/198, &(0x7f0000000380)=0xc6) syz_open_dev$sndpcmc(&(0x7f00000003c0)='/dev/snd/pcmC#D#c\x00', 0xffffffffffff68a9, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$void(r2, 0x5450) ioctl$KVM_GET_ONE_REG(r2, 0x40046104, &(0x7f0000000140)) 18:09:44 executing program 1: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$TIOCNOTTY(r0, 0x5422) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x8, 0xb0, 0x1, 0x0, 0x0, [{r0, 0x0, 0x584}]}) write(0xffffffffffffffff, &(0x7f0000000400), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) fadvise64(r1, 0x0, 0x9, 0x1) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000380)={@mcast1}, 0x14) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000100)={{0x0, 0xc7fa}, 'port0\x00', 0x19, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x1086bc91, 0x0, 0x0, 0x6}) sendfile(r0, r1, 0x0, 0x10000) 18:09:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306202, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1000) timer_create(0x0, 0x0, &(0x7f0000000080)) r2 = fcntl$dupfd(r0, 0x406, r0) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000000)={0x400}) [ 279.382652] audit: type=1800 audit(1540663784.325:39): pid=8755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=16637 res=0 18:09:44 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000400)='net/rt_cache\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x400000000000000) dup2(r0, r0) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000080)=0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x29, &(0x7f0000000000)={0x0, 'veth1_to_bridge\x00'}, 0x74) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x101) 18:09:44 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0xa5d, 0x2000) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f00000001c0)={0x8, 0x3}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x800, 0x400000) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) read(r1, &(0x7f0000000400)=""/7, 0x7) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000280)=""/198, &(0x7f0000000380)=0xc6) syz_open_dev$sndpcmc(&(0x7f00000003c0)='/dev/snd/pcmC#D#c\x00', 0xffffffffffff68a9, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$void(r2, 0x5450) ioctl$KVM_GET_ONE_REG(r2, 0x40046104, &(0x7f0000000140)) [ 279.424849] binder: send failed reply for transaction 116 to 8756:8761 [ 279.431958] binder: 8756:8761 ioctl c0306202 2000efd0 returned -22 [ 279.449370] audit: type=1804 audit(1540663784.355:40): pid=8755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir802018207/syzkaller.jBTnQf/61/file0" dev="sda1" ino=16637 res=1 18:09:44 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}], 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r2 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x182) io_destroy(0x0) futex(&(0x7f0000000300)=0x1, 0x7, 0x1, &(0x7f0000000480)={0x77359400}, &(0x7f00000004c0), 0x0) r3 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) ioctl(r3, 0x40, &(0x7f0000000540)="2bb48152e593845bff2c5c2e62ef5c26a4b8980093b8190fa0b856343273115d073b83cf6b953f492bf9a5a61aa2e0b767ecf6126e83ffc6775582dd9198aee369c39fd16ff2308a3f4a9eebee0a31dd4387e4dcee9f260e2dddcecd46374e4e866e258ca075610a8790387a708f81845839b5850f59ade6f3049941f196e10fe20fd7a2278deaf7f5cf47654e2a07a63e6d511de2c489fec3b2b3ef31d950a160de0fbe463d65831d8fbf119a452fddab62b14c") ioctl$GIO_CMAP(r3, 0x4b70, &(0x7f0000000200)) pwritev(r3, &(0x7f0000000340), 0x1000038e, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'\x00', 0x0}, &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r2, r2, &(0x7f0000000000), 0x2000005) fsetxattr$trusted_overlay_redirect(r1, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file1\x00', 0x8, 0x2) ioctl$LOOP_CLR_FD(r2, 0x4c01) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00'}, 0x10) fcntl$setsig(r3, 0xa, 0x17) setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000340)=0x2, 0x2) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r2, 0x4c00, r3) 18:09:44 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e24, 0x4, @remote, 0x1000}}, 0x8, 0x4, 0x579, 0x5, 0x80}, &(0x7f0000000340)=0x98) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000380)={r1, 0x6, 0xa6fa, 0x0, 0x3bd4}, 0x14) setgroups(0x2, &(0x7f00000003c0)=[0x0, 0x0]) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r2 = getpid() r3 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x8, 0x200400) bind$pptp(r3, &(0x7f0000000140)={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1e) openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x80000, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x101000, 0x0) syz_open_dev$mouse(&(0x7f0000000400)='/dev/input/mouse#\x00', 0x6, 0x20000) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000480)=0x1) sched_setscheduler(r2, 0x5, &(0x7f0000000000)) getgroups(0x1, &(0x7f0000000040)=[0x0]) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000200)=r2) syz_open_procfs(r2, &(0x7f0000000080)='uid_map\x00') 18:09:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0045878, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:44 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000180)={0x1, 0xffffffffffffffff, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "a702ca9c1a8d1dc1e4e29ed4d2927b5e8155ac02a25334d332f97653d9d90256b4da4ec6f2b44831a3b878ada2f3e5883f2f7c806fb61c1993cc4f19a22c61e4"}}, 0x80}}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)=0x0) fcntl$setownex(r0, 0xf, &(0x7f00000000c0)={0x1, r2}) sendmsg$can_bcm(r0, &(0x7f0000011000)={&(0x7f0000010ff0)={0x1d, r1}, 0x10, &(0x7f000000eff0)={&(0x7f0000012f80)={0x1, 0xfffffffffffffffc, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "68759a67d8602d3e4b207446a705148d03f1f86e60b22a6ec7e5b35afc19cd0ed506fb9cdba948697c01f3ec6bc0f8f98290b0198d30bde485753f80c203fe81"}}, 0x38}}, 0x0) [ 279.577547] binder: undelivered TRANSACTION_COMPLETE [ 279.582784] binder: undelivered TRANSACTION_ERROR: 29189 18:09:44 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0xfffffffffffffffc) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) getsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000200), &(0x7f0000000380)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x4400) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r3 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e59073487cf36ad576e32926b04894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa22a505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd687928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c", 0x0) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="4f45b302b399cc4c46d3000040ad5dd355452a4cf0b680adb083ce360200000000922aa2080a41e4ff01003e0000000000bf307f97f007690000200000"], 0x3d) execveat(r3, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f0000000740)=[&(0x7f00000002c0)='lo-keyring/\x00', &(0x7f0000000500)='/proc/self/net/pfkey\x00', &(0x7f0000000540)='/proc/self/net/pfkey\x00', &(0x7f0000000580)='bond_slave_0\x00', &(0x7f0000000600)='ppp0F$vboxnet0trusted/ppp1\x00', &(0x7f00000006c0)='ppp0em1]\x00'], 0x1000) creat(&(0x7f0000000700)='./bus\x00', 0x0) getpgid(0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0xfffffffffffffffd, 0x0, @loopback}, 0x1c) ioctl$ION_IOC_HEAP_QUERY(0xffffffffffffffff, 0xc0184908, &(0x7f0000000280)={0x34, 0x0, &(0x7f0000000240)}) creat(&(0x7f0000000080)='./bus\x00', 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000400)='/proc/self/net/pfkey\x00', 0x100, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000004c0), 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x189000, 0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000100)={0x2, 0x6}, 0x2) ioctl$TCSETAF(r4, 0x5408, &(0x7f00000001c0)={0x0, 0x1, 0x3, 0x81, 0x100000, 0x4, 0x0, 0x3, 0x0, 0x76}) fcntl$lock(r0, 0x7, &(0x7f0000000080)={0x2, 0x0, 0x0, 0xe69}) write$P9_RREADLINK(r2, &(0x7f0000000640)=ANY=[@ANYBLOB="1000000017020007002e2f66696c653185ff21d847c759765b4d9c5b0d8c6479a77bd1587146059c8d5fb6af639a10ca046c61d4fd64c4578fb8c592421a205645d3df735d321997b9aee9f9aca91311a2baca749c1933521b9fcaa038"], 0x10) [ 279.653715] binder: send failed reply for transaction 118 to 8782:8784 18:09:44 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000440)='/dev/snd/pcmC#D#c\x00', 0x2, 0x208202) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000480)=[0x1000, 0x2]) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhci\x00', 0x200000, 0x0) setsockopt$inet_opts(r3, 0x0, 0x9, &(0x7f00000003c0)="8489f85489a66742c54023cef5b6eb3743d489afde3b94e61d6a0be09d3c0b420493eb0c69786edb9a0c76862bb07772ce6ca33b176274b919aeec0395c88aa5526aa89b443a7fb1f7deb2eecee15a909628051d00d2b1025fa9d044bb81", 0x5e) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@multicast2, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr, 0x0, 0x2b}, 0x0, @in=@rand_addr, 0x0, 0x4}}, 0xe8) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000001c0), &(0x7f0000000200)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x2}, 0xc) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000ef8cfd)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f00000000c0)={0x9}, 0x10) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000040)=0x4, 0x4) rt_sigprocmask(0x0, &(0x7f0000000080)={0x9}, &(0x7f0000000100), 0x8) 18:09:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306203, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 279.738191] binder: undelivered TRANSACTION_COMPLETE 18:09:44 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400202) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) lsetxattr$security_smack_entry(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64\x00', &(0x7f00000000c0)='nodevð0,keyring\x00', 0x13, 0x2) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0x0, 0x4}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0), 0x4) accept4$inet(0xffffffffffffff9c, &(0x7f0000000100)={0x2, 0x0, @rand_addr}, &(0x7f0000000140)=0x10, 0x0) [ 279.791758] binder: undelivered TRANSACTION_ERROR: 29189 18:09:44 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3ff) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x10001}, &(0x7f0000000440)=0x8) syz_emit_ethernet(0xfd, &(0x7f00000006c0)={@dev={[], 0x1c}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [], {@llc_tr={0x11, {@snap={0xaa, 0x1, "aa71", "01a429", 0x0, "4909d78dae7ffe9dc55c847684b6bebb4d1f75e38b0cb94368425b1b76e4bbaf52ebdb33b7c4c5cfae7d4959cccf273884115a1b0afcd4db5f898a44ecb179b811ffc61bf5e59fa1772763120ff0fc79dd673ef7541e0f8c1976d9e55f14770df066254bfa8ac67ec83102267cac7363ba4a117b2b990a830e194fa473358dbae85d11ff48a6a971779da4e05e56cb5034633b5321222de8983299db51208e43a9e63b64051da7bcea909c94faf3c91a6a74604620315573c54f3c59a1b4e8acf5eb4834091b7a410cb1b2ee5f9b5ffbebe7eed6ee0a00f86e3334cd538d881e2251b5c6481d"}}}}}, &(0x7f00000002c0)={0x0, 0x4, [0xa67, 0x72, 0x17a, 0xec8]}) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000480)={r2, 0x3}, 0xffffffffffffffbe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) timer_create(0x7, &(0x7f00000001c0)={0x0, 0x2f, 0x2}, &(0x7f0000000200)=0x0) timer_delete(r3) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000100)=0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000280)=r4) openat$cgroup_procs(r1, &(0x7f0000000180)='tasks\x00', 0x2, 0x0) unshare(0x40000000) clock_gettime(0x7, &(0x7f0000000600)) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x2}, 0x4) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000500)={{0xd7, 0xaf}, {0x7fffffff, 0x2}, 0x4, 0x4, 0x157c}) clock_gettime(0x0, &(0x7f0000000080)) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) r8 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0) io_cancel(0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x80000001, r1, &(0x7f0000000340)="3cee2841e733f9619b3cff2f2656faa2e742ec8c4af6291a4c12f6c9bfcf805991c0fae4be747c4edb68", 0x2a, 0x101, 0x0, 0x1, r0}, &(0x7f00000003c0)) ioctl$BLKTRACESTART(r7, 0x1274, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000240), &(0x7f0000000300)=0xb) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x100, 0x279d}) syz_open_dev$mice(&(0x7f0000000680)='/dev/input/mice\x00', 0x0, 0x80) r9 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/mixer\x00', 0x400000, 0x0) connect$bt_sco(r9, &(0x7f0000000b80)={0x1f, {0x0, 0x10000, 0x0, 0x0, 0x6, 0x5}}, 0x8) [ 279.876581] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 279.884829] binder: 8799:8803 ioctl c0306203 2000efd0 returned -22 18:09:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl(r0, 0x8912, &(0x7f0000000180)="0a91c80700055f85715070") getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000680)=""/4096, &(0x7f0000000000)=0x1000) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f0000000040)='\x00', 0xffffffffffffffff}, 0x30) ioprio_set$pid(0x2, r1, 0x1) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x3, &(0x7f0000000080)=0x46f4eec4) clock_adjtime(0xa000000, &(0x7f0000000240)) [ 279.929347] sched: DL replenish lagged too much [ 279.952913] IPVS: ftp: loaded support on port[0] = 21 18:09:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="ea950f0000d800660f388131b9800000c00f3235010000000f3066baf80cb8006d8e8bef66bafc0cb84ff00000ef66baf80cb8c01e928cef66bafc0c66ed7300c4c16cc29f19f9eb9900b9420200000f3226660f38807686640f06", 0x5b}], 0x1, 0x6, &(0x7f00000000c0)=[@dstype3={0x7, 0xa}, @efer={0x2, 0x2000}], 0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000e80)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4e81016c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f0624ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8943bee805954a62d196a4e842ff6b21224b77f530d0000ffffffffffff8000dc34b2152d66ae793b63040edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac77951000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152f691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17def4929ce7d346ca62b25d48fda4d10146702f78b233b5208752cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c5ff076e15451e33519fc978f6601000000000000008dc130a28ef5f63ad0fb39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc8bb1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd8602597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b04243970c44e4cbe0b18883299c636e9e46724a9a0600a8bb02f3ff89631d522019a35fe12a330200dd8768ddbc02a4c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c650000000092613e28387e955715908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef981de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800dadf00000000d372bdd6d89dc1ecf603000000114d0fba2bd1c69e8f7e3dd3dcda85ce975ec1381b1cec6ddaa76e186719164300"}) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000140)) 18:09:45 executing program 2: r0 = fanotify_init(0x4, 0x109000) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r0) [ 280.123608] binder: undelivered TRANSACTION_COMPLETE 18:09:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0189436, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 280.147611] binder: undelivered TRANSACTION_ERROR: 29189 18:09:45 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xbcda34450b800b7a, 0x40000000000a132, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r1, 0x10c, 0x80000000000006, &(0x7f00000002c0), &(0x7f0000002600)=0xfffffdaa) [ 280.460172] IPVS: ftp: loaded support on port[0] = 21 18:09:45 executing program 2: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000fa4000)) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4082) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'veth1\x00', 0x4}, 0x18) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000380)=""/169) r3 = memfd_create(&(0x7f0000002b00)='/dev/loop#\x00', 0x0) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000002780)) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f0000000200)={0x100, 0x1000, 0x9}) gettid() prlimit64(0x0, 0x0, &(0x7f0000002940)={0x3}, &(0x7f0000002900)) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f00000029c0)=0xfffffffffffffffc, &(0x7f0000000100)=0x2) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000028c0)={0x10}) fcntl$setstatus(r1, 0x4, 0x800) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000002c0)={0x0, @local, 0x4e23, 0x2, 'fo\x00', 0x1, 0x6, 0x4b}, 0x2c) ioctl$KDDISABIO(r3, 0x4b37) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f00000027c0)={{0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id1\x00', 'timer1\x00', 0x0, 0x0, 0x81, 0x0, 0x101}) sendfile(r2, r2, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) r4 = gettid() setpgid(r4, r4) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) prctl$setendian(0x14, 0x2) fcntl$lock(r2, 0x7, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x3, r4}) ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000002980)) read(r5, &(0x7f0000000040)=""/92, 0x5c) 18:09:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 280.529434] binder: undelivered TRANSACTION_ERROR: 29189 18:09:45 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x1) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x58, r1, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x3}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1ba5}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x3}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x22}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000010}, 0x4) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x35) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)}}, 0x20) ioctl$int_in(r0, 0x8000008010500c, &(0x7f0000000000)) 18:09:45 executing program 4: r0 = fanotify_init(0x0, 0x0) readv(r0, &(0x7f0000004740)=[{&(0x7f0000000500)=""/149, 0x95}], 0x1) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x100000000, 0x8000) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000340)={0x38a, {{0xa, 0x4e21, 0x3, @remote, 0x4}}}, 0x88) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) r3 = dup3(r2, r0, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) shutdown(r3, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) getpid() tkill(r4, 0x1000000000016) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000300)={0x101ffd, 0x100000}) connect$pptp(r3, &(0x7f0000000280)={0x18, 0x2, {0x1}}, 0x1e) write$UHID_CREATE(r3, &(0x7f0000000140)={0x0, 'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000040)=""/224, 0xe0, 0xd3d, 0x1, 0x521, 0x2, 0x7}, 0x120) 18:09:45 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3ff) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x10001}, &(0x7f0000000440)=0x8) syz_emit_ethernet(0xfd, &(0x7f00000006c0)={@dev={[], 0x1c}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [], {@llc_tr={0x11, {@snap={0xaa, 0x1, "aa71", "01a429", 0x0, "4909d78dae7ffe9dc55c847684b6bebb4d1f75e38b0cb94368425b1b76e4bbaf52ebdb33b7c4c5cfae7d4959cccf273884115a1b0afcd4db5f898a44ecb179b811ffc61bf5e59fa1772763120ff0fc79dd673ef7541e0f8c1976d9e55f14770df066254bfa8ac67ec83102267cac7363ba4a117b2b990a830e194fa473358dbae85d11ff48a6a971779da4e05e56cb5034633b5321222de8983299db51208e43a9e63b64051da7bcea909c94faf3c91a6a74604620315573c54f3c59a1b4e8acf5eb4834091b7a410cb1b2ee5f9b5ffbebe7eed6ee0a00f86e3334cd538d881e2251b5c6481d"}}}}}, &(0x7f00000002c0)={0x0, 0x4, [0xa67, 0x72, 0x17a, 0xec8]}) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000480)={r2, 0x3}, 0xffffffffffffffbe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) timer_create(0x7, &(0x7f00000001c0)={0x0, 0x2f, 0x2}, &(0x7f0000000200)=0x0) timer_delete(r3) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000100)=0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000280)=r4) openat$cgroup_procs(r1, &(0x7f0000000180)='tasks\x00', 0x2, 0x0) unshare(0x40000000) clock_gettime(0x7, &(0x7f0000000600)) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x2}, 0x4) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000500)={{0xd7, 0xaf}, {0x7fffffff, 0x2}, 0x4, 0x4, 0x157c}) clock_gettime(0x0, &(0x7f0000000080)) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) r8 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0) io_cancel(0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x80000001, r1, &(0x7f0000000340)="3cee2841e733f9619b3cff2f2656faa2e742ec8c4af6291a4c12f6c9bfcf805991c0fae4be747c4edb68", 0x2a, 0x101, 0x0, 0x1, r0}, &(0x7f00000003c0)) ioctl$BLKTRACESTART(r7, 0x1274, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000240), &(0x7f0000000300)=0xb) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x100, 0x279d}) syz_open_dev$mice(&(0x7f0000000680)='/dev/input/mice\x00', 0x0, 0x80) r9 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/mixer\x00', 0x400000, 0x0) connect$bt_sco(r9, &(0x7f0000000b80)={0x1f, {0x0, 0x10000, 0x0, 0x0, 0x6, 0x5}}, 0x8) 18:09:45 executing program 1: r0 = getpid() r1 = gettid() rt_tgsigqueueinfo(r0, r1, 0x26, &(0x7f0000000040)={0x38, 0x80, 0x1, 0x20}) r2 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0xf0, 0x404104) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r2, 0xc0045520, &(0x7f0000000000)=0xfffffdfd) [ 280.667478] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1, syncid = 4, id = 0 [ 280.676931] binder: 8853 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 280.676945] binder: 8853:8855 ioctl c018620c 2000efd0 returned -22 18:09:45 executing program 2: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000fa4000)) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4082) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'veth1\x00', 0x4}, 0x18) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000380)=""/169) r3 = memfd_create(&(0x7f0000002b00)='/dev/loop#\x00', 0x0) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000002780)) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f0000000200)={0x100, 0x1000, 0x9}) gettid() prlimit64(0x0, 0x0, &(0x7f0000002940)={0x3}, &(0x7f0000002900)) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f00000029c0)=0xfffffffffffffffc, &(0x7f0000000100)=0x2) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000028c0)={0x10}) fcntl$setstatus(r1, 0x4, 0x800) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000002c0)={0x0, @local, 0x4e23, 0x2, 'fo\x00', 0x1, 0x6, 0x4b}, 0x2c) ioctl$KDDISABIO(r3, 0x4b37) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f00000027c0)={{0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id1\x00', 'timer1\x00', 0x0, 0x0, 0x81, 0x0, 0x101}) sendfile(r2, r2, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) r4 = gettid() setpgid(r4, r4) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) prctl$setendian(0x14, 0x2) fcntl$lock(r2, 0x7, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x3, r4}) ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000002980)) read(r5, &(0x7f0000000040)=""/92, 0x5c) 18:09:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0045878, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 280.866103] IPVS: ftp: loaded support on port[0] = 21 18:09:45 executing program 4: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000fa4000)) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4082) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'veth1\x00', 0x4}, 0x18) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000380)=""/169) r3 = memfd_create(&(0x7f0000002b00)='/dev/loop#\x00', 0x0) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000002780)) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f0000000200)={0x100, 0x1000, 0x9}) gettid() prlimit64(0x0, 0x0, &(0x7f0000002940)={0x3}, &(0x7f0000002900)) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f00000029c0)=0xfffffffffffffffc, &(0x7f0000000100)=0x2) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000028c0)={0x10}) fcntl$setstatus(r1, 0x4, 0x800) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000002c0)={0x0, @local, 0x4e23, 0x2, 'fo\x00', 0x1, 0x6, 0x4b}, 0x2c) ioctl$KDDISABIO(r3, 0x4b37) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f00000027c0)={{0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id1\x00', 'timer1\x00', 0x0, 0x0, 0x81, 0x0, 0x101}) sendfile(r2, r2, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) r4 = gettid() setpgid(r4, r4) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) prctl$setendian(0x14, 0x2) fcntl$lock(r2, 0x7, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x3, r4}) ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000002980)) read(r5, &(0x7f0000000040)=""/92, 0x5c) 18:09:45 executing program 3: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000fa4000)) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4082) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'veth1\x00', 0x4}, 0x18) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000380)=""/169) r3 = memfd_create(&(0x7f0000002b00)='/dev/loop#\x00', 0x0) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000002780)) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f0000000200)={0x100, 0x1000, 0x9}) gettid() prlimit64(0x0, 0x0, &(0x7f0000002940)={0x3}, &(0x7f0000002900)) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f00000029c0)=0xfffffffffffffffc, &(0x7f0000000100)=0x2) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000028c0)={0x10}) fcntl$setstatus(r1, 0x4, 0x800) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000002c0)={0x0, @local, 0x4e23, 0x2, 'fo\x00', 0x1, 0x6, 0x4b}, 0x2c) ioctl$KDDISABIO(r3, 0x4b37) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f00000027c0)={{0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id1\x00', 'timer1\x00', 0x0, 0x0, 0x81, 0x0, 0x101}) sendfile(r2, r2, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) r4 = gettid() setpgid(r4, r4) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) prctl$setendian(0x14, 0x2) fcntl$lock(r2, 0x7, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x3, r4}) ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000002980)) read(r5, &(0x7f0000000040)=""/92, 0x5c) 18:09:45 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x3, 0x8000) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000380)=ANY=[], &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='hugetlbfs\x00', 0x0, 0x0) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000ac5000)='./file0\x00', 0xa400295c) mkdir(&(0x7f0000000040)='./file0//ile0\x00', 0x0) [ 280.970797] binder: undelivered TRANSACTION_ERROR: 29189 [ 281.130219] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1, syncid = 4, id = 0 18:09:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f00000000c0), 0x0) finit_module(r1, &(0x7f00000005c0)='mime_typeInodev)vboxnet1nodev#nodev\\vmnet1/\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000400)="66b9800000c00f326635000400000f300fc71e4425749e66b8eab9ffdd0f23d80f21f86635400000100f23f866b8ef6700000f23c00f21f8663501000f000f23f866b9860b000066b80300000066ba000000000f306666660fd5ef66b8ca9300000f23d00f21f86635100000010f23f8ba6100ec66b80d0000000f23d00f21f866351000000e0f23f8", 0x89}], 0x1, 0x0, &(0x7f0000000180), 0x0) fstatfs(0xffffffffffffffff, &(0x7f0000000200)=""/115) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open$cgroup(&(0x7f0000001c80)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0xffff, 0x3, 0x1f, 0x0, 0x0, 0x0, 0x5, 0xcbe1, 0x2, 0x0, 0x0, 0x0, 0x9cf5, 0x0, 0x5, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000004c0)}, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}, 0xffffffffffffffff, 0x0, r1, 0x8) getsockname$packet(0xffffffffffffffff, &(0x7f0000001d80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001dc0)=0x14) r3 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x2c0141) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x800, 0x8}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={r4, 0x80000000}, 0x8) 18:09:46 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000a80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="9775fcc7ee69a1536e6f64653634"]) [ 281.183609] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1, syncid = 4, id = 0 18:09:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5450, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 281.254707] binder: undelivered TRANSACTION_ERROR: 29189 18:09:46 executing program 3: r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000200)={'nat\x00', 0xb4, "3699474e0949c0659b98abd638d8a8bfc57cdc84f751f5edbd1474b82ac4082a8dd0d4c4a7044c35aa780813c9b27af7df7bd9ed995dd4aea90e59bc03e40667048486b309db46089b57f833e9f6dcd9000235584cb36978038a69be403782d2f8659195cd3e6db7cf3ed152e91bf8281565ee0ac4d6bcad1e41c15df68e2c74fa906aeada5c854d4da65a9f9da11b51e81b3e6511135d03f56c51b7afda2293be98e27ae8e9a881e72c690822c69f1364105871"}, &(0x7f0000000040)=0xd8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x32400}, 0xc, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x26, 0x829, 0x0, 0x0, {0x2804}}, 0x14}}, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000100)={{0x5c, @remote, 0x4e22, 0x4, 'sed\x00', 0x4, 0x4, 0x53}, {@dev={0xac, 0x14, 0x14, 0x1c}, 0x4e22, 0x4, 0x20, 0x8b, 0xffffffffffffffff}}, 0x44) 18:09:46 executing program 1: r0 = inotify_init() mkdir(&(0x7f0000000140)='./control\x00', 0x0) inotify_add_watch(r0, &(0x7f000003a000)='./control\x00', 0x10007ff) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000103000)='./control\x00', 0x40) inotify_add_watch(r1, &(0x7f0000000040)='./control\x00', 0x22000002) [ 281.446250] XFS (loop4): unknown mount option [—uüÇîi¡Snode64]. [ 281.552844] XFS (loop4): unknown mount option [—uüÇîi¡Snode64]. 18:09:46 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000180)=0xffffffffffffffae, 0x800) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) getpgrp(r2) accept4(r1, &(0x7f00000001c0)=@pptp={0x18, 0x2, {0x0, @multicast1}}, &(0x7f0000000240)=0x80, 0x0) 18:09:46 executing program 2: r0 = memfd_create(&(0x7f0000000240)='/dev/autofs\x00', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, {}, 0x0, &(0x7f0000000040)="c483494ba49a0000000000"}, &(0x7f0000b4afe0)={&(0x7f0000000000), {}, 0x0, &(0x7f0000000000)="c4816decef"}, 0x8, &(0x7f0000000140)) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f00000003c0)=""/139) syz_open_procfs(0x0, &(0x7f0000000180)="6e0600ec918c00001c9e0ddf7716aa02d467acccac2fb2bc441521ea5ec772e7eb2f11e38d2bc3636e0fd6434c1d232a4272fb0bba232b8c941e21206cd79606383ef740d7e44a0f5c33a24e71031433633af1068ff0214f37bf779f43cd10c397d99bec18e0837427dd53b0d61810b96a197888bca2d09bdf64fc4ceac4fc854afb268098a8b19f1293b78bb937692f5ba6bf51477ca308b43182") r1 = getpid() r2 = perf_event_open(&(0x7f0000000280)={0x3, 0x70, 0x6, 0x6, 0x20, 0x166cf2a2, 0x0, 0x3, 0x808, 0x1, 0x0, 0xfffffffffffffff8, 0x8, 0x8, 0x401, 0xffff, 0x6, 0x5, 0xa6a4, 0x9, 0x1, 0xa45c, 0x2, 0x7, 0x1, 0x5, 0xfff, 0x2, 0x202, 0x200, 0x3, 0x3ff, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x72, 0x10001, 0x0, 0xf9f5, 0x0, @perf_config_ext, 0x100, 0x4, 0x0, 0x0, 0x0, 0x8}, r1, 0x4, r0, 0x1) ioctl$FICLONE(r2, 0x40049409, r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='/dev/autofs\x00', r0}, 0x10) 18:09:46 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) mlockall(0x2) write$binfmt_misc(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="9a"], 0x1) r2 = accept4(r0, 0x0, &(0x7f0000000040), 0x0) shutdown(r1, 0x1) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0xd0daffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x0, 0x2}, 0x34000}}, 0x0) 18:09:46 executing program 1: r0 = semget$private(0x0, 0x207, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x200]) semtimedop(r0, &(0x7f0000000040)=[{}, {}], 0x2, &(0x7f00000000c0)={0x77359400}) semctl$IPC_RMID(r0, 0x0, 0x10) semop(r0, &(0x7f0000000000)=[{0x1, 0x578, 0x1800}, {0x7, 0x7, 0x800}, {0x2, 0x5, 0x1800}, {0x3, 0x8, 0x1800}, {0x2, 0x1ff, 0x1800}], 0x5) 18:09:46 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000380)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000440)=0x98) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x100000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x105d}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="b4000000000000001690164878b449c8f0c963a5000200000003e807000000000000c7eca93f0097ef6e000000009500000000000000e5c09dde00f3c6488f"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0x3e9, &(0x7f000000cf3d)=""/195}, 0x48) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x40, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000280)={&(0x7f00000001c0)=[0xb9b, 0xff, 0x4, 0xffffffff, 0xfffffffffffffff7, 0x9, 0x0], 0x7, 0x9, 0x5, 0x1, 0x100000001, 0x7f, {0x81, 0x0, 0x1ff, 0x40, 0x6, 0x80000001, 0x105d07ea, 0x9, 0x81, 0x5, 0x73dc, 0xef7, 0x6, 0x3, "cbe3aabfef85efb1762df9fe9ab037f621726fe1a87b0ce8ba0393e8e31340d5"}}) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000140)={'bond_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000240)={'bcsh0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000001500)={{{@in=@dev, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@remote}}, &(0x7f0000001600)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000001640)={{{@in6=@mcast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@remote}}, &(0x7f0000001740)=0xe8) syz_mount_image$xfs(&(0x7f0000000200)='xfs\x00', &(0x7f0000000300)='./file0\x00', 0x9c, 0x7, &(0x7f0000001440)=[{&(0x7f0000000cc0)="287d382825a1e465bddce1685285a7b4170c79b13eb92b78538d7e831056296cc115bed9453602f6580d0e332389048563950cc610623c043d51e38873653707c6b769be10524f9b9e2c067aea6489c14e2fc17854da3c27514fdccddbea93837de28865f310accc72a9563d95381926df57c872cd0cae69ae33eda60334438d8cad426480464a51837cbeb35bc7", 0x8e, 0x40}, {&(0x7f0000000340)="4034cfcb8f1ddc263f4b33082d74024dc59e2d335a607e37c0d4edacfc44458a932a7268d2bbb05d9623", 0x2a, 0x2}, {&(0x7f0000001180)="9ad533feb326b847902f47bb77a937afc74aef73f86551ffe14e58d8cb8ac8dc887c1cc1cb83ab2fdde92641fad1b8e91537e75a031dc367eac0e40475ca97c8d99426a685bff635ee95993b9b1bfaf436b0c7b55dd48903fdcc4ff7f9", 0x5d, 0x3ff}, {&(0x7f0000001200)="24c3f3dc1675651b0b1ecafdb12ad46cbcbcb9a2b5d0137372b87079c34670ab7a20efc452c6aa35348921c74650b5202a01ae8a353427c8c6d4064624f49ca98bd525b1b2c1a0333c66168125180915782bc8cedfe094493c2e1a664cd8fcab8179a1e9b47007ed7ca6d0ca0f16e7d4274bb202a1315d58f5b974327f5342552a6ea38455f44a49ce0126eb62866458956fa064", 0x94, 0x100000000}, {&(0x7f00000012c0)="2f430026ddaeedd801e2881d4053a3df0f9c786672b9f3c5892ee48d98e80516d31db855d6ef93c586d2ca2479137e9d8f31ad2b263cc6a42ad4e2b5cc29ea5b2c55f2247f29c942a49f982ef85edb22710e86f45537938cfb0c727be77d88a6d40cc0f0897d7030dbea5581daf8b5ae46dc2a2bb56f8d116538c651265854b74cfc53c916927149956e7fb8b3be01a356661d39a39e28ec78678f9bf265023098d65cd5420e283b73ed52411a6285c9354ac5154debe38af7f8a22a957325b448a20e9adbc1d494ef42d14e7a80fdeebf3e33b347300aa8c4c257881bd2d644f97b7196767a747af60c9980460951ff5b3dd5", 0xf3, 0x7}, {&(0x7f0000000e80)="f71540aa7c", 0x5, 0xcda}, {&(0x7f00000013c0)="bbeb40f8ee93c0f763868db28af15159482cd9a1bc11563ad661ae73567f5b0d7c5925c268b49533af44f7a009f7c139892090c2a647d9fe0d686d0014e8c2e970", 0x41, 0x6}], 0x100010, &(0x7f0000001800)={[{@sysvgroups='sysvgroups'}, {@mtpt='mtpt'}, {@nouuid='nouuid'}, {@swidth={'swidth', 0x3d, 0x80000000}}, {@uquota='uquota'}, {@usrquota='usrquota'}, {@pquota='pquota'}, {@discard='discard'}], [{@fowner_gt={'fowner>', r4}}, {@fsmagic={'fsmagic', 0x3d, 0x3}}, {@fowner_lt={'fowner<', r5}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@obj_type={'obj_type', 0x3d, "89235b656d30"}}, {@smackfsdef={'smackfsdef', 0x3d, 'bcsh0\x00'}}, {@audit='audit'}]}) accept4$packet(0xffffffffffffffff, &(0x7f0000000ac0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000b00)=0x14, 0x80800) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000b40)={'vcan0\x00', 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000b80)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@loopback}}, &(0x7f0000000c80)=0xe8) accept(0xffffffffffffff9c, &(0x7f0000000d80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000e00)=0x80) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000e40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) accept4$packet(0xffffffffffffffff, &(0x7f0000000ec0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000f00)=0x14, 0x80000) accept$packet(0xffffffffffffffff, &(0x7f0000000f40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000f80)=0x14) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000fc0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f00000010c0)=0xe8) accept4$packet(0xffffffffffffffff, &(0x7f0000001100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001140)=0x14, 0x80800) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000017c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8002}, 0xc, &(0x7f0000001780)={&(0x7f0000000480)=ANY=[@ANYBLOB="e4050000", @ANYRES16=r1, @ANYBLOB="000825bd7000fbdbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="6c02020040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b00000008000400ff7f000008000700000000004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400ff7f0000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000300000008000600", @ANYRES32=r3, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400010000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000800000040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000100004006c6f616462616c616e63650040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r7, @ANYBLOB="080007000000000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004000100010008000100", @ANYRES32=r8, @ANYBLOB="3c00020038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400ff00000008000100", @ANYRES32=r9, @ANYBLOB="4402020038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000500000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000500000038000100240001006c625f73746174735f726566726573685f696e74657276616c0000000000000008000300030000000800040004000000400001002400010071756575655f696400000000000000000000000000000000000000000000000008000300030000000800040032ef646808000600", @ANYRES32=r10, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004007cd2000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400050000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r11, @ANYBLOB="38000100240001006d635573745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400080000003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d000038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000010080004001e080000080001008d4b6801345f01a4f762d1d65fed8852f50d57631cff7973638bf25c0ef5909b14c2ca519790ab99354ec36136", @ANYRES32=r12, @ANYBLOB="800002003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r13, @ANYBLOB="40000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000001000040062726f61646361737400000008000100", @ANYRES32=r14, @ANYBLOB="3c00020038000100240001006d636173745f72656a6f696e5f696e74657276616c000000000000000000000008000300030000000800040008000000"], 0x5e4}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008095) 18:09:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306204, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 281.742725] binder: undelivered TRANSACTION_ERROR: 29189 18:09:46 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) kexec_load(0x3, 0x1, &(0x7f0000000000)=[{&(0x7f0000000140)="d71271ec2a48552d5bd7f9ba2c79d1936c36199c1cd73261d6e93aae3967e3b42a539cd9af951caef65507c2156b9b8e6995b14f7c7a7807dc643e0274db62db8d39ae4e15ff212a4b8b3f01cce54e80cc77991c8bf2f970459b86f5817b43c7794512f8d9463cad45e116a0056881e389dea261198e8f7b8536bfaf66d1697d9bfe451f06dfd22e1803ba20ad257c479f7c682b337460a168d66ab5420b60ab5570fa87447616823f8dae63028a9631b4fccbcc7bb54f47f67ee7b752ac172ddc2c026e2463f604558aa434d30bdb8b04fe0ddd038ef6fcc19447b83a6998af0fbb26194381113c7ee68c7e4ae72a87167765166270fc2aeb725c470df85f497f3987d2b2bbe2e2c3da244680c4663b3557100fb286cccbb21295b4074befb51f78ef5d055e324dd8bba4e9002542166cef186b882ddf757ac67d404726c6b79966698daf0504bcf48eddf71374a27ed073d84fc63d6334393b88b8de342346d4eb87263602ccdecf591293e5e8a08ec1030c91c00a48622af155795a4f7afc0e23e8267033de34efbbc37997c4e268c642a8b696a484b28c6ece0b541160d068c1a951c3660e3cf28964ae5f2846c5b07318b671d413aa7d3356c8ce76eadc52e5513e91caf2a8e8aa6693ac3df44c37f8a7447bd515e563f1ea9f20bbfab17a0fff054b37c3c44f4f1d66db8c1e5ef82c0ebb4d40826a1fa14a61dd87007618171db7159c9833520697141a7bde2fc622108f72744940552742f069b6ea93dcaab7b7e5fd2b0327ed761e1f94522590af523921723769ad29023c928f0ca73d60dc8d96edde7da73007efc6e7350b9c21168045d4fdfb3454c59985c2fb7990425f02981b6bbe0b33f5b432b0c8907cee88a3fd6863a3c709074cfbc89ccbe15eddbc26dcb93fb832b46ae5f5dee391c07365a0e83abb992ebd3854fa9f70a17590beb6b8cecf3ecc6f9bf0a3912d4802de3544bdd753d7787ee529a2f0bf0bc36bf1fcae82588c93d35c314f5a73bbf5476acd214677dfa75acd6415bb904a7d18ad244d032ee91e1197c59d03992ee23a327aacd82b9ab9045f723b3774cff2b3533263c2c2f8cd044dec73b9b472e3e4996d65e48eb139bdeac131a9bb5cc89134f269789fcbf95c16fb4542ef92e987ba45dcfaec986fa6b087b74461e0b7c996ba32aeb55039a74d24bd17221ea3773efd9317c9f0047714e72630b44524f4c83c27b6c0d5589a465debfd30d1a151118965e71ed1a1e7fd002166e7086c4b8d0230b63c5e6cf308713edf08bbfac965e9065234053573fb91acad774afb4e226ba5a42f497725d1adf77870e47ac556fb19ec080bc6854ecf14e96618cf281537109ba6ade90c64cec931b2c317542cfc4510ad4ae10c2dacab4b6996a41bb79dac563633a321f191477e82d2f233af51a800909cb82966a8256d6c5bd834fe9988e8cbb5ff676488b801e8e7e8a82528450e3ff54f96d2c4d6500b99c32276645f0dcc3917cc6a27b67ee0b3040d0c0a084edc91b5997cd2f5f6bcff91efd3f108a04a3bb5d6823da6163d8def7316d63d9dce569b9b84d524332f3a3c5b8ddb95c669d08719918fc656f7d755b4663c86680ce7184804fd487fdadb8858370fb4680f0c47bf07925246f6975ba56d003a99636561a985977ee51d6997886053c783fa640c2439e2c6b74a99607c94f768a0d8830f10aa93a87109b3437d5d7267d8f83b017bb7fe97a46655a173267e9bb463b0b435082d6a951310a1d37b09b684c9e0fe4cf2238a8fdd29090abc9fd867ef64f0dc76ec31b820f763b0e96720783f5c0c531a093a52b56e3a0e78bb70dcc04434e5910778780cab52daa5d3ab9e9ad2c9acc7211f4a0c00e12ef097abd7ed7493e5317fe346c85dccb1315a0d3637faa24d5e19d58f259e3ac46980ca343a04401548be741ae52f4143a57a99ff969c5be987f88ed8a5131ed6c8f2bf2377a38d71dac33981b2bf688aa6d0b4253405432f44493f3811c362429d1409a1007eb3f847bfd7b327ae60f160a0afefea9c0cafce43afa104c0e1d585f46a9173fedc210c60137bfc6e8e28b8bbae2975311e566d9691d942aa055406c25a86a99923fe7bd9657fadd2a12e765635d713d0a4bda7460c73500eda07bd815bea89fe53fadd9ed002d9d9782c75624407b16789c2896d65a19c9abcb9ac0354298306e25b222ef3a16b8597504589571789aa5198b35b382a3c23ff7ed6eae458e87cdff658736d88e0b11c98cc9ceee20b9196857679fe6519bb917b03da5a9ed3f02409f5838642eafdd3385df16995e9396ba49d01bf5d02ced8676beb89d8f5e5322ead5d4999726936953b28008c5d8f6ff89990411a34b6cd7494af1e90b7ea9fbf013a40fb37a2b23634a6b453ddb5553535edd51441162177c89d3d7d4685379184f276dedb401b6eb01bbad461fb176eb1d2b70a525222f5653f24ba108d7a2253b5166bb4ca023d63bb2a6992f0582b91cd205c1708770e2fb0f0983d747a2a54252c2adce7963a5a8504564f96238ddca4561a9b3a550c23de021d8bc177345531de6e55e0181a2c14db4c6584819a5abad359f60cf8bdcee13dbbc83edf59c51df04c3bddf77b888c6fad39e6c8d21ae3034bb2eabbd938a504dd46fb6d0c71a7321e5d7d6c7be3245299fae0433f1230d63cb1240b4bf4cece29d91e1efdab167acb0854a87e3a178a23abbe91fa50cca8559a5398262ce600ee01f074a1787dd70a780068ffcea2e5568b5a37fdd9d7c9659a71661bb6ffdaef571dca9df3aa08bb43835ac7f2619dd319a16ebf8912cb1bf2fa17e461703f3177ef6df232ea5369cabaddc9c51a6559bf54bcbe6b93ed272e170da0516d5d2be845e8a0ea6881470a77fad7aede9fda354923486d04c631eabebd1c2ec51678542cb730edf01f528929630ec8d207784ea917e5cbe60b21185a351fdc869a84e58983fc73bf39802b973b6f1403b9508b6cfb87a0d290405a15e4b4fce377f8ac8ce1a671ebe5dc242a17303b7cadb545d0bdf67ad649cfb81a37197e374ed59fdd3b666e05d141c1487451d44ce557d32ab6d258e441b6ef08d37f681f7072a08bb5ea6dbe558906b7ec64c31ac80b7f9775eb1b76e2f1c5097c6cd92940b946b0632d816019b3626daac40d1f95c429c3c2689fb2070b891ceac6b27b3992b94ccf1c1cd2ab3e85288f520d61fc9cc1e7e7078273048820982f7278e4ab1c435e14bef8ac8f25cae14d424605c13ae13d7b1e8ec07cc25e2befc275ec5ce5606ddba73be3e3a172062c6e37e99978736c9a6802a4fb71a5ac1ec84dec8c1806c8cb6a9be151bfeb1a9898da07ef2c743eb414ca931b5089a2a56a1f049cf6c506964facccfc6d28f1503f3a013ac78ed019bd4ac70681167a363b0f3e993876bd04132858449eafd134632d5a83b35a21779520415ec74dba0643331207ae95b3847cef48307c94e6835b0cd7cca959695ed0cd70090773c1902409c7f80f07eca3e7934d94406e328560912bc33b998aef755e579ccad86eb99f93dc496fe248c06d7f197e0f5f319a24dd3c9fe5504b4620e9c52846921d4fbc390e4ffd8d368960845a7e7c898997fd155e3a37767b5ced95c112299631fd044120f51858abdb6ec8967cc046b8f2e12312bf7687cf2c65ba06ffd59c89ea8ede761b1168e15fcc52560ec62c8376e4e2b3464c6cc28637fe890880d7f9bae9063832d7725dde9f7d4bdb25c8847a5448bfdfd240e94e035472fee62be60d7f0450798ef3460007ae6a1a90ab7989fe0d16b6e8e18da2cffa347a5df9e4f011e9c7de693ddd1eeb555ac28a5e88291b47ec63931a903a244e80898b91799b7f3f83d079353a0fcfbbb24d2e318bf2cca1b67c3edfc5e31dbedc1c4d5aa54b0397df016218d5f05d7b2f995e134dbf8eeb78331c99981a1851c0d06d1833b103434daf3f710635b4de3e4e2ffd7e8112d7021acf940321a4d6674b438606f67027551881e7d9a9dd4daf75759740f60a23d6e41edc1a147a21cfa205dc307ea55c5da579c257ec4938654584fe2cdbf8f0da13dcf950e8e24056df2f5e5bf5efc88ecf89aa81817fe48daed361253b01efc7731315ed7b6c60fa0e3951b746f040a5a4403f1c9189e7371470ed585445689ec9edfb8eae03acaadcbf3cca42d7eb992ebcb1adf83eb04bf46677917dcb18d9f453a8f1f2e87e70ab4c2d04f3491fe4e3289ab1e0e7f14beeb27ce2b8d580794b5f494ff85a97c23464a967c6010a3beff3fbe4d90c76037bcc1e8f08785e1b935c84906b119fdaf6e7191a91f2a0f327c8d01e150a61823d64549b8fbdda10f709a8cfd60225e845c2f08ea28bd9d01122bc38eab4f26aa7ba760b66879cea91b20cd64f0735ea7a4ee350df89e66c45c6669d889393a0de013776555be2fb43f5c40877d50e60acd7a24de8150640d7a01282b06c3cbed368b9f5590a4e03c54605076f1740f6b644055e297c21e4e0cbbff05c4303dcba55f143996a02001b2b0f6c814b90e60cb1f9d7e632bc83af32ce5a5a015abb700843b2ae258a31e59b7f37e5f6c7b9cccb5f327b83034bb167b186916f345a9673d0a8593b08ffb62411e8b43459ef3219988a61bd26fa083ea54957a7c5b152dfde3265d318c123d0819db3d340f16074b00ea0f2403c85d039a27bc06c6164556f4335d9df038741590a43638aea0ecfdef01bce40ab8a2d44b89f92b57217764de35a4342560ef1e7a056a9900eb8025fc10ffd669e4daa87fd34ca37cf498d9ca3dfcb021a89df5f81b5da54640df635e87a99a9913bb4fcfabd55145c8fa9552360c017200f6ca3342786d38802596faf6680606684ac20afe5bcc6b66b4e84fb694d530603bce6d46b7e12a5e2978570e8f5c8a77add83fcb6b9b1d56b0bddd5cfd70dcf60a882b63c9b5839eace6438a276b35abb901d00b7c984758d2ef09a336a4b765fc6552cf3f1694393e72b169899e0ad3ff640a2729c6b6e5f1f72ecd0c95bf0e704cc544d0351a1718ea9200a516d477ed47e7adb641e3457d8062dd9b9cb35902dc22c8bfa3117ad915a638c55bdc32c21f239f134af789c8bb196c69b488c0ad37c3d133654e9d6c0de13e5657f314a09d5c0accdac0cdad692683a6d19f9fad13af20ed3a52eb662a72d957fbe29e359fd748b165c91c86292c4a555aaa19be484d2fce23e591e8037f8af39902942cba48de819f17b427864d536026af11891836fb71ba740044e9f648450ba98cd6a596e68ff1ef1a7190edbcccaf10b9d3ee6fad1c41a5dad0d58c6ead617e56f732b332279592ba2a4c4bd43f07978a0c1978c18f7bf3bba928d1917554f2b421fb7b270f7cd2498852bc5819a9afcd94f62c1ed0382781f59f6591f8c4d0a22b55e2755a7bec2aab4415745958252e3fe0c6371a31eeb00b60b81b1dd057d9c41b3539bbf54c88b7d39b39e955474e73d0aa76e4b24e19234151253ed9650cab01dd3e4d8e7a6c9b5f344e7fd27a302cba78993edbe0c818be5325b7aa99eca3474b5b37b34098326a6dd077583466a3c6441d815016b60a652ad93e60034cedf9c2364b25455d06c63923cf2909e1b2a6bfa377928a97da23973d39da0b89ba08eb73aeeeaf1cea0f17e2f866b43782ceb0f49bc632ce8dc028874755c2dc09938a350e521a9060231b88602f7265112a752baf6015b8411532b3ea356fe25c0707d49dead2a893f8ef6676a5b52e829f32230839cb0bc1ef513bb494214d95c4b197a9fd9ee83fd2f", 0x1000, 0x8, 0x2}], 0x170000) getsockopt$inet_tcp_int(r0, 0x6, 0x17, &(0x7f0000bfcffc), &(0x7f0000000100)=0xfc4d) 18:09:46 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) [ 281.895682] binder: 8953:8956 ioctl c0306204 2000efd0 returned -22 18:09:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x4020940d, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:47 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xffff, 0x2) write$P9_RMKNOD(r0, &(0x7f0000000080)={0x1c4}, 0xfffffea1) ioctl$int_in(r0, 0x80000000005008, &(0x7f0000000040)) [ 282.018437] binder: undelivered TRANSACTION_ERROR: 29189 18:09:47 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80000, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffff9c, &(0x7f0000000240)={0x16, 0x98, 0xfa00, {&(0x7f0000000200)={0xffffffffffffffff}, 0x4, 0xffffffffffffffff, 0x30, 0x1, @in={0x2, 0x4e22, @rand_addr=0x9}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000300)={0x11, 0x10, 0xfa00, {&(0x7f00000001c0), r2}}, 0x18) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000100), 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000340)=""/21) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180), 0x2) [ 282.132974] overlayfs: missing 'lowerdir' 18:09:47 executing program 1: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs, &(0x7f00000001c0)=0x6e) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) capset(&(0x7f00000000c0), &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x200000000}) setpriority(0x2, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000001400)) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x100000001, 0x0, 0x3}, 0xffffffffffffff9b) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000440)={0x0, 0x8e, &(0x7f0000000340)="b97007f6187026fd98aceb571d963b5df8301641b5c06b229caa2c3f8d1799983b4bc784ea6ad37e45b269b75f5c4f907eb471d41094a23e1ad26657d1b3e93f544998f7332f97435d4bfb7fb33d027a56cc430f6898267d40ebf31661ca4a72bc8032f6d8b9040ad508038267405d05a78ef298791787c4d6de008c2b01dfe55ad02b39822ffbd6480dfdbdeb66"}) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000200)={r3, 0x1}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x0, 0x7, 0x6}]}, 0x10) recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x2, 0x0, &(0x7f0000001540)={0x77359400}) keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000300)='user\x00', 0x0) 18:09:47 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=0x0) prctl$setptracer(0x59616d61, r0) set_mempolicy(0xffffffffffffffff, &(0x7f0000000140)=0xfffd, 0x4) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x6f) set_mempolicy(0x0, &(0x7f0000000080), 0x1) syz_open_dev$admmidi(&(0x7f0000000840)='/dev/admmidi#\x00', 0x6, 0x12000) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000940)='memory.stat\x00', 0x0, 0x0) r2 = accept$inet6(r1, &(0x7f0000000900)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000008c0)=0xfffffffffffffe59) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000300)={0x6, {{0xa, 0x4e23, 0x40, @mcast2, 0x200}}, 0x0, 0x8, [{{0xa, 0x4e23, 0x9, @empty, 0x3}}, {{0xa, 0x4e24, 0x5, @empty, 0x3}}, {{0xa, 0x4e20, 0x4, @mcast2, 0x400}}, {{0xa, 0x4e22, 0x5, @loopback, 0x8}}, {{0xa, 0x4e20, 0xb8, @mcast1}}, {{0xa, 0x4e23, 0x0, @ipv4={[], [], @rand_addr=0x4}, 0x400}}, {{0xa, 0x4e23, 0x7, @ipv4={[], [], @multicast2}}}, {{0xa, 0x4e20, 0xffff, @local, 0x4}}]}, 0x490) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0x5, 0xff, 0x9, 0x2000000009}, &(0x7f0000000280)=0x14) r4 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x6, 0x40000) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={r3, 0x7}, &(0x7f0000000180)=0x8) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4) 18:09:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5460, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:47 executing program 4: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @local}, 0x1c) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000000), 0x4) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000080)) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000100)="6ccc283e0ffdac6075f8b0b866711399f4e708d789d9b29a245feb0c825821b6ae09cd3e56a3d70e658796ffc0ba1a1cf932c1001703903735cfaf1a4f165b496cada1754efe3988784a087de833dd0a47483f18568f33af659d5c1bc6892c4689f5a3a827f5af96cf44c0a2eeecbdd851b96c03ad8e3fe47e191b15578efea66d6a55b7af0ab28abbc53470fb0e4901594802c44e5de8dc433f39098a67adb211622c73cdf424f8963b") perf_event_open$cgroup(&(0x7f0000000200)={0x2, 0x70, 0x100, 0xffffffffffff8000, 0x2, 0x5, 0x0, 0x6, 0x849, 0xf, 0x80000000, 0x2, 0x1, 0x6622, 0xabe, 0x9, 0x8, 0x100000001, 0x8, 0x6, 0x7f, 0x9e4e, 0xfff8000000000000, 0x2, 0x12000000, 0x40, 0xe905, 0xb1c9, 0x400, 0x0, 0x3, 0x4, 0x0, 0x100000001, 0x6, 0x10001, 0x3f94, 0x4, 0x0, 0x5, 0x1, @perf_bp={&(0x7f00000001c0), 0x1}, 0x0, 0xa5e, 0x3, 0x6, 0x2, 0x46, 0x400}, r1, 0x1, r1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) splice(r2, 0x0, r3, 0x0, 0x7fffffff, 0xc) setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000040)={0x5, 0x9, 0x3ff, 0x7fff}, 0x10) [ 282.213306] binder: undelivered TRANSACTION_ERROR: 29189 [ 282.247488] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:09:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046207, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 282.377935] overlayfs: missing 'lowerdir' 18:09:47 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0xffffffffffffff39, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xc, 0xffffffffffffffff, 0xa) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer\x00', 0x400, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x20080, 0x0) accept4$nfc_llcp(r1, &(0x7f0000000280), &(0x7f0000000300)=0x60, 0x7ffff) r2 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000100)={0xc1, @tick, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e00]}) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x5, 0x131140) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000380)=0x7ff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x7fff, 0x4000) ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f00000001c0)={0x20000000000000, 0xfffffffffffffffa, 0x7fffffff, 0xffffffff}) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x1, 0x0) dup(r3) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fcntl$addseals(r5, 0x409, 0x6) connect$l2tp(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0xffffffffffffffc2) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000580)={0x0, 0x2334}, &(0x7f00000005c0)=0x8) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={r0, 0x10, &(0x7f0000000340)={&(0x7f0000000780)=""/222, 0xde, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r6, 0x10, &(0x7f0000000880)={&(0x7f00000006c0)=""/168, 0xa8, r7}}, 0x10) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000900)=ANY=[@ANYBLOB="000000e3b1000000000000000000b94664c4a5682c3c77b535fe82d941c1b0c58c877e299cef7b96beda0bb4ac2bd6aa0435a8a1161a1f56083a3b94aaad1cb0cae4185107f791cdf4cac56f075df158cc164f"], 0x1) seccomp(0x1, 0x1, &(0x7f00000004c0)={0x2, &(0x7f0000000480)=[{0x5, 0x6, 0xfffffffffffffffe, 0x1}, {0x8, 0x5, 0x50, 0x7}]}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x3, &(0x7f0000000000)) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8811e78754a539d39c2bd6a40fa8c8aa024d86cdc834bc921c0525fec2541e21ccf67e1d7b55cabe9e068dd58ce565aa9a9d325ebac7627ffe7a54cdbd77b3", 0x2b}, 0x60) socket$xdp(0x2c, 0x3, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, &(0x7f0000000040), 0x4) getsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000400), &(0x7f0000000440)=0x8) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40a85321, &(0x7f0000000080)={0x0, 0x2}) 18:09:47 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) 18:09:47 executing program 4: r0 = socket$inet6(0xa, 0x4, 0x800080000) ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") unshare(0x400) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x10001, 0x408040) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f0000000080)) ptrace$getregset(0x4204, 0x0, 0x4, &(0x7f0000000380)={&(0x7f0000000300)=""/93, 0x5d}) fstatfs(r0, &(0x7f00000003c0)=""/4096) syncfs(0xffffffffffffffff) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000000c0)) write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x2}, 0x7) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000100)={{0xffffffffffffffc1, 0x53e55555}, {0x1689, 0x3f4c}, 0x8, 0x3, 0xffff}) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000480)=ANY=[]) 18:09:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620b, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:47 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) openat$cgroup_int(r0, &(0x7f0000000140)='cgroup.max.depth\x00', 0x2, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x1, 0x10001) getsockname$packet(0xffffffffffffffff, &(0x7f0000001780)={0x11, 0x0, 0x0}, &(0x7f00000017c0)=0x14) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000001800)={r2, @broadcast, @local}, 0xc) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0x200, 0x4) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f00000002c0)=0x2, 0x4fb) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0xfffffefffffffffe, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000c86000), &(0x7f0000000000)=0xfffffd62) getsockopt$inet6_buf(r1, 0x29, 0xff, &(0x7f0000000300)=""/205, &(0x7f00000001c0)=0xcd) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000080)=@generic={0x2, 0x6}) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast2, 0xb14d, 0x3, 0xff, 0x8, 0x4, 0x2, 0x5}, &(0x7f0000000100)=0x20) [ 282.723902] binder_send_failed_reply: 9 callbacks suppressed [ 282.723913] binder: send failed reply for transaction 139 to 9022:9023 18:09:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc020660b, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 282.812113] overlayfs: missing 'lowerdir' [ 282.832234] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 283.009393] binder: send failed reply for transaction 141 to 9037:9039 18:09:48 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80000, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffff9c, &(0x7f0000000240)={0x16, 0x98, 0xfa00, {&(0x7f0000000200)={0xffffffffffffffff}, 0x4, 0xffffffffffffffff, 0x30, 0x1, @in={0x2, 0x4e22, @rand_addr=0x9}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000300)={0x11, 0x10, 0xfa00, {&(0x7f00000001c0), r2}}, 0x18) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000100), 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000340)=""/21) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180), 0x2) 18:09:48 executing program 1: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs, &(0x7f00000001c0)=0x6e) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) capset(&(0x7f00000000c0), &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x200000000}) setpriority(0x2, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000001400)) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x100000001, 0x0, 0x3}, 0xffffffffffffff9b) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000440)={0x0, 0x8e, &(0x7f0000000340)="b97007f6187026fd98aceb571d963b5df8301641b5c06b229caa2c3f8d1799983b4bc784ea6ad37e45b269b75f5c4f907eb471d41094a23e1ad26657d1b3e93f544998f7332f97435d4bfb7fb33d027a56cc430f6898267d40ebf31661ca4a72bc8032f6d8b9040ad508038267405d05a78ef298791787c4d6de008c2b01dfe55ad02b39822ffbd6480dfdbdeb66"}) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000200)={r3, 0x1}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x0, 0x7, 0x6}]}, 0x10) recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x2, 0x0, &(0x7f0000001540)={0x77359400}) keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000300)='user\x00', 0x0) [ 283.088713] binder_release_work: 9 callbacks suppressed [ 283.088718] binder: undelivered TRANSACTION_COMPLETE 18:09:48 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") unshare(0x24020400) getsockopt$inet6_buf(r0, 0x29, 0xff, &(0x7f0000000000)=""/49, &(0x7f0000000040)=0x31) ioctl$FS_IOC_FSGETXATTR(r0, 0x4004550d, &(0x7f00000001c0)) 18:09:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5452, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:09:48 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) 18:09:48 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0xffffffffffffff39, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xc, 0xffffffffffffffff, 0xa) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer\x00', 0x400, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x20080, 0x0) accept4$nfc_llcp(r1, &(0x7f0000000280), &(0x7f0000000300)=0x60, 0x7ffff) r2 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000100)={0xc1, @tick, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e00]}) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x5, 0x131140) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000380)=0x7ff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x7fff, 0x4000) ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f00000001c0)={0x20000000000000, 0xfffffffffffffffa, 0x7fffffff, 0xffffffff}) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x1, 0x0) dup(r3) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fcntl$addseals(r5, 0x409, 0x6) connect$l2tp(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0xffffffffffffffc2) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000580)={0x0, 0x2334}, &(0x7f00000005c0)=0x8) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={r0, 0x10, &(0x7f0000000340)={&(0x7f0000000780)=""/222, 0xde, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r6, 0x10, &(0x7f0000000880)={&(0x7f00000006c0)=""/168, 0xa8, r7}}, 0x10) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000900)=ANY=[@ANYBLOB="000000e3b1000000000000000000b94664c4a5682c3c77b535fe82d941c1b0c58c877e299cef7b96beda0bb4ac2bd6aa0435a8a1161a1f56083a3b94aaad1cb0cae4185107f791cdf4cac56f075df158cc164f"], 0x1) seccomp(0x1, 0x1, &(0x7f00000004c0)={0x2, &(0x7f0000000480)=[{0x5, 0x6, 0xfffffffffffffffe, 0x1}, {0x8, 0x5, 0x50, 0x7}]}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x3, &(0x7f0000000000)) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8811e78754a539d39c2bd6a40fa8c8aa024d86cdc834bc921c0525fec2541e21ccf67e1d7b55cabe9e068dd58ce565aa9a9d325ebac7627ffe7a54cdbd77b3", 0x2b}, 0x60) socket$xdp(0x2c, 0x3, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, &(0x7f0000000040), 0x4) getsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000400), &(0x7f0000000440)=0x8) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40a85321, &(0x7f0000000080)={0x0, 0x2}) [ 283.346512] binder: send failed reply for transaction 143 to 9057:9061 [ 283.374261] psmouse serio4: Failed to reset mouse on : -5 18:09:48 executing program 4: clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) recvmsg(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f00000025c0), 0x0, &(0x7f0000002640)=""/146, 0x92}, 0x0) mknod(&(0x7f0000000140)='./file0\x00', 0xffc, 0x0) execve(&(0x7f0000000080)='./file0\x00', &(0x7f0000000c00)=[&(0x7f0000000540)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f00000008c0)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac"], &(0x7f0000001ac0)=[&(0x7f0000000c40)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f0000000e40)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f0000001040)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f0000001280)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f0000001480)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f0000001680)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac", &(0x7f0000001880)="676342c62bbfcc5f8120d5b9934c3987844bb9210e5820637a6714ec2aeda675c4142adb5fe85c960aa6290bf920dd627ce71482c390f90d3f69864c7077bae10b1a3947040c706650cfee3c3a431e5c1f26afea3f9107ea8d0583614af076c0718493696c0b0308ad540714d7d5758482b2d4281d04f20be98adf55d11f9b1d326d5251ea90a06d23a41d799de9fa06a2379d3be4b486a726a963361b8da624821b9a82c06f2f8c97b9424a689fb222956ad7504e897fc84142c77d54be8a4f9d948df1e7e2adddc2b7e841632a76f7168f65ef84f56ba9ebeb74c3f166ca042aecfae562ebb499ef537682e2e302297350255aad83dabe32a9f2da48f27bf67e0fb9dd2e0657d71d473c1e0c3263f4a0640188eecc18280d6170983fb124e9e92ba6fbb1c631f1e76dfd05eea04ce44322bad5915d5db236bf41860cda0c69c8ef6c262a225f5e35d1204817f0cc0710647862c2136d5b50ac5dc2c1a81d665fca78bdf46d1e186f636355b55cf505eca3980c318999f0508e1be39eb90ff9b0ad649d3d6494ecce5178dbf67a472133d705f0586bb7766f3f3148861932b226a59dd7bc8507fe72140ed93d9fa1da40c72d93bc34c0fef6f6c4c35a543e5211baf9170d980706e880efdf871ffdb8999c19b4ac"]) 18:09:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046205, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 283.427004] overlayfs: missing 'lowerdir' [ 283.434690] binder: undelivered TRANSACTION_COMPLETE 18:09:48 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000000c0)={0x1000000, 0x800800000000006}) [ 283.513977] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:09:48 executing program 1: getuid() perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000001880)={{{@in=@multicast2}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in6}}, &(0x7f0000001980)=0xe8) getresuid(&(0x7f0000004580), &(0x7f00000045c0), &(0x7f0000004600)) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) r1 = open(&(0x7f0000000000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x10004) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)={0xffffffffffffffff}, 0x111, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000280)={0xf, 0x8, 0xfa00, {r2, 0xb}}, 0x10) [ 283.601485] binder: send failed reply for transaction 145 to 9074:9079 18:09:48 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0xffffffffffffffff, r0, 0x0, 0x1, &(0x7f0000000200)='\x00', 0xffffffffffffffff}, 0x30) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/pid\x00') fsetxattr$security_ima(r0, &(0x7f00000001c0)='security.ima\x00', &(0x7f0000000300)=@md5={0x1, "149b9f43d44925ac5d7590e6b6a9adff"}, 0x11, 0x98391aa8d00f7f6a) fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000040)={0x9, 0x3, 0x9, 0x8, 0x64a6aba6, 0xffffffff}) r2 = dup2(r1, 0xffffffffffffffff) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) uselib(&(0x7f0000000000)='./file0\x00') request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00@\x00'}, &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0) ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f00000003c0)=""/74) 18:09:48 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) [ 283.741946] binder: undelivered TRANSACTION_COMPLETE [ 283.889838] overlayfs: missing 'lowerdir' [ 283.989768] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 285.894167] misc userio: Buffer overflowed, userio client isn't keeping up [ 289.254151] misc userio: Buffer overflowed, userio client isn't keeping up [ 293.034181] misc userio: Buffer overflowed, userio client isn't keeping up [ 296.604130] misc userio: Buffer overflowed, userio client isn't keeping up [ 300.794194] misc userio: Buffer overflowed, userio client isn't keeping up [ 302.895465] input: PS/2 Generic Mouse as /devices/serio4/input/input14 [ 303.114143] psmouse serio4: Failed to enable mouse on 18:10:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) r1 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x0, 0x0) dup2(r0, r1) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000080)) 18:10:08 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000000)=""/246) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x20004e23, 0x0, @remote, 0x800}, 0x1c) r1 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x5, 0x40000) ioctl$sock_SIOCBRADDBR(r0, 0x890c, &(0x7f00000002c0)='teql0\x00') write$P9_RAUTH(r1, &(0x7f0000000400)={0x14, 0x67, 0x2, {0x40, 0x3, 0x2}}, 0x14) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r1, 0x40405514, &(0x7f00000003c0)={0x5, 0x7, 0x4, 0x0, 'syz0\x00', 0xfffffffffffffffa}) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)={0xd0, r2, 0x780, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x50}, @IPVS_CMD_ATTR_DAEMON={0x78, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x20}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x1b}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x1d}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x1}, 0x40) 18:10:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40049409, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:08 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0xffffffffffffffff, r0, 0x0, 0x1, &(0x7f0000000200)='\x00', 0xffffffffffffffff}, 0x30) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/pid\x00') fsetxattr$security_ima(r0, &(0x7f00000001c0)='security.ima\x00', &(0x7f0000000300)=@md5={0x1, "149b9f43d44925ac5d7590e6b6a9adff"}, 0x11, 0x98391aa8d00f7f6a) fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000040)={0x9, 0x3, 0x9, 0x8, 0x64a6aba6, 0xffffffff}) r2 = dup2(r1, 0xffffffffffffffff) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) uselib(&(0x7f0000000000)='./file0\x00') request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00@\x00'}, &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0) ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f00000003c0)=""/74) 18:10:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000840), 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000380), 0x0) recvmmsg(r1, &(0x7f0000005740)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002a00)=""/207, 0xcf}, {&(0x7f0000002bc0)=""/4096, 0x1000}], 0x2, &(0x7f00000001c0)}}], 0x440, 0x0, 0x0) 18:10:08 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) [ 303.245616] binder: send failed reply for transaction 147 to 9110:9112 18:10:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfeffffff, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 303.325595] overlayfs: missing 'lowerdir' [ 303.337511] binder: undelivered TRANSACTION_COMPLETE [ 303.342680] binder_release_work: 6 callbacks suppressed [ 303.342687] binder: undelivered TRANSACTION_ERROR: 29189 18:10:08 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0xffffffffffffffff, r0, 0x0, 0x1, &(0x7f0000000200)='\x00', 0xffffffffffffffff}, 0x30) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/pid\x00') fsetxattr$security_ima(r0, &(0x7f00000001c0)='security.ima\x00', &(0x7f0000000300)=@md5={0x1, "149b9f43d44925ac5d7590e6b6a9adff"}, 0x11, 0x98391aa8d00f7f6a) fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000040)={0x9, 0x3, 0x9, 0x8, 0x64a6aba6, 0xffffffff}) r2 = dup2(r1, 0xffffffffffffffff) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) uselib(&(0x7f0000000000)='./file0\x00') request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00@\x00'}, &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0) ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f00000003c0)=""/74) 18:10:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendto$inet6(r0, &(0x7f0000000180)="8e", 0x1, 0x8000, &(0x7f0000000200), 0x1c) sendto$llc(r0, &(0x7f00000001c0)='*', 0x1, 0x0, 0x0, 0x0) [ 303.424391] binder: send failed reply for transaction 149 to 9134:9137 [ 303.439144] binder: 9134:9137 unknown command 0 [ 303.456841] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 303.478861] binder: 9134:9137 ioctl c0306201 2000efd0 returned -22 18:10:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfffffffe, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:08 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x800000000002) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') setxattr$security_smack_entry(&(0x7f0000000580)='./file0\x00', &(0x7f0000000680)='security.SMACK64IPOUT\x00', &(0x7f0000000700)='ramfs\x00', 0x6, 0x0) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)) [ 303.530903] binder: undelivered TRANSACTION_COMPLETE [ 303.536199] binder: undelivered TRANSACTION_ERROR: 29189 18:10:08 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 303.615663] binder: send failed reply for transaction 151 to 9161:9162 [ 303.623027] binder: 9161:9162 unknown command 0 [ 303.640614] binder: 9161:9162 ioctl c0306201 2000efd0 returned -22 [ 303.703340] binder: undelivered TRANSACTION_COMPLETE [ 303.709297] binder: undelivered TRANSACTION_ERROR: 29189 [ 303.790783] overlayfs: missing 'lowerdir' [ 303.845166] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x8000000000000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040000000000040400000100dfffb7050000080000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x10, 0x2f, &(0x7f0000000280)="3de5a9deb9304d1bd7b5c63760ba4541", &(0x7f0000000080)=""/47}, 0x28) 18:10:09 executing program 4: ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, &(0x7f0000000340)=""/95) socketpair(0x0, 0x0, 0x0, &(0x7f00000000c0)) clone(0x20802102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)='posix_acl_access\x00', 0xffffffffffffffff}, 0x30) sched_setscheduler(0x0, 0x400000000000005, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b700000000800000bfa3ac9b581a0f7c085e000020feffff17df35f9f8ffffff79a4f0ff00000000b7060000000000012d640300000000006504040001ed0ebb1c04000000000000b7050000000000000f03000000010000850000002e00000047acf1ab000000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x48) 18:10:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) timer_delete(0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f00000000c0), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, &(0x7f0000000300)="67660f3a400300baf80c66b85fbeb78066efbafc0cb0e3eeba200066edc30f350f20e06635200000000f22e0660f3830b3708f3e0f060f01712166b9800000c00f326635000100000f30", 0x4a}], 0x1, 0x10, &(0x7f0000000240), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 18:10:09 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:09 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 304.192521] binder: send failed reply for transaction 153 to 9190:9197 [ 304.202059] binder: 9190:9197 unknown command 0 [ 304.228887] binder: 9190:9197 ioctl c0306201 2000efd0 returned -22 18:10:09 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 304.268972] overlayfs: missing 'lowerdir' 18:10:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x1000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 304.316565] binder: undelivered TRANSACTION_COMPLETE [ 304.321875] binder: undelivered TRANSACTION_ERROR: 29189 [ 304.348243] overlayfs: missing 'lowerdir' 18:10:09 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) [ 304.413136] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 304.450140] binder: send failed reply for transaction 155 to 9217:9219 [ 304.457307] binder: 9217:9219 unknown command 0 [ 304.499623] binder: 9217:9219 ioctl c0306201 2000efd0 returned -22 18:10:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x100000000000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 304.563288] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 304.572544] overlayfs: missing 'lowerdir' [ 304.585712] overlayfs: missing 'lowerdir' [ 304.599880] binder: undelivered TRANSACTION_COMPLETE [ 304.605386] binder: undelivered TRANSACTION_ERROR: 29189 18:10:09 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 304.658690] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 304.756382] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:09 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) 18:10:09 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 304.810873] binder: send failed reply for transaction 157 to 9233:9239 [ 304.818451] binder: 9233:9239 unknown command 0 [ 304.846564] binder: 9233:9239 ioctl c0306201 2000efd0 returned -22 [ 304.853860] overlayfs: missing 'lowerdir' [ 304.924586] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:09 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfdfdffff00000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 305.010122] binder: undelivered TRANSACTION_COMPLETE [ 305.015315] binder: undelivered TRANSACTION_ERROR: 29189 [ 305.100235] overlayfs: missing 'lowerdir' [ 305.115845] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 305.147280] overlayfs: missing 'lowerdir' [ 305.165083] binder: send failed reply for transaction 159 to 9262:9267 [ 305.172314] binder: 9262:9267 unknown command 0 [ 305.189975] binder: 9262:9267 ioctl c0306201 2000efd0 returned -22 18:10:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) timer_delete(0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f00000000c0), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, &(0x7f0000000300)="67660f3a400300baf80c66b85fbeb78066efbafc0cb0e3eeba200066edc30f350f20e06635200000000f22e0660f3830b3708f3e0f060f01712166b9800000c00f326635000100000f30", 0x4a}], 0x1, 0x10, &(0x7f0000000240), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 18:10:10 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfeffffff00000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 305.215118] overlayfs: missing 'lowerdir' [ 305.234698] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 305.250614] binder: undelivered TRANSACTION_COMPLETE [ 305.255872] binder: undelivered TRANSACTION_ERROR: 29189 18:10:10 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:10 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:10 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) [ 305.386532] binder: send failed reply for transaction 161 to 9278:9279 [ 305.404740] binder: 9278:9279 unknown command 0 18:10:10 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 305.442329] binder: 9278:9279 ioctl c0306201 2000efd0 returned -22 18:10:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x2000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 305.545327] binder: undelivered TRANSACTION_COMPLETE [ 305.550686] binder: undelivered TRANSACTION_ERROR: 29189 [ 305.605092] overlayfs: missing 'lowerdir' [ 305.634954] overlayfs: missing 'lowerdir' [ 305.679945] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 305.680582] binder: send failed reply for transaction 163 to 9307:9310 [ 305.696963] binder: 9307:9310 unknown command 0 18:10:10 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 305.730987] binder: 9307:9310 ioctl c0306201 2000efd0 returned -22 [ 305.819531] binder: undelivered TRANSACTION_COMPLETE [ 305.825185] binder: undelivered TRANSACTION_ERROR: 29189 18:10:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x3000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:10 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:10 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 305.910476] binder: send failed reply for transaction 165 to 9323:9324 [ 305.916168] overlayfs: missing 'lowerdir' [ 305.917640] binder: 9323:9324 unknown command 0 [ 305.928674] binder: 9323:9324 ioctl c0306201 2000efd0 returned -22 [ 306.017526] overlayfs: missing 'lowerdir' 18:10:11 executing program 1: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x3, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 306.049558] binder: undelivered TRANSACTION_COMPLETE [ 306.054830] binder: undelivered TRANSACTION_ERROR: 29189 [ 306.077425] overlayfs: missing 'lowerdir' [ 306.126249] binder: 9336:9338 unknown command 0 18:10:11 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 306.185232] binder: 9336:9338 ioctl c0306201 2000efd0 returned -22 [ 306.222496] overlayfs: missing 'lowerdir' 18:10:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x200000000000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:11 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 306.373509] overlayfs: missing 'lowerdir' [ 306.496528] binder: 9362:9363 unknown command 0 [ 306.510030] binder: 9362:9363 ioctl c0306201 2000efd0 returned -22 18:10:11 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x300000000000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:11 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfdfdffff, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 306.687654] binder: 9380:9381 unknown command 0 [ 306.692492] binder: 9380:9381 ioctl c0306201 2000efd0 returned -22 [ 306.715631] overlayfs: missing 'lowerdir' [ 306.720332] overlayfs: missing 'lowerdir' [ 306.733043] overlayfs: missing 'lowerdir' [ 306.851481] binder: 9397:9398 unknown command 0 18:10:11 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 306.892024] binder: 9397:9398 ioctl c0306201 2000efd0 returned -22 [ 306.897330] overlayfs: missing 'lowerdir' 18:10:11 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x300, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 307.100164] overlayfs: missing 'lowerdir' 18:10:12 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 307.160480] overlayfs: missing 'lowerdir' [ 307.214013] binder: 9414:9419 unknown command 0 [ 307.264871] binder: 9414:9419 ioctl c0306201 2000efd0 returned -22 18:10:12 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x4000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:12 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 307.460943] overlayfs: missing 'lowerdir' 18:10:12 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 307.559258] binder: 9452:9453 unknown command 0 18:10:12 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xffffffff00000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 307.596972] overlayfs: missing 'lowerdir' [ 307.603935] binder: 9452:9453 ioctl c0306201 2000efd0 returned -22 18:10:12 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 307.659327] overlayfs: missing 'lowerdir' [ 307.772632] 9pnet_virtio: no channels available for device / [ 307.804579] binder: 9471:9473 unknown command 0 [ 307.809347] binder: 9471:9473 ioctl c0306201 2000efd0 returned -22 [ 307.820973] overlayfs: missing 'lowerdir' 18:10:12 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 307.860000] overlayfs: missing 'lowerdir' 18:10:12 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x4000000000000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:12 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:12 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 308.074852] overlayfs: missing 'lowerdir' [ 308.082686] binder: 9488:9491 unknown command 0 [ 308.090288] binder: 9488:9491 ioctl c0306201 2000efd0 returned -22 [ 308.125329] overlayfs: missing 'lowerdir' [ 308.142977] overlayfs: missing 'lowerdir' [ 308.162983] overlayfs: missing 'lowerdir' 18:10:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x40000000, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:13 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:13 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:13 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:13 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:13 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 308.373776] binder_send_failed_reply: 8 callbacks suppressed [ 308.373788] binder: send failed reply for transaction 183 to 9521:9522 [ 308.390885] binder: 9521:9522 unknown command 0 [ 308.398160] overlayfs: missing 'lowerdir' [ 308.411009] binder: 9521:9522 ioctl c0306201 2000efd0 returned -22 [ 308.476921] EXT4-fs: 21 callbacks suppressed [ 308.476936] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfffffdfd, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:13 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 308.529154] overlayfs: missing 'lowerdir' [ 308.535677] binder_release_work: 8 callbacks suppressed [ 308.535683] binder: undelivered TRANSACTION_COMPLETE [ 308.589038] binder_release_work: 8 callbacks suppressed [ 308.589044] binder: undelivered TRANSACTION_ERROR: 29189 [ 308.628089] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:13 executing program 1: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:13 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:13 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 308.726699] binder: send failed reply for transaction 185 to 9552:9557 [ 308.733768] binder: 9552:9557 unknown command 0 [ 308.756799] binder: 9552:9557 ioctl c0306201 2000efd0 returned -22 18:10:13 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 308.811360] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 308.845243] overlayfs: missing 'lowerdir' 18:10:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x2, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:13 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 308.858804] binder: undelivered TRANSACTION_COMPLETE [ 308.864241] binder: undelivered TRANSACTION_ERROR: 29189 [ 308.866124] overlayfs: missing 'lowerdir' [ 308.885368] overlayfs: missing 'lowerdir' [ 308.920944] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 308.955416] 9pnet_virtio: no channels available for device / [ 308.962361] overlayfs: missing 'lowerdir' [ 308.977772] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:14 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.044580] binder: send failed reply for transaction 187 to 9577:9584 [ 309.052039] binder: 9577:9584 unknown command 0 [ 309.057853] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 309.073469] binder: 9577:9584 ioctl c0306201 2000efd0 returned -22 [ 309.115127] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:14 executing program 1: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.164357] overlayfs: missing 'lowerdir' 18:10:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x2, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 309.191350] binder: undelivered TRANSACTION_COMPLETE [ 309.196769] binder: undelivered TRANSACTION_ERROR: 29189 18:10:14 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.233958] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 309.245742] overlayfs: missing 'lowerdir' [ 309.312385] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 309.336393] binder: send failed reply for transaction 189 to 9608:9611 18:10:14 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.380103] overlayfs: missing 'lowerdir' 18:10:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xffffffff00000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:14 executing program 1: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.470967] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 309.529250] 9pnet_virtio: no channels available for device / [ 309.542435] binder: send failed reply for transaction 191 to 9625:9627 [ 309.575084] overlayfs: missing 'lowerdir' 18:10:14 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.626625] overlayfs: missing 'lowerdir' 18:10:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x100000000000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:14 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 1: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.783265] overlayfs: missing 'lowerdir' 18:10:14 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:14 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xfdfdffff, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 309.855043] overlayfs: missing 'lowerdir' [ 309.863809] binder: send failed reply for transaction 193 to 9651:9662 [ 309.890873] overlayfs: missing 'lowerdir' [ 309.967269] overlayfs: missing 'lowerdir' 18:10:15 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 309.996383] 9pnet_virtio: no channels available for device / [ 310.019793] binder: send failed reply for transaction 195 to 9681:9682 18:10:15 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 310.061939] overlayfs: missing 'lowerdir' 18:10:15 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x2000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 310.152603] overlayfs: missing 'lowerdir' 18:10:15 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:15 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 310.253080] overlayfs: missing 'lowerdir' [ 310.293088] binder: send failed reply for transaction 197 to 9704:9708 [ 310.328134] overlayfs: missing 'lowerdir' 18:10:15 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:15 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x8000000000000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 310.341480] overlayfs: missing 'lowerdir' 18:10:15 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:15 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 310.476314] binder: send failed reply for transaction 199 to 9724:9728 18:10:15 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x300000000000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 310.543405] overlayfs: missing 'lowerdir' [ 310.623658] overlayfs: missing 'lowerdir' 18:10:15 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 310.656439] overlayfs: missing 'lowerdir' 18:10:15 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 310.685523] overlayfs: missing 'lowerdir' [ 310.692157] binder: send failed reply for transaction 201 to 9747:9751 18:10:15 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:15 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x40000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 310.773719] 9pnet_virtio: no channels available for device / [ 310.849434] overlayfs: missing 'lowerdir' 18:10:15 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:15 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 310.926026] overlayfs: missing 'lowerdir' 18:10:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x300, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:15 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.001650] overlayfs: missing 'lowerdir' [ 311.046456] overlayfs: missing 'lowerdir' 18:10:16 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:16 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.142007] overlayfs: missing 'lowerdir' 18:10:16 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x3, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:16 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.268170] overlayfs: missing 'lowerdir' [ 311.279652] overlayfs: missing 'lowerdir' 18:10:16 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.333661] overlayfs: missing 'lowerdir' 18:10:16 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:16 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xfffffffe, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 311.465678] overlayfs: missing 'lowerdir' 18:10:16 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:16 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.575653] overlayfs: missing 'lowerdir' [ 311.575656] overlayfs: missing 'lowerdir' 18:10:16 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:16 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.684488] overlayfs: missing 'lowerdir' 18:10:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xfdfdffff00000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 311.708988] overlayfs: missing 'lowerdir' [ 311.719349] overlayfs: missing 'lowerdir' 18:10:16 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:16 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.823935] overlayfs: missing 'lowerdir' 18:10:16 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:16 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.952597] overlayfs: missing 'lowerdir' 18:10:16 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 311.976248] overlayfs: missing 'lowerdir' 18:10:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xfeffffff00000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 312.020851] overlayfs: missing 'lowerdir' [ 312.056216] overlayfs: missing 'lowerdir' 18:10:17 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 312.118638] overlayfs: missing 'lowerdir' 18:10:17 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 312.201799] overlayfs: missing 'lowerdir' 18:10:17 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xfeffffff, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 312.277261] overlayfs: missing 'lowerdir' [ 312.323623] overlayfs: missing 'lowerdir' [ 312.340349] overlayfs: missing 'lowerdir' 18:10:17 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 312.445453] overlayfs: missing 'lowerdir' 18:10:17 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x4000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:17 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 312.553290] overlayfs: missing 'lowerdir' [ 312.622611] overlayfs: missing 'lowerdir' 18:10:17 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 312.663668] overlayfs: missing 'lowerdir' [ 312.757418] overlayfs: missing 'lowerdir' 18:10:17 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 312.783881] overlayfs: missing 'lowerdir' 18:10:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0xfffffdfd, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:17 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:17 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 312.955699] overlayfs: missing 'lowerdir' 18:10:17 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 312.980020] overlayfs: missing 'lowerdir' 18:10:18 executing program 4: mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x4000000000000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 313.067749] overlayfs: missing 'lowerdir' [ 313.109607] overlayfs: missing 'lowerdir' 18:10:18 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:18 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x200000000000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 313.336845] overlayfs: missing 'lowerdir' [ 313.346693] overlayfs: missing 'lowerdir' 18:10:18 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:18 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 313.450384] 9pnet_virtio: no channels available for device / [ 313.485644] overlayfs: missing 'lowerdir' [ 313.496872] binder_send_failed_reply: 10 callbacks suppressed [ 313.496897] binder: send failed reply for transaction 223 to 10041:10045 [ 313.553929] EXT4-fs: 52 callbacks suppressed [ 313.553944] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,jqfmt=vfsv0,,errors=continue [ 313.612263] overlayfs: missing 'lowerdir' 18:10:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x1000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:18 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 313.636432] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 313.676104] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,,errors=continue 18:10:18 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:18 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 313.827958] binder: send failed reply for transaction 225 to 10073:10075 18:10:18 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x3000000, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 313.983234] overlayfs: missing 'lowerdir' [ 313.985344] overlayfs: missing 'lowerdir' [ 314.016039] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,,errors=continue [ 314.050988] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 314.093942] overlayfs: missing 'lowerdir' 18:10:19 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 314.116650] EXT4-fs (sda1): re-mounted. Opts: grpid,jqfmt=vfsv0,,errors=continue [ 314.147242] binder: send failed reply for transaction 227 to 10108:10109 18:10:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x4, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:19 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 314.187442] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 314.205416] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,,errors=continue 18:10:19 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 314.279089] overlayfs: missing 'lowerdir' 18:10:19 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:19 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 314.313448] binder: send failed reply for transaction 229 to 10116:10118 [ 314.334267] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,jqfmt=vfsv0,,errors=continue 18:10:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x5, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:19 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 314.444937] overlayfs: missing 'lowerdir' [ 314.466095] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 314.541902] overlayfs: missing 'lowerdir' [ 314.549753] binder: send failed reply for transaction 231 to 10134:10143 18:10:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x2, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:19 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:19 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:19 executing program 2: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:19 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:19 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 314.803972] binder: send failed reply for transaction 233 to 10158:10159 [ 314.822846] overlayfs: missing 'lowerdir' 18:10:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x3, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 314.914014] overlayfs: missing 'lowerdir' 18:10:19 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 314.950462] overlayfs: missing 'lowerdir' 18:10:19 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 315.083246] binder: send failed reply for transaction 235 to 10185:10189 18:10:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) eventfd2(0x3, 0x801) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) set_tid_address(&(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="16b69100", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r2, r2, 0x40080000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x8, 0x0, &(0x7f00000000c0)=[@acquire={0x40046305, 0x1}], 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:20 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 315.318447] binder: 10208:10214 unknown command 9549334 18:10:20 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 315.373539] binder: 10208:10214 ioctl c0306201 20007000 returned -22 [ 315.403935] overlayfs: missing 'lowerdir' 18:10:20 executing program 4: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 315.450160] binder: 10208:10214 Acquire 1 refcount change on invalid ref 1 ret -22 [ 315.463205] overlayfs: missing 'lowerdir' 18:10:20 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 315.577904] overlayfs: missing 'lowerdir' 18:10:20 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 2 (fault-call:2 fault-nth:0): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:20 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 315.963780] overlayfs: missing 'lowerdir' [ 316.009167] FAULT_INJECTION: forcing a failure. [ 316.009167] name failslab, interval 1, probability 0, space 0, times 1 [ 316.063096] CPU: 0 PID: 10266 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 316.071637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.081001] Call Trace: [ 316.083614] dump_stack+0x244/0x39d [ 316.084485] overlayfs: missing 'lowerdir' [ 316.087278] ? dump_stack_print_info.cold.1+0x20/0x20 [ 316.087304] ? lock_downgrade+0x900/0x900 [ 316.087332] should_fail.cold.4+0xa/0x17 [ 316.104874] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 316.109998] ? lock_downgrade+0x900/0x900 [ 316.114165] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 316.119710] ? proc_fail_nth_write+0x9e/0x210 [ 316.119725] ? proc_cwd_link+0x1d0/0x1d0 [ 316.119748] ? find_held_lock+0x36/0x1c0 [ 316.128310] ? perf_trace_sched_process_exec+0x860/0x860 [ 316.128332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.143368] __should_failslab+0x124/0x180 [ 316.147625] should_failslab+0x9/0x14 [ 316.151437] __kmalloc+0x2e0/0x760 [ 316.154991] ? strncpy_from_user+0x5a0/0x5a0 [ 316.159413] ? fput+0x130/0x1a0 [ 316.162707] ? do_syscall_64+0x9a/0x820 [ 316.166680] ? __x64_sys_memfd_create+0x142/0x4f0 [ 316.171510] ? do_syscall_64+0x9a/0x820 [ 316.175474] __x64_sys_memfd_create+0x142/0x4f0 [ 316.180153] ? memfd_fcntl+0x1910/0x1910 [ 316.184208] do_syscall_64+0x1b9/0x820 [ 316.188092] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 316.193443] ? syscall_return_slowpath+0x5e0/0x5e0 [ 316.198370] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 316.203204] ? trace_hardirqs_on_caller+0x310/0x310 [ 316.208215] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 316.213221] ? prepare_exit_to_usermode+0x291/0x3b0 [ 316.218241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 316.223091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.228269] RIP: 0033:0x457569 [ 316.231447] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.250344] RSP: 002b:00007f7b25cb7a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 18:10:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB='6@\x00\x00', @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:21 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 316.258054] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 316.265324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 316.272579] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 316.279847] R10: 0000000020000540 R11: 0000000000000246 R12: 00007f7b25cb86d4 [ 316.287112] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:21 executing program 2 (fault-call:2 fault-nth:1): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:21 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 316.437576] binder: 10281:10285 unknown command 16438 18:10:21 executing program 1 (fault-call:3 fault-nth:0): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:21 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 316.462559] binder: 10281:10285 ioctl c0306201 20007000 returned -22 [ 316.492131] FAULT_INJECTION: forcing a failure. [ 316.492131] name failslab, interval 1, probability 0, space 0, times 0 [ 316.563337] CPU: 1 PID: 10290 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 316.571888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.581251] Call Trace: [ 316.583861] dump_stack+0x244/0x39d [ 316.587560] ? dump_stack_print_info.cold.1+0x20/0x20 [ 316.592787] should_fail.cold.4+0xa/0x17 [ 316.596873] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 316.602010] ? zap_class+0x640/0x640 [ 316.605738] ? __lock_acquire+0x62f/0x4c20 [ 316.609985] ? lock_downgrade+0x900/0x900 [ 316.614142] ? check_preemption_disabled+0x48/0x280 [ 316.619177] ? find_held_lock+0x36/0x1c0 [ 316.623257] ? xen_mc_flush+0x228/0xdf0 [ 316.627261] ? expand_files.part.8+0x571/0x9a0 [ 316.631859] ? perf_trace_sched_process_exec+0x860/0x860 [ 316.635192] FAULT_INJECTION: forcing a failure. [ 316.635192] name failslab, interval 1, probability 0, space 0, times 0 [ 316.637332] ? find_held_lock+0x36/0x1c0 [ 316.637364] __should_failslab+0x124/0x180 [ 316.656835] should_failslab+0x9/0x14 [ 316.660652] kmem_cache_alloc+0x2be/0x730 [ 316.664834] ? shmem_destroy_callback+0xc0/0xc0 [ 316.669531] shmem_alloc_inode+0x1b/0x40 [ 316.673612] alloc_inode+0x63/0x190 [ 316.677251] new_inode_pseudo+0x71/0x1a0 [ 316.681344] ? prune_icache_sb+0x1c0/0x1c0 [ 316.685592] ? _raw_spin_unlock+0x2c/0x50 [ 316.689752] new_inode+0x1c/0x40 [ 316.693134] shmem_get_inode+0xf1/0x920 [ 316.697118] ? shmem_encode_fh+0x340/0x340 [ 316.701365] ? lock_downgrade+0x900/0x900 [ 316.705529] ? lock_release+0xa10/0xa10 [ 316.709521] ? perf_trace_sched_process_exec+0x860/0x860 [ 316.714997] ? usercopy_warn+0x110/0x110 [ 316.719089] __shmem_file_setup.part.50+0x83/0x2a0 [ 316.724032] shmem_file_setup+0x65/0x90 [ 316.728024] __x64_sys_memfd_create+0x2af/0x4f0 [ 316.732707] ? memfd_fcntl+0x1910/0x1910 [ 316.736806] do_syscall_64+0x1b9/0x820 [ 316.740722] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 316.746110] ? syscall_return_slowpath+0x5e0/0x5e0 [ 316.751050] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 316.755902] ? trace_hardirqs_on_caller+0x310/0x310 [ 316.761380] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 316.766420] ? prepare_exit_to_usermode+0x291/0x3b0 [ 316.771447] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 316.776311] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.781516] RIP: 0033:0x457569 [ 316.781534] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.781543] RSP: 002b:00007f7b25cb7a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 316.781571] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 316.781586] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 316.803690] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 316.803700] R10: 0000000020000540 R11: 0000000000000246 R12: 00007f7b25cb86d4 [ 316.803724] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 [ 316.844533] CPU: 0 PID: 10301 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 316.856657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.856663] Call Trace: [ 316.856685] dump_stack+0x244/0x39d [ 316.856708] ? dump_stack_print_info.cold.1+0x20/0x20 [ 316.856727] ? lock_downgrade+0x900/0x900 [ 316.856748] should_fail.cold.4+0xa/0x17 [ 316.856767] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 316.856791] ? lock_downgrade+0x900/0x900 [ 316.856810] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 316.856834] ? proc_fail_nth_write+0x9e/0x210 [ 316.856849] ? proc_cwd_link+0x1d0/0x1d0 [ 316.856872] ? find_held_lock+0x36/0x1c0 [ 316.856896] ? bch_btree_ptr_bad+0xa8/0x570 [ 316.856924] ? perf_trace_sched_process_exec+0x860/0x860 [ 316.872473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.872497] __should_failslab+0x124/0x180 [ 316.872519] should_failslab+0x9/0x14 [ 316.890985] __kmalloc+0x2e0/0x760 [ 316.891000] ? strncpy_from_user+0x5a0/0x5a0 [ 316.891019] ? fput+0x130/0x1a0 [ 316.891036] ? do_syscall_64+0x9a/0x820 [ 316.891050] ? __x64_sys_memfd_create+0x142/0x4f0 [ 316.891066] ? do_syscall_64+0x9a/0x820 [ 316.891086] __x64_sys_memfd_create+0x142/0x4f0 [ 316.965351] ? memfd_fcntl+0x1910/0x1910 [ 316.969440] do_syscall_64+0x1b9/0x820 [ 316.973337] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 316.978717] ? syscall_return_slowpath+0x5e0/0x5e0 [ 316.983658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 316.988507] ? trace_hardirqs_on_caller+0x310/0x310 [ 316.993515] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 316.998527] ? prepare_exit_to_usermode+0x291/0x3b0 [ 317.003566] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 317.008427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.013619] RIP: 0033:0x457569 [ 317.016813] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.035719] RSP: 002b:00007fbc64df4a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 317.043410] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 317.050673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 317.057938] RBP: 000000000072bfa0 R08: 0000000000000820 R09: 00000000fbad8001 18:10:21 executing program 2 (fault-call:2 fault-nth:2): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:21 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:22 executing program 1 (fault-call:3 fault-nth:1): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:22 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 317.065195] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fbc64df56d4 [ 317.072452] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:22 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 317.179487] FAULT_INJECTION: forcing a failure. [ 317.179487] name failslab, interval 1, probability 0, space 0, times 0 [ 317.203127] overlayfs: missing 'lowerdir' [ 317.237709] CPU: 0 PID: 10314 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 317.246242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.255600] Call Trace: [ 317.258208] dump_stack+0x244/0x39d [ 317.261865] ? dump_stack_print_info.cold.1+0x20/0x20 [ 317.267094] should_fail.cold.4+0xa/0x17 [ 317.271188] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 317.276309] ? __kernel_text_address+0xd/0x40 [ 317.280817] ? unwind_get_return_address+0x61/0xa0 [ 317.285791] ? find_held_lock+0x36/0x1c0 [ 317.289893] ? perf_trace_sched_process_exec+0x860/0x860 [ 317.295364] __should_failslab+0x124/0x180 [ 317.299615] should_failslab+0x9/0x14 [ 317.303432] kmem_cache_alloc+0x2be/0x730 [ 317.304565] FAULT_INJECTION: forcing a failure. [ 317.304565] name failslab, interval 1, probability 0, space 0, times 0 [ 317.307592] ? mpol_shared_policy_init+0x235/0x650 [ 317.307608] ? current_time+0x72/0x1b0 [ 317.307636] __d_alloc+0xc8/0xb90 [ 317.331080] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 317.336101] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 317.341131] ? ktime_get_coarse_real_ts64+0x22e/0x370 [ 317.346351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 317.351893] ? timespec64_trunc+0xea/0x180 [ 317.356143] ? inode_init_owner+0x340/0x340 [ 317.360481] ? _raw_spin_unlock+0x2c/0x50 [ 317.364643] ? current_time+0x10b/0x1b0 [ 317.368628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 317.374181] ? __lockdep_init_map+0x105/0x590 [ 317.378694] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 317.384261] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 317.389831] d_alloc_pseudo+0x1d/0x30 [ 317.393648] alloc_file_pseudo+0x158/0x3f0 [ 317.397904] ? alloc_file+0x4d0/0x4d0 [ 317.401744] ? usercopy_warn+0x110/0x110 [ 317.405841] __shmem_file_setup.part.50+0x110/0x2a0 [ 317.410878] shmem_file_setup+0x65/0x90 [ 317.414863] __x64_sys_memfd_create+0x2af/0x4f0 [ 317.419557] ? memfd_fcntl+0x1910/0x1910 [ 317.420746] overlayfs: missing 'lowerdir' [ 317.423643] do_syscall_64+0x1b9/0x820 [ 317.423662] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 317.423681] ? syscall_return_slowpath+0x5e0/0x5e0 [ 317.423697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 317.423717] ? trace_hardirqs_on_caller+0x310/0x310 [ 317.423739] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 317.456863] ? prepare_exit_to_usermode+0x291/0x3b0 [ 317.461891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 317.466749] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.471947] RIP: 0033:0x457569 [ 317.475146] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.494082] RSP: 002b:00007f7b25cb7a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 317.501795] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 317.509075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 317.516376] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 317.523653] R10: 0000000020000540 R11: 0000000000000246 R12: 00007f7b25cb86d4 [ 317.530927] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) mmap$xdp(&(0x7f0000663000/0x3000)=nil, 0x3000, 0x4, 0x810, r1, 0x0) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) socketpair$unix(0x1, 0x1000000000000007, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) semget(0x1, 0x0, 0x404) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="ac2ec8c7090565bc795832073b14450d32798df5e3fb9a5921e267c3230cb7e9ee9d94d9a6415a4a9074eb906a71776ab432a1aa2fc83cffe8aed62198d7a055e6096f9a011abb4d88c8177b070d6a9ae9ede3cea0ea6428d51e24322c3d057e7c8950f2d719c6f8227a1c2681cd3b8db544f4279a46105df030a3d8", @ANYRES64=0x0, @ANYBLOB="00001e0289f100007c1178095d977332374b229e887af608dd08fda4f59d1a91a600b5c34210f6d2dcab2b601975df19efb6edc1772f49a47085f0c7515246e4529235400ecc82b9b81d4d5682bf1ec0af329dfc19ff6aa8df93e0d37b8131bd323ed70bc288f7886590c1e975a2495b11bcf84dba05fc1f53448ad75d563911812776a42ea920d5e2667d6459be4cbb3915aa19962b4166d74392768b99757f938bfb1e73d0cfdf9bd8d1f75485314ab2fca0a9ad3c91939420aec693fc0ad285d45cf4d4e1cfcaf84a483d825576e2b4c7711c49b4c7bb8dae82cb5b58cdbf9ae9e9"], 0x0, 0x0, &(0x7f0000000040)}) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000180)={0x400}) mmap(&(0x7f0000bb9000/0x1000)=nil, 0x1000, 0x1003, 0x8010, r3, 0x0) dup3(r0, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000100)) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000140)=0x3, 0x4) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r5, 0x400c6615, &(0x7f00000000c0)) [ 317.538230] CPU: 1 PID: 10317 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 317.546733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.556089] Call Trace: [ 317.558690] dump_stack+0x244/0x39d [ 317.562342] ? dump_stack_print_info.cold.1+0x20/0x20 [ 317.567568] should_fail.cold.4+0xa/0x17 [ 317.571649] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 317.576780] ? zap_class+0x640/0x640 [ 317.580521] ? __lock_acquire+0x62f/0x4c20 [ 317.584786] ? lock_downgrade+0x900/0x900 [ 317.584803] ? check_preemption_disabled+0x48/0x280 [ 317.584823] ? find_held_lock+0x36/0x1c0 [ 317.584858] ? expand_files.part.8+0x571/0x9a0 [ 317.584875] ? perf_trace_sched_process_exec+0x860/0x860 [ 317.584895] ? find_held_lock+0x36/0x1c0 [ 317.584916] __should_failslab+0x124/0x180 [ 317.584937] should_failslab+0x9/0x14 [ 317.584953] kmem_cache_alloc+0x2be/0x730 [ 317.584975] ? shmem_destroy_callback+0xc0/0xc0 [ 317.594138] shmem_alloc_inode+0x1b/0x40 [ 317.594153] alloc_inode+0x63/0x190 [ 317.594169] new_inode_pseudo+0x71/0x1a0 [ 317.594183] ? prune_icache_sb+0x1c0/0x1c0 [ 317.594202] ? _raw_spin_unlock+0x2c/0x50 [ 317.594220] new_inode+0x1c/0x40 [ 317.612355] shmem_get_inode+0xf1/0x920 [ 317.620386] ? shmem_encode_fh+0x340/0x340 [ 317.620405] ? lock_downgrade+0x900/0x900 [ 317.620425] ? lock_release+0xa10/0xa10 [ 317.629236] ? perf_trace_sched_process_exec+0x860/0x860 [ 317.629254] ? usercopy_warn+0x110/0x110 [ 317.629285] __shmem_file_setup.part.50+0x83/0x2a0 [ 317.629310] shmem_file_setup+0x65/0x90 [ 317.629525] __x64_sys_memfd_create+0x2af/0x4f0 [ 317.629537] ? memfd_fcntl+0x1910/0x1910 [ 317.629565] do_syscall_64+0x1b9/0x820 [ 317.629582] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 317.629602] ? syscall_return_slowpath+0x5e0/0x5e0 [ 317.629618] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 317.629638] ? trace_hardirqs_on_caller+0x310/0x310 [ 317.629656] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 317.629675] ? prepare_exit_to_usermode+0x291/0x3b0 [ 317.629698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 317.629722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.629734] RIP: 0033:0x457569 [ 317.629761] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.637432] RSP: 002b:00007fbc64e15a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 317.649496] binder: 10326:10335 ioctl 4b62 20000100 returned -22 [ 317.649862] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 317.649878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 317.791107] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 317.798366] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fbc64e166d4 [ 317.805622] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:22 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:22 executing program 2 (fault-call:2 fault-nth:3): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:22 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:22 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:22 executing program 1 (fault-call:3 fault-nth:2): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:23 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 318.072996] FAULT_INJECTION: forcing a failure. [ 318.072996] name failslab, interval 1, probability 0, space 0, times 0 [ 318.153359] CPU: 1 PID: 10353 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 318.161904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.171261] Call Trace: [ 318.171293] dump_stack+0x244/0x39d [ 318.171329] ? dump_stack_print_info.cold.1+0x20/0x20 [ 318.171353] ? __save_stack_trace+0x8d/0xf0 [ 318.171381] should_fail.cold.4+0xa/0x17 [ 318.171404] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 318.171431] ? save_stack+0x43/0xd0 [ 318.177631] ? kasan_kmalloc+0xc7/0xe0 [ 318.177660] ? percpu_ref_put_many+0x11c/0x260 [ 318.177678] ? zap_class+0x640/0x640 [ 318.177701] ? find_held_lock+0x36/0x1c0 [ 318.209924] FAULT_INJECTION: forcing a failure. [ 318.209924] name failslab, interval 1, probability 0, space 0, times 0 [ 318.212141] ? perf_trace_sched_process_exec+0x860/0x860 [ 318.232821] ? lock_downgrade+0x900/0x900 [ 318.236995] __should_failslab+0x124/0x180 [ 318.241248] should_failslab+0x9/0x14 [ 318.245064] kmem_cache_alloc+0x2be/0x730 [ 318.249224] ? d_set_d_op+0x31d/0x410 [ 318.253049] __alloc_file+0xa8/0x470 [ 318.256781] ? file_free_rcu+0xd0/0xd0 [ 318.260683] ? d_instantiate+0x79/0xa0 [ 318.264586] ? lock_downgrade+0x900/0x900 [ 318.268755] ? kasan_check_read+0x11/0x20 [ 318.272912] ? do_raw_spin_unlock+0xa7/0x330 [ 318.277336] ? do_raw_spin_trylock+0x270/0x270 [ 318.281935] alloc_empty_file+0x72/0x170 [ 318.286014] alloc_file+0x5e/0x4d0 [ 318.289595] ? _raw_spin_unlock+0x2c/0x50 [ 318.293760] alloc_file_pseudo+0x261/0x3f0 [ 318.298056] ? alloc_file+0x4d0/0x4d0 [ 318.301873] ? usercopy_warn+0x110/0x110 [ 318.305959] __shmem_file_setup.part.50+0x110/0x2a0 [ 318.310995] shmem_file_setup+0x65/0x90 [ 318.314981] __x64_sys_memfd_create+0x2af/0x4f0 [ 318.319657] ? memfd_fcntl+0x1910/0x1910 [ 318.323742] do_syscall_64+0x1b9/0x820 [ 318.327636] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 318.333011] ? syscall_return_slowpath+0x5e0/0x5e0 [ 318.337952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 318.342807] ? trace_hardirqs_on_caller+0x310/0x310 [ 318.347859] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 318.349749] binder: BINDER_SET_CONTEXT_MGR already set [ 318.352888] ? prepare_exit_to_usermode+0x291/0x3b0 [ 318.352912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 318.352937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.352950] RIP: 0033:0x457569 [ 318.352971] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 318.363005] binder: 10326:10335 ioctl 40046207 0 returned -16 [ 318.363243] RSP: 002b:00007f7b25cb7a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 318.363259] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 318.363268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 318.363285] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 318.378963] binder: 10326:10335 unknown command -943182164 [ 318.395372] R10: 0000000020000540 R11: 0000000000000246 R12: 00007f7b25cb86d4 [ 318.395381] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 [ 318.398454] CPU: 1 PID: 10365 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 318.403452] binder: 10326:10366 ioctl ae71 20000180 returned -22 [ 318.409089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.409095] Call Trace: [ 318.409119] dump_stack+0x244/0x39d [ 318.409141] ? dump_stack_print_info.cold.1+0x20/0x20 [ 318.409169] should_fail.cold.4+0xa/0x17 [ 318.409189] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 318.409205] ? __kernel_text_address+0xd/0x40 [ 318.409222] ? unwind_get_return_address+0x61/0xa0 [ 318.409261] ? find_held_lock+0x36/0x1c0 [ 318.409299] ? perf_trace_sched_process_exec+0x860/0x860 [ 318.409333] __should_failslab+0x124/0x180 [ 318.425452] binder: 10326:10369 ioctl 4b62 20000100 returned -22 [ 318.431124] should_failslab+0x9/0x14 [ 318.431143] kmem_cache_alloc+0x2be/0x730 [ 318.431160] ? mpol_shared_policy_init+0x235/0x650 [ 318.431176] ? current_time+0x72/0x1b0 [ 318.431198] __d_alloc+0xc8/0xb90 [ 318.431221] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 318.437143] binder: 10326:10335 ioctl c0306201 20007000 returned -22 [ 318.444100] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 318.444119] ? ktime_get_coarse_real_ts64+0x22e/0x370 [ 318.444136] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 318.444151] ? timespec64_trunc+0xea/0x180 [ 318.444166] ? inode_init_owner+0x340/0x340 [ 318.444185] ? _raw_spin_unlock+0x2c/0x50 [ 318.444204] ? current_time+0x10b/0x1b0 [ 318.444220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 318.444240] ? __lockdep_init_map+0x105/0x590 [ 318.474703] overlayfs: missing 'lowerdir' 18:10:23 executing program 2 (fault-call:2 fault-nth:4): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xfa5, 0x400000200c80) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f00000000c0)=0x101, 0x4) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 318.475466] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 318.475484] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 318.475506] d_alloc_pseudo+0x1d/0x30 [ 318.475527] alloc_file_pseudo+0x158/0x3f0 [ 318.475558] ? alloc_file+0x4d0/0x4d0 [ 318.475577] ? usercopy_warn+0x110/0x110 [ 318.500617] __shmem_file_setup.part.50+0x110/0x2a0 [ 318.515033] shmem_file_setup+0x65/0x90 [ 318.515054] __x64_sys_memfd_create+0x2af/0x4f0 [ 318.515071] ? memfd_fcntl+0x1910/0x1910 [ 318.515101] do_syscall_64+0x1b9/0x820 [ 318.515119] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 318.515137] ? syscall_return_slowpath+0x5e0/0x5e0 [ 318.515152] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 318.515170] ? trace_hardirqs_on_caller+0x310/0x310 [ 318.515188] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 318.515207] ? prepare_exit_to_usermode+0x291/0x3b0 [ 318.595877] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 318.595905] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.595918] RIP: 0033:0x457569 [ 318.595935] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 318.595943] RSP: 002b:00007fbc64df4a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 318.604591] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 318.604601] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 318.604610] RBP: 000000000072bfa0 R08: 0000000000000820 R09: 00000000fbad8001 18:10:23 executing program 1 (fault-call:3 fault-nth:3): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:23 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x40, 0x0) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6cf, 0x8, 0x8001, 0x1000}]}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x12, 0x0, &(0x7f0000000140)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 318.604619] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fbc64df56d4 [ 318.604628] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 [ 318.662990] EXT4-fs: 18 callbacks suppressed [ 318.663009] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:23 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 318.890239] FAULT_INJECTION: forcing a failure. [ 318.890239] name failslab, interval 1, probability 0, space 0, times 0 [ 318.895470] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 318.904906] overlayfs: missing 'lowerdir' [ 318.943888] CPU: 0 PID: 10387 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 318.952388] binder: send failed reply for transaction 241 to 10389:10392 [ 318.952433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.968602] Call Trace: [ 318.971201] dump_stack+0x244/0x39d [ 318.974869] ? dump_stack_print_info.cold.1+0x20/0x20 [ 318.980066] ? lock_downgrade+0x900/0x900 [ 318.984218] ? check_preemption_disabled+0x48/0x280 [ 318.989245] should_fail.cold.4+0xa/0x17 [ 318.993310] ? rcu_softirq_qs+0x20/0x20 [ 318.997292] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 319.002407] ? is_bpf_text_address+0xd3/0x170 [ 319.006912] ? kernel_text_address+0x79/0xf0 [ 319.011323] ? __kernel_text_address+0xd/0x40 [ 319.015827] ? unwind_get_return_address+0x61/0xa0 [ 319.020760] ? __save_stack_trace+0x8d/0xf0 [ 319.025091] ? find_held_lock+0x36/0x1c0 [ 319.029172] ? __x64_sys_memfd_create+0x2af/0x4f0 [ 319.034019] ? perf_trace_sched_process_exec+0x860/0x860 [ 319.039488] __should_failslab+0x124/0x180 [ 319.043729] should_failslab+0x9/0x14 [ 319.047534] kmem_cache_alloc_trace+0x2d7/0x750 [ 319.052216] ? __might_sleep+0x95/0x190 [ 319.056201] apparmor_file_alloc_security+0x17b/0xac0 [ 319.061399] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 319.066951] ? apparmor_path_rename+0xcd0/0xcd0 [ 319.071632] ? rcu_read_lock_sched_held+0x14f/0x180 [ 319.076655] ? kmem_cache_alloc+0x33a/0x730 [ 319.080979] ? d_set_d_op+0x31d/0x410 [ 319.084790] security_file_alloc+0x4c/0xa0 [ 319.089040] __alloc_file+0x12a/0x470 [ 319.092852] ? file_free_rcu+0xd0/0xd0 [ 319.096747] ? d_instantiate+0x79/0xa0 [ 319.100644] ? lock_downgrade+0x900/0x900 [ 319.104803] ? kasan_check_read+0x11/0x20 [ 319.108959] ? do_raw_spin_unlock+0xa7/0x330 [ 319.113370] ? do_raw_spin_trylock+0x270/0x270 [ 319.117963] alloc_empty_file+0x72/0x170 [ 319.122037] alloc_file+0x5e/0x4d0 [ 319.125590] ? _raw_spin_unlock+0x2c/0x50 [ 319.129746] alloc_file_pseudo+0x261/0x3f0 [ 319.133992] ? alloc_file+0x4d0/0x4d0 [ 319.137797] ? usercopy_warn+0x110/0x110 [ 319.141878] __shmem_file_setup.part.50+0x110/0x2a0 [ 319.146901] shmem_file_setup+0x65/0x90 [ 319.150881] __x64_sys_memfd_create+0x2af/0x4f0 [ 319.155563] ? memfd_fcntl+0x1910/0x1910 [ 319.159645] do_syscall_64+0x1b9/0x820 [ 319.163543] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 319.168922] ? syscall_return_slowpath+0x5e0/0x5e0 [ 319.173858] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 319.178705] ? trace_hardirqs_on_caller+0x310/0x310 [ 319.183723] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 319.188744] ? prepare_exit_to_usermode+0x291/0x3b0 [ 319.193770] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 319.198627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.203815] RIP: 0033:0x457569 [ 319.207021] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.225929] RSP: 002b:00007f7b25cb7a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 319.233641] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 319.240908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 319.248175] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 319.255441] R10: 0000000020000540 R11: 0000000000000246 R12: 00007f7b25cb86d4 [ 319.262712] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 319.290424] FAULT_INJECTION: forcing a failure. [ 319.290424] name failslab, interval 1, probability 0, space 0, times 0 [ 319.304724] CPU: 1 PID: 10395 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 319.313236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.322598] Call Trace: [ 319.322630] dump_stack+0x244/0x39d [ 319.322658] ? dump_stack_print_info.cold.1+0x20/0x20 [ 319.322686] ? __save_stack_trace+0x8d/0xf0 [ 319.338399] should_fail.cold.4+0xa/0x17 [ 319.342476] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 319.347602] ? save_stack+0x43/0xd0 [ 319.351238] ? kasan_kmalloc+0xc7/0xe0 [ 319.355148] ? percpu_ref_put_many+0x11c/0x260 [ 319.359838] ? zap_class+0x640/0x640 [ 319.363582] ? find_held_lock+0x36/0x1c0 [ 319.367661] ? perf_trace_sched_process_exec+0x860/0x860 [ 319.373117] ? lock_downgrade+0x900/0x900 [ 319.377272] __should_failslab+0x124/0x180 [ 319.381497] should_failslab+0x9/0x14 [ 319.385287] kmem_cache_alloc+0x2be/0x730 [ 319.389424] ? d_set_d_op+0x31d/0x410 [ 319.393218] __alloc_file+0xa8/0x470 [ 319.396922] ? file_free_rcu+0xd0/0xd0 [ 319.400797] ? d_instantiate+0x79/0xa0 [ 319.404688] ? lock_downgrade+0x900/0x900 [ 319.408843] ? kasan_check_read+0x11/0x20 [ 319.412987] ? do_raw_spin_unlock+0xa7/0x330 [ 319.417399] ? do_raw_spin_trylock+0x270/0x270 [ 319.421977] alloc_empty_file+0x72/0x170 [ 319.426028] alloc_file+0x5e/0x4d0 [ 319.429565] ? _raw_spin_unlock+0x2c/0x50 [ 319.433704] alloc_file_pseudo+0x261/0x3f0 [ 319.437926] ? alloc_file+0x4d0/0x4d0 [ 319.441714] ? usercopy_warn+0x110/0x110 [ 319.445768] __shmem_file_setup.part.50+0x110/0x2a0 [ 319.450775] shmem_file_setup+0x65/0x90 [ 319.454740] __x64_sys_memfd_create+0x2af/0x4f0 [ 319.459399] ? memfd_fcntl+0x1910/0x1910 [ 319.463456] do_syscall_64+0x1b9/0x820 [ 319.467335] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 319.472686] ? syscall_return_slowpath+0x5e0/0x5e0 [ 319.477603] ? trace_hardirqs_on_caller+0x310/0x310 [ 319.482606] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 319.487612] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 319.494265] ? __switch_to_asm+0x40/0x70 [ 319.498330] ? __switch_to_asm+0x34/0x70 [ 319.502407] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 319.507258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.512435] RIP: 0033:0x457569 [ 319.515617] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:10:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000040)={0x0, @rand_addr}, &(0x7f00000000c0)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)={'team0\x00', r3}) r4 = socket$netlink(0x10, 0x3, 0x15) setsockopt$netlink_NETLINK_CAP_ACK(r4, 0x10e, 0xa, &(0x7f0000000480)=0x2, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 319.534511] RSP: 002b:00007fbc64df4a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 319.542229] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 319.549487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 319.556750] RBP: 000000000072bfa0 R08: 0000000000000820 R09: 00000000fbad8001 [ 319.564008] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fbc64df56d4 [ 319.571273] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:24 executing program 2 (fault-call:2 fault-nth:5): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:24 executing program 1 (fault-call:3 fault-nth:4): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:24 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 319.687920] binder: send failed reply for transaction 243 to 10398:10402 18:10:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = memfd_create(&(0x7f0000000040)='lovboxnet0)proc[\x00', 0x4) ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f00000000c0)=""/151) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x5) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 319.793634] overlayfs: missing 'lowerdir' 18:10:24 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 319.842985] overlayfs: missing 'lowerdir' [ 319.848495] FAULT_INJECTION: forcing a failure. [ 319.848495] name failslab, interval 1, probability 0, space 0, times 0 [ 319.874166] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 319.887453] FAULT_INJECTION: forcing a failure. [ 319.887453] name failslab, interval 1, probability 0, space 0, times 0 [ 319.918542] binder: send failed reply for transaction 245 to 10420:10423 [ 319.927226] CPU: 1 PID: 10418 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 319.935744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.945099] Call Trace: [ 319.947699] dump_stack+0x244/0x39d [ 319.951348] ? dump_stack_print_info.cold.1+0x20/0x20 [ 319.956547] ? find_held_lock+0x36/0x1c0 [ 319.960629] should_fail.cold.4+0xa/0x17 [ 319.964694] ? find_held_lock+0x36/0x1c0 [ 319.968764] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 319.973878] ? lock_downgrade+0x900/0x900 [ 319.978031] ? current_time+0x72/0x1b0 [ 319.981928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 319.987467] ? timespec64_trunc+0xea/0x180 [ 319.991704] ? inode_init_owner+0x340/0x340 [ 319.996040] ? find_held_lock+0x36/0x1c0 [ 320.000126] ? perf_trace_sched_process_exec+0x860/0x860 [ 320.005590] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 320.011140] __should_failslab+0x124/0x180 [ 320.015390] should_failslab+0x9/0x14 [ 320.019197] kmem_cache_alloc+0x2be/0x730 [ 320.023353] ? do_sys_ftruncate+0x428/0x550 [ 320.027680] ? lock_downgrade+0x900/0x900 [ 320.031834] getname_flags+0xd0/0x590 [ 320.035636] ? __lock_is_held+0xb5/0x140 [ 320.039706] getname+0x19/0x20 [ 320.042901] do_sys_open+0x383/0x700 [ 320.046620] ? filp_open+0x80/0x80 [ 320.050166] ? trace_hardirqs_off_caller+0x300/0x300 [ 320.055270] ? do_sys_ftruncate+0x449/0x550 [ 320.059601] __x64_sys_open+0x7e/0xc0 [ 320.063410] do_syscall_64+0x1b9/0x820 [ 320.067299] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 320.072671] ? syscall_return_slowpath+0x5e0/0x5e0 [ 320.077604] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 320.082454] ? trace_hardirqs_on_caller+0x310/0x310 [ 320.087476] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 320.092494] ? prepare_exit_to_usermode+0x291/0x3b0 [ 320.097521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 320.102384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.107579] RIP: 0033:0x4111a1 [ 320.110774] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 320.129772] RSP: 002b:00007f7b25cb7a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 320.137479] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 320.144747] RDX: 00007f7b25cb7afa RSI: 0000000000000002 RDI: 00007f7b25cb7af0 [ 320.152016] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 320.159286] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 320.166562] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 320.183635] binder_alloc: 10420: binder_alloc_buf, no vma [ 320.192078] binder: 10420:10432 transaction failed 29189/-3, size 0-0 line 2973 18:10:25 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:25 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:25 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r4 = getpgid(0xffffffffffffffff) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000180)={0xdb0, 0x5, r4, 0xff, r5, 0x80000000000, 0x800, 0x6}) ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000200)=r3) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) r6 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12634840040000000000000000000000000000000000000011000000000000000000000058000000000000002000000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="852a62770a000000", @ANYRES64=r6, @ANYBLOB="0200000000000000852a747001000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="010000000000000003000000000000001e00000000000000852a646600000000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000180000000000000040000000000000007800000000000000"], @ANYBLOB="01000010008871d50693dca5c1b58453"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000085000/0x4000)=nil, 0x4000, 0x2000000, 0x31, r3, 0xfffffffffffffffe) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 320.379255] binder: undelivered TRANSACTION_ERROR: 29189 [ 320.386873] CPU: 0 PID: 10427 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 320.395385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.395392] Call Trace: [ 320.395422] dump_stack+0x244/0x39d [ 320.395449] ? dump_stack_print_info.cold.1+0x20/0x20 [ 320.395472] ? __save_stack_trace+0x8d/0xf0 [ 320.395501] should_fail.cold.4+0xa/0x17 [ 320.395524] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 320.395560] ? save_stack+0x43/0xd0 [ 320.411890] overlayfs: missing 'lowerdir' [ 320.416296] ? kasan_kmalloc+0xc7/0xe0 [ 320.416340] ? percpu_ref_put_many+0x11c/0x260 [ 320.416375] ? zap_class+0x640/0x640 [ 320.429851] ? find_held_lock+0x36/0x1c0 [ 320.429876] ? udf_put_super+0x28/0x270 [ 320.429906] ? perf_trace_sched_process_exec+0x860/0x860 [ 320.429924] ? lock_downgrade+0x900/0x900 [ 320.429951] __should_failslab+0x124/0x180 [ 320.429973] should_failslab+0x9/0x14 [ 320.429990] kmem_cache_alloc+0x2be/0x730 [ 320.430005] ? d_set_d_op+0x31d/0x410 [ 320.430030] __alloc_file+0xa8/0x470 [ 320.486739] binder: 10449:10451 got reply transaction with no transaction stack [ 320.487187] ? file_free_rcu+0xd0/0xd0 [ 320.487207] ? d_instantiate+0x79/0xa0 [ 320.487226] ? lock_downgrade+0x900/0x900 [ 320.487256] ? kasan_check_read+0x11/0x20 [ 320.494914] binder: 10449:10451 transaction failed 29201/-71, size 88-32 line 2741 [ 320.498591] ? do_raw_spin_unlock+0xa7/0x330 [ 320.498607] ? do_raw_spin_trylock+0x270/0x270 [ 320.498631] alloc_empty_file+0x72/0x170 [ 320.498651] alloc_file+0x5e/0x4d0 [ 320.498671] ? _raw_spin_unlock+0x2c/0x50 [ 320.527522] alloc_file_pseudo+0x261/0x3f0 [ 320.527545] ? alloc_file+0x4d0/0x4d0 [ 320.527578] ? usercopy_warn+0x110/0x110 [ 320.535208] __shmem_file_setup.part.50+0x110/0x2a0 [ 320.535248] shmem_file_setup+0x65/0x90 [ 320.535268] __x64_sys_memfd_create+0x2af/0x4f0 [ 320.535300] ? memfd_fcntl+0x1910/0x1910 [ 320.535328] do_syscall_64+0x1b9/0x820 [ 320.556564] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe 18:10:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$inet6(0xa, 0x0, 0x6, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000100)={'security\x00'}, &(0x7f0000000180)=0x54) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 320.556593] ? syscall_return_slowpath+0x5e0/0x5e0 [ 320.569290] ? trace_hardirqs_on_caller+0x310/0x310 [ 320.569310] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 320.569329] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 320.569351] ? __switch_to_asm+0x40/0x70 [ 320.594312] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 320.600233] ? __switch_to_asm+0x34/0x70 [ 320.600259] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 320.600282] entry_SYSCALL_64_after_hwframe+0x49/0xbe 18:10:25 executing program 2 (fault-call:2 fault-nth:6): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 320.600299] RIP: 0033:0x457569 [ 320.609614] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 320.614055] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 320.614064] RSP: 002b:00007fbc64df4a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 320.614080] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 18:10:25 executing program 1 (fault-call:3 fault-nth:5): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 320.614090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 320.614099] RBP: 000000000072bfa0 R08: 0000000000000820 R09: 00000000fbad8001 [ 320.614109] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fbc64df56d4 [ 320.614118] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:25 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:25 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 320.830569] FAULT_INJECTION: forcing a failure. [ 320.830569] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 320.842428] CPU: 0 PID: 10469 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 320.850930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.860310] Call Trace: [ 320.862920] dump_stack+0x244/0x39d [ 320.866578] ? dump_stack_print_info.cold.1+0x20/0x20 [ 320.871798] should_fail.cold.4+0xa/0x17 [ 320.875881] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 320.881001] ? print_usage_bug+0xc0/0xc0 [ 320.882720] overlayfs: missing 'lowerdir' [ 320.885093] ? mark_held_locks+0x130/0x130 [ 320.885111] ? zap_class+0x640/0x640 [ 320.885130] ? print_usage_bug+0xc0/0xc0 [ 320.885148] ? zap_class+0x640/0x640 [ 320.885171] ? lock_downgrade+0x900/0x900 [ 320.893546] ? check_preemption_disabled+0x48/0x280 [ 320.893591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 320.893604] ? should_fail+0x22d/0xd01 [ 320.893623] ? find_held_lock+0x36/0x1c0 [ 320.901385] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 320.901411] __alloc_pages_nodemask+0x34b/0xdd0 [ 320.901426] ? current_time+0x72/0x1b0 [ 320.901451] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 320.907864] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 320.909291] ? inode_init_owner+0x340/0x340 [ 320.909315] ? find_held_lock+0x36/0x1c0 [ 320.909356] ? trace_hardirqs_off+0xb8/0x310 [ 320.909377] cache_grow_begin+0xa5/0x8c0 [ 320.968184] FAULT_INJECTION: forcing a failure. [ 320.968184] name failslab, interval 1, probability 0, space 0, times 0 [ 320.968973] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 320.989733] ? check_preemption_disabled+0x48/0x280 [ 320.994763] kmem_cache_alloc+0x66b/0x730 [ 320.998922] ? do_sys_ftruncate+0x428/0x550 [ 321.003258] getname_flags+0xd0/0x590 [ 321.007071] ? __lock_is_held+0xb5/0x140 [ 321.011144] getname+0x19/0x20 [ 321.014344] do_sys_open+0x383/0x700 [ 321.018073] ? filp_open+0x80/0x80 [ 321.021621] ? trace_hardirqs_off_caller+0x300/0x300 [ 321.026734] ? do_sys_ftruncate+0x449/0x550 [ 321.031067] __x64_sys_open+0x7e/0xc0 [ 321.034889] do_syscall_64+0x1b9/0x820 [ 321.038792] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 321.044169] ? syscall_return_slowpath+0x5e0/0x5e0 [ 321.049191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 321.054043] ? trace_hardirqs_on_caller+0x310/0x310 [ 321.059074] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 321.064105] ? prepare_exit_to_usermode+0x291/0x3b0 [ 321.069311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 321.074172] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.079364] RIP: 0033:0x4111a1 [ 321.082575] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 321.101481] RSP: 002b:00007f7b25cb7a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 321.109197] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 321.116471] RDX: 00007f7b25cb7afa RSI: 0000000000000002 RDI: 00007f7b25cb7af0 [ 321.123740] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 18:10:26 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 321.131008] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 321.138277] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 321.145580] CPU: 1 PID: 10476 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 321.154081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.163444] Call Trace: [ 321.166053] dump_stack+0x244/0x39d [ 321.169700] ? dump_stack_print_info.cold.1+0x20/0x20 [ 321.174902] ? find_held_lock+0x36/0x1c0 [ 321.178986] should_fail.cold.4+0xa/0x17 [ 321.183061] ? find_held_lock+0x36/0x1c0 [ 321.187131] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 321.187155] ? lock_downgrade+0x900/0x900 [ 321.187169] ? current_time+0x72/0x1b0 [ 321.187190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.187203] ? timespec64_trunc+0xea/0x180 [ 321.187223] ? inode_init_owner+0x340/0x340 [ 321.196477] ? find_held_lock+0x36/0x1c0 [ 321.196515] ? perf_trace_sched_process_exec+0x860/0x860 [ 321.196532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.196567] __should_failslab+0x124/0x180 [ 321.233756] should_failslab+0x9/0x14 [ 321.237587] kmem_cache_alloc+0x2be/0x730 [ 321.241737] ? do_sys_ftruncate+0x428/0x550 [ 321.246050] ? lock_downgrade+0x900/0x900 [ 321.250186] getname_flags+0xd0/0x590 [ 321.253971] ? __lock_is_held+0xb5/0x140 [ 321.258018] getname+0x19/0x20 [ 321.261202] do_sys_open+0x383/0x700 [ 321.264907] ? filp_open+0x80/0x80 [ 321.268434] ? trace_hardirqs_off_caller+0x300/0x300 [ 321.273522] ? do_sys_ftruncate+0x449/0x550 [ 321.277849] __x64_sys_open+0x7e/0xc0 [ 321.281640] do_syscall_64+0x1b9/0x820 [ 321.285538] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 321.290895] ? syscall_return_slowpath+0x5e0/0x5e0 [ 321.295809] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 321.300643] ? trace_hardirqs_on_caller+0x310/0x310 [ 321.305658] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 321.310663] ? prepare_exit_to_usermode+0x291/0x3b0 [ 321.315668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 321.320501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.325675] RIP: 0033:0x4111a1 [ 321.328863] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 321.347758] RSP: 002b:00007fbc64df4a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 321.355454] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 321.362718] RDX: 00007fbc64df4afa RSI: 0000000000000002 RDI: 00007fbc64df4af0 [ 321.369977] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 18:10:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x9, 0x48401) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000180)=0x8) lsetxattr$trusted_overlay_origin(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='trusted.overlay.origin\x00', &(0x7f00000002c0)='y\x00', 0x2, 0x1) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000200)={r2, 0x7ff}, 0x8) r3 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x9, 0xc2e425abf61a6b4e) write$P9_RLERRORu(r4, &(0x7f00000000c0)={0x1a, 0x7, 0x1, {{0xd, '/dev/binder#\x00'}, 0x88}}, 0x1a) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r3, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:26 executing program 1 (fault-call:3 fault-nth:6): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 321.377245] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 321.384499] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 321.405157] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 321.458032] overlayfs: missing 'lowerdir' [ 321.499662] FAULT_INJECTION: forcing a failure. [ 321.499662] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 321.511513] CPU: 1 PID: 10483 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 321.520018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.529376] Call Trace: [ 321.531988] dump_stack+0x244/0x39d [ 321.535641] ? dump_stack_print_info.cold.1+0x20/0x20 [ 321.540867] should_fail.cold.4+0xa/0x17 [ 321.544944] ? fault_create_debugfs_attr+0x1f0/0x1f0 18:10:26 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 321.550062] ? print_usage_bug+0xc0/0xc0 [ 321.554168] ? mark_held_locks+0x130/0x130 [ 321.558419] ? zap_class+0x640/0x640 [ 321.562155] ? print_usage_bug+0xc0/0xc0 [ 321.566229] ? zap_class+0x640/0x640 [ 321.568509] overlayfs: missing 'lowerdir' [ 321.569949] ? lock_downgrade+0x900/0x900 [ 321.569966] ? check_preemption_disabled+0x48/0x280 [ 321.569996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.577887] binder: send failed reply for transaction 252 to 10492:10493 [ 321.578278] ? should_fail+0x22d/0xd01 [ 321.599522] ? find_held_lock+0x36/0x1c0 [ 321.603597] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 321.608715] __alloc_pages_nodemask+0x34b/0xdd0 [ 321.613388] ? current_time+0x72/0x1b0 [ 321.617283] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 321.622298] ? inode_init_owner+0x340/0x340 [ 321.626647] ? find_held_lock+0x36/0x1c0 [ 321.630893] ? trace_hardirqs_off+0xb8/0x310 [ 321.635309] cache_grow_begin+0xa5/0x8c0 [ 321.639381] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 321.644922] ? check_preemption_disabled+0x48/0x280 [ 321.649945] kmem_cache_alloc+0x66b/0x730 [ 321.654094] ? do_sys_ftruncate+0x428/0x550 [ 321.658424] getname_flags+0xd0/0x590 [ 321.662224] ? __lock_is_held+0xb5/0x140 [ 321.666294] getname+0x19/0x20 [ 321.669509] do_sys_open+0x383/0x700 [ 321.673228] ? filp_open+0x80/0x80 [ 321.676775] ? trace_hardirqs_off_caller+0x300/0x300 [ 321.681876] ? do_sys_ftruncate+0x449/0x550 [ 321.686205] __x64_sys_open+0x7e/0xc0 [ 321.690010] do_syscall_64+0x1b9/0x820 [ 321.693900] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 321.699282] ? syscall_return_slowpath+0x5e0/0x5e0 [ 321.704234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 321.709080] ? trace_hardirqs_on_caller+0x310/0x310 [ 321.714102] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 321.719124] ? prepare_exit_to_usermode+0x291/0x3b0 [ 321.724148] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 321.729004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.734191] RIP: 0033:0x4111a1 [ 321.737390] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 321.756300] RSP: 002b:00007fbc64e15a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 321.764020] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 321.771289] RDX: 00007fbc64e15afa RSI: 0000000000000002 RDI: 00007fbc64e15af0 [ 321.778563] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 321.785833] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 321.793101] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:26 executing program 2 (fault-call:2 fault-nth:7): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000040)=0x4, 0x4) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 321.871647] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue 18:10:26 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 321.952080] overlayfs: missing 'lowerdir' [ 321.963892] FAULT_INJECTION: forcing a failure. [ 321.963892] name failslab, interval 1, probability 0, space 0, times 0 [ 322.012403] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 322.047939] CPU: 1 PID: 10510 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 322.056479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.065841] Call Trace: [ 322.068460] dump_stack+0x244/0x39d [ 322.072124] ? dump_stack_print_info.cold.1+0x20/0x20 [ 322.077347] ? print_usage_bug+0xc0/0xc0 [ 322.081442] should_fail.cold.4+0xa/0x17 [ 322.085517] ? find_held_lock+0x36/0x1c0 [ 322.089604] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 322.094729] ? lock_downgrade+0x900/0x900 [ 322.096075] binder: send failed reply for transaction 254 to 10511:10513 [ 322.098890] ? check_preemption_disabled+0x48/0x280 [ 322.098914] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 322.098932] ? kasan_check_read+0x11/0x20 [ 322.098956] ? find_held_lock+0x36/0x1c0 [ 322.123925] ? perf_trace_sched_process_exec+0x860/0x860 [ 322.129394] __should_failslab+0x124/0x180 [ 322.133901] should_failslab+0x9/0x14 [ 322.137705] kmem_cache_alloc+0x2be/0x730 [ 322.141852] ? zap_class+0x640/0x640 [ 322.145577] ? print_usage_bug+0xc0/0xc0 [ 322.149644] ? mark_held_locks+0x130/0x130 [ 322.153886] __alloc_file+0xa8/0x470 [ 322.157609] ? file_free_rcu+0xd0/0xd0 [ 322.161503] ? find_held_lock+0x36/0x1c0 [ 322.165586] ? is_bpf_text_address+0xac/0x170 [ 322.170086] ? lock_downgrade+0x900/0x900 [ 322.174237] ? check_preemption_disabled+0x48/0x280 [ 322.179261] alloc_empty_file+0x72/0x170 [ 322.183339] path_openat+0x170/0x5150 [ 322.187145] ? rcu_softirq_qs+0x20/0x20 [ 322.191124] ? unwind_dump+0x190/0x190 [ 322.195027] ? zap_class+0x640/0x640 [ 322.198749] ? path_lookupat.isra.43+0xc00/0xc00 [ 322.203505] ? unwind_get_return_address+0x61/0xa0 [ 322.208439] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 322.213458] ? expand_files.part.8+0x571/0x9a0 [ 322.218053] ? find_held_lock+0x36/0x1c0 [ 322.222129] ? __alloc_fd+0x347/0x6e0 [ 322.225934] ? lock_downgrade+0x900/0x900 [ 322.230086] ? getname+0x19/0x20 [ 322.233460] ? kasan_check_read+0x11/0x20 [ 322.237612] ? do_raw_spin_unlock+0xa7/0x330 [ 322.242021] ? do_raw_spin_trylock+0x270/0x270 [ 322.246610] ? __lock_is_held+0xb5/0x140 [ 322.250669] ? __check_object_size+0xb1/0x782 [ 322.255173] ? _raw_spin_unlock+0x2c/0x50 [ 322.259331] ? __alloc_fd+0x347/0x6e0 [ 322.263145] do_filp_open+0x255/0x380 [ 322.266948] ? may_open_dev+0x100/0x100 [ 322.270938] ? get_unused_fd_flags+0x122/0x1a0 [ 322.275521] ? __alloc_fd+0x6e0/0x6e0 [ 322.279338] ? __lock_is_held+0xb5/0x140 [ 322.283430] do_sys_open+0x568/0x700 [ 322.287155] ? filp_open+0x80/0x80 [ 322.290701] ? trace_hardirqs_off_caller+0x300/0x300 [ 322.295806] ? do_sys_ftruncate+0x449/0x550 [ 322.300133] __x64_sys_open+0x7e/0xc0 [ 322.303946] do_syscall_64+0x1b9/0x820 [ 322.307837] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 322.313206] ? syscall_return_slowpath+0x5e0/0x5e0 [ 322.318136] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 322.322982] ? trace_hardirqs_on_caller+0x310/0x310 [ 322.328000] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 322.333020] ? prepare_exit_to_usermode+0x291/0x3b0 [ 322.338044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 322.342896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.348083] RIP: 0033:0x4111a1 18:10:27 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:27 executing program 1 (fault-call:3 fault-nth:7): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 322.351283] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 322.370192] RSP: 002b:00007f7b25cb7a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 322.377903] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 322.385175] RDX: 00007f7b25cb7afa RSI: 0000000000000002 RDI: 00007f7b25cb7af0 [ 322.392440] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 322.399707] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 322.406977] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x200000, 0x0) [ 322.445139] overlayfs: missing 'lowerdir' 18:10:27 executing program 2 (fault-call:2 fault-nth:8): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 322.489061] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 322.560471] overlayfs: missing 'lowerdir' [ 322.568294] FAULT_INJECTION: forcing a failure. [ 322.568294] name failslab, interval 1, probability 0, space 0, times 0 [ 322.601988] CPU: 0 PID: 10530 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 322.610502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.610510] Call Trace: [ 322.610542] dump_stack+0x244/0x39d [ 322.610586] ? dump_stack_print_info.cold.1+0x20/0x20 [ 322.631327] ? print_usage_bug+0xc0/0xc0 [ 322.631353] should_fail.cold.4+0xa/0x17 [ 322.631368] ? find_held_lock+0x36/0x1c0 [ 322.631386] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 322.648666] ? lock_downgrade+0x900/0x900 [ 322.652833] ? check_preemption_disabled+0x48/0x280 [ 322.652859] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 322.652876] ? kasan_check_read+0x11/0x20 [ 322.652901] ? find_held_lock+0x36/0x1c0 [ 322.652925] ? nfc_hci_connect_gate+0x718/0x800 [ 322.675717] ? perf_trace_sched_process_exec+0x860/0x860 [ 322.681195] __should_failslab+0x124/0x180 [ 322.685450] should_failslab+0x9/0x14 [ 322.689270] kmem_cache_alloc+0x2be/0x730 [ 322.693609] ? zap_class+0x640/0x640 [ 322.697336] ? print_usage_bug+0xc0/0xc0 [ 322.701407] ? mark_held_locks+0x130/0x130 [ 322.705661] __alloc_file+0xa8/0x470 [ 322.709391] ? file_free_rcu+0xd0/0xd0 [ 322.713300] ? find_held_lock+0x36/0x1c0 [ 322.717402] ? is_bpf_text_address+0xac/0x170 [ 322.720628] FAULT_INJECTION: forcing a failure. [ 322.720628] name failslab, interval 1, probability 0, space 0, times 0 [ 322.721913] ? lock_downgrade+0x900/0x900 [ 322.721930] ? check_preemption_disabled+0x48/0x280 [ 322.721952] alloc_empty_file+0x72/0x170 [ 322.721978] path_openat+0x170/0x5150 [ 322.750139] ? rcu_softirq_qs+0x20/0x20 [ 322.754118] ? unwind_dump+0x190/0x190 [ 322.758018] ? zap_class+0x640/0x640 [ 322.761960] ? path_lookupat.isra.43+0xc00/0xc00 [ 322.766737] ? unwind_get_return_address+0x61/0xa0 [ 322.771677] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 322.776700] ? expand_files.part.8+0x571/0x9a0 [ 322.781296] ? find_held_lock+0x36/0x1c0 [ 322.785373] ? __alloc_fd+0x347/0x6e0 [ 322.789199] ? lock_downgrade+0x900/0x900 [ 322.793390] ? getname+0x19/0x20 [ 322.796786] ? kasan_check_read+0x11/0x20 [ 322.800937] ? do_raw_spin_unlock+0xa7/0x330 [ 322.805351] ? do_raw_spin_trylock+0x270/0x270 [ 322.809971] ? __lock_is_held+0xb5/0x140 [ 322.814056] ? __check_object_size+0xb1/0x782 [ 322.818588] ? _raw_spin_unlock+0x2c/0x50 [ 322.822744] ? __alloc_fd+0x347/0x6e0 [ 322.826578] do_filp_open+0x255/0x380 [ 322.830636] ? may_open_dev+0x100/0x100 [ 322.834633] ? get_unused_fd_flags+0x122/0x1a0 [ 322.839225] ? __alloc_fd+0x6e0/0x6e0 [ 322.843034] ? __lock_is_held+0xb5/0x140 [ 322.847108] do_sys_open+0x568/0x700 [ 322.850835] ? filp_open+0x80/0x80 [ 322.854385] ? trace_hardirqs_off_caller+0x300/0x300 [ 322.859491] ? do_sys_ftruncate+0x449/0x550 [ 322.863821] __x64_sys_open+0x7e/0xc0 [ 322.867645] do_syscall_64+0x1b9/0x820 [ 322.871538] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 322.876966] ? syscall_return_slowpath+0x5e0/0x5e0 [ 322.881905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 322.886756] ? trace_hardirqs_on_caller+0x310/0x310 [ 322.891783] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 322.896810] ? prepare_exit_to_usermode+0x291/0x3b0 [ 322.901876] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 322.906732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.911923] RIP: 0033:0x4111a1 [ 322.915127] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 322.934044] RSP: 002b:00007fbc64e15a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 322.941767] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 18:10:27 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:27 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 322.949042] RDX: 00007fbc64e15afa RSI: 0000000000000002 RDI: 00007fbc64e15af0 [ 322.956325] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 322.963639] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 322.970926] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 322.978224] CPU: 1 PID: 10542 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 322.986726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.994607] binder: send failed reply for transaction 256 to 10527:10536 [ 322.996079] Call Trace: [ 322.996103] dump_stack+0x244/0x39d [ 322.996130] ? dump_stack_print_info.cold.1+0x20/0x20 [ 323.014343] ? lock_downgrade+0x900/0x900 [ 323.018506] ? check_preemption_disabled+0x48/0x280 [ 323.023534] should_fail.cold.4+0xa/0x17 [ 323.027608] ? rcu_softirq_qs+0x20/0x20 [ 323.031589] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 323.036707] ? is_bpf_text_address+0xd3/0x170 [ 323.041207] ? kernel_text_address+0x79/0xf0 [ 323.045619] ? __kernel_text_address+0xd/0x40 [ 323.050119] ? unwind_get_return_address+0x61/0xa0 [ 323.055052] ? __save_stack_trace+0x8d/0xf0 [ 323.059383] ? find_held_lock+0x36/0x1c0 [ 323.063465] ? do_syscall_64+0x1b9/0x820 [ 323.067532] ? perf_trace_sched_process_exec+0x860/0x860 [ 323.073003] __should_failslab+0x124/0x180 [ 323.077246] should_failslab+0x9/0x14 [ 323.081048] kmem_cache_alloc_trace+0x2d7/0x750 [ 323.085727] ? __might_sleep+0x95/0x190 [ 323.089712] apparmor_file_alloc_security+0x17b/0xac0 [ 323.094907] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 323.100473] ? apparmor_path_rename+0xcd0/0xcd0 [ 323.105164] ? rcu_read_lock_sched_held+0x14f/0x180 [ 323.110182] ? kmem_cache_alloc+0x33a/0x730 [ 323.114505] ? zap_class+0x640/0x640 [ 323.118227] security_file_alloc+0x4c/0xa0 [ 323.122466] __alloc_file+0x12a/0x470 [ 323.126270] ? file_free_rcu+0xd0/0xd0 [ 323.130166] ? find_held_lock+0x36/0x1c0 [ 323.134243] ? is_bpf_text_address+0xac/0x170 [ 323.138740] ? lock_downgrade+0x900/0x900 [ 323.142887] ? check_preemption_disabled+0x48/0x280 [ 323.147910] alloc_empty_file+0x72/0x170 [ 323.151975] path_openat+0x170/0x5150 [ 323.155782] ? rcu_softirq_qs+0x20/0x20 [ 323.159757] ? unwind_dump+0x190/0x190 [ 323.163658] ? zap_class+0x640/0x640 [ 323.167380] ? path_lookupat.isra.43+0xc00/0xc00 [ 323.172133] ? unwind_get_return_address+0x61/0xa0 [ 323.177069] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 323.182087] ? expand_files.part.8+0x571/0x9a0 [ 323.186679] ? find_held_lock+0x36/0x1c0 [ 323.190749] ? __alloc_fd+0x347/0x6e0 [ 323.194551] ? lock_downgrade+0x900/0x900 [ 323.198707] ? getname+0x19/0x20 [ 323.202082] ? kasan_check_read+0x11/0x20 [ 323.206234] ? do_raw_spin_unlock+0xa7/0x330 [ 323.210654] ? do_raw_spin_trylock+0x270/0x270 [ 323.215234] ? __lock_is_held+0xb5/0x140 [ 323.219295] ? __check_object_size+0xb1/0x782 [ 323.223806] ? _raw_spin_unlock+0x2c/0x50 [ 323.227958] ? __alloc_fd+0x347/0x6e0 [ 323.231775] do_filp_open+0x255/0x380 [ 323.235596] ? may_open_dev+0x100/0x100 [ 323.239592] ? get_unused_fd_flags+0x122/0x1a0 [ 323.244176] ? __alloc_fd+0x6e0/0x6e0 [ 323.247984] ? __lock_is_held+0xb5/0x140 [ 323.252057] do_sys_open+0x568/0x700 [ 323.255780] ? filp_open+0x80/0x80 [ 323.259331] ? trace_hardirqs_off_caller+0x300/0x300 [ 323.264435] ? do_sys_ftruncate+0x449/0x550 [ 323.268763] __x64_sys_open+0x7e/0xc0 [ 323.272575] do_syscall_64+0x1b9/0x820 [ 323.276470] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 323.281839] ? syscall_return_slowpath+0x5e0/0x5e0 [ 323.286769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 323.291645] ? trace_hardirqs_on_caller+0x310/0x310 [ 323.296663] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 323.301682] ? prepare_exit_to_usermode+0x291/0x3b0 [ 323.306710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 323.311573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.316763] RIP: 0033:0x4111a1 [ 323.319959] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 323.338856] RSP: 002b:00007f7b25cb7a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 323.346572] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 323.353840] RDX: 00007f7b25cb7afa RSI: 0000000000000002 RDI: 00007f7b25cb7af0 [ 323.361105] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 323.368373] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 323.375655] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 323.383938] binder: undelivered TRANSACTION_COMPLETE 18:10:28 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x2c0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mq_open(&(0x7f0000000040)='\x00', 0x2, 0x4, &(0x7f00000000c0)={0x8001, 0x5, 0xec, 0x7, 0x4, 0x6, 0x0, 0x7e}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:28 executing program 1 (fault-call:3 fault-nth:8): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 323.418876] binder: undelivered TRANSACTION_ERROR: 29189 [ 323.444000] overlayfs: missing 'lowerdir' [ 323.499340] overlayfs: missing 'lowerdir' [ 323.558035] overlayfs: missing 'lowerdir' [ 323.577672] FAULT_INJECTION: forcing a failure. [ 323.577672] name failslab, interval 1, probability 0, space 0, times 0 [ 323.579927] binder: send failed reply for transaction 258 to 10556:10561 [ 323.592024] CPU: 1 PID: 10558 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 323.604358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.613713] Call Trace: [ 323.616307] dump_stack+0x244/0x39d [ 323.619947] ? dump_stack_print_info.cold.1+0x20/0x20 [ 323.625140] ? print_usage_bug+0xc0/0xc0 [ 323.629233] should_fail.cold.4+0xa/0x17 [ 323.633518] ? find_held_lock+0x36/0x1c0 [ 323.637612] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 323.642726] ? lock_downgrade+0x900/0x900 [ 323.646893] ? check_preemption_disabled+0x48/0x280 [ 323.651931] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 323.656866] ? kasan_check_read+0x11/0x20 [ 323.661029] ? find_held_lock+0x36/0x1c0 [ 323.665113] ? perf_trace_sched_process_exec+0x860/0x860 [ 323.670587] __should_failslab+0x124/0x180 [ 323.674841] should_failslab+0x9/0x14 [ 323.678658] kmem_cache_alloc+0x2be/0x730 [ 323.682808] ? zap_class+0x640/0x640 [ 323.686523] ? print_usage_bug+0xc0/0xc0 [ 323.690593] ? mark_held_locks+0x130/0x130 [ 323.694839] __alloc_file+0xa8/0x470 [ 323.698567] ? file_free_rcu+0xd0/0xd0 [ 323.702458] ? find_held_lock+0x36/0x1c0 [ 323.706528] ? is_bpf_text_address+0xac/0x170 [ 323.711033] ? lock_downgrade+0x900/0x900 [ 323.715182] ? check_preemption_disabled+0x48/0x280 [ 323.720206] alloc_empty_file+0x72/0x170 [ 323.724274] path_openat+0x170/0x5150 [ 323.728081] ? rcu_softirq_qs+0x20/0x20 [ 323.732054] ? unwind_dump+0x190/0x190 [ 323.735952] ? zap_class+0x640/0x640 [ 323.739671] ? path_lookupat.isra.43+0xc00/0xc00 [ 323.744453] ? unwind_get_return_address+0x61/0xa0 [ 323.749397] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 323.754416] ? expand_files.part.8+0x571/0x9a0 [ 323.759008] ? find_held_lock+0x36/0x1c0 [ 323.763083] ? __alloc_fd+0x347/0x6e0 [ 323.766917] ? lock_downgrade+0x900/0x900 [ 323.771699] ? getname+0x19/0x20 [ 323.775088] ? kasan_check_read+0x11/0x20 [ 323.779234] ? do_raw_spin_unlock+0xa7/0x330 [ 323.783655] ? do_raw_spin_trylock+0x270/0x270 [ 323.788242] ? __lock_is_held+0xb5/0x140 [ 323.792317] ? __check_object_size+0xb1/0x782 [ 323.796826] ? _raw_spin_unlock+0x2c/0x50 [ 323.800972] ? __alloc_fd+0x347/0x6e0 [ 323.804787] do_filp_open+0x255/0x380 [ 323.808621] ? may_open_dev+0x100/0x100 [ 323.812608] ? get_unused_fd_flags+0x122/0x1a0 [ 323.817207] ? __alloc_fd+0x6e0/0x6e0 [ 323.821013] ? __lock_is_held+0xb5/0x140 [ 323.825082] do_sys_open+0x568/0x700 [ 323.828802] ? filp_open+0x80/0x80 [ 323.832350] ? trace_hardirqs_off_caller+0x300/0x300 [ 323.837456] ? do_sys_ftruncate+0x449/0x550 [ 323.841785] __x64_sys_open+0x7e/0xc0 [ 323.845594] do_syscall_64+0x1b9/0x820 [ 323.849482] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 323.854845] ? syscall_return_slowpath+0x5e0/0x5e0 [ 323.859791] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 323.864651] ? trace_hardirqs_on_caller+0x310/0x310 [ 323.869670] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 323.874706] ? prepare_exit_to_usermode+0x291/0x3b0 [ 323.879729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 323.884601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.889789] RIP: 0033:0x4111a1 [ 323.893001] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 323.911905] RSP: 002b:00007fbc64e15a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 323.919619] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 323.926891] RDX: 00007fbc64e15afa RSI: 0000000000000002 RDI: 00007fbc64e15af0 [ 323.934162] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 323.941428] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 323.948696] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:28 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:28 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 323.957969] binder: 10556:10565 transaction failed 29189/-22, size 0-0 line 2834 [ 323.972804] overlayfs: missing 'lowerdir' 18:10:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:29 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000040)=0x4, 0x4) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 324.128719] binder: BINDER_SET_CONTEXT_MGR already set 18:10:29 executing program 1 (fault-call:3 fault-nth:9): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 324.156678] overlayfs: missing 'lowerdir' [ 324.165383] overlayfs: missing 'lowerdir' [ 324.166945] binder: 10574:10575 ioctl 40046207 0 returned -16 [ 324.176370] EXT4-fs: 2 callbacks suppressed [ 324.176398] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 324.190607] binder: undelivered TRANSACTION_ERROR: 29189 18:10:29 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 324.231127] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:29 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='\nxt-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 324.281909] overlayfs: missing 'lowerdir' [ 324.282435] binder: send failed reply for transaction 262 to 10585:10591 [ 324.325551] FAULT_INJECTION: forcing a failure. [ 324.325551] name failslab, interval 1, probability 0, space 0, times 0 [ 324.359248] CPU: 0 PID: 10593 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 324.367765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.377132] Call Trace: [ 324.379747] dump_stack+0x244/0x39d [ 324.381935] overlayfs: missing 'lowerdir' [ 324.383413] ? dump_stack_print_info.cold.1+0x20/0x20 [ 324.383445] should_fail.cold.4+0xa/0x17 [ 324.383477] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 324.401970] ? down_write_nested+0x130/0x130 [ 324.406394] ? down_read+0x120/0x120 [ 324.410126] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 324.415142] binder: 10600:10601 got reply transaction with no transaction stack [ 324.415707] ? zap_class+0x640/0x640 [ 324.415723] ? lock_acquire+0x1ed/0x520 [ 324.415751] ? lo_ioctl+0x8e/0x1d60 [ 324.415786] ? find_held_lock+0x36/0x1c0 [ 324.423453] binder: 10600:10601 transaction failed 29201/-71, size 88-32 line 2741 [ 324.426963] ? __lock_is_held+0xb5/0x140 [ 324.426980] ? fib4_rule_configure+0x3b8/0xab0 [ 324.427012] ? perf_trace_sched_process_exec+0x860/0x860 [ 324.427041] __should_failslab+0x124/0x180 [ 324.427061] should_failslab+0x9/0x14 [ 324.427082] kmem_cache_alloc_trace+0x2d7/0x750 [ 324.473189] ? check_preemption_disabled+0x48/0x280 [ 324.478217] __kthread_create_on_node+0x137/0x540 [ 324.478239] ? loop_get_status64+0x140/0x140 [ 324.478257] ? kthread_parkme+0xb0/0xb0 [ 324.478288] ? __lockdep_init_map+0x105/0x590 [ 324.495966] ? __lockdep_init_map+0x105/0x590 [ 324.500481] ? loop_get_status64+0x140/0x140 [ 324.504927] kthread_create_on_node+0xb1/0xe0 [ 324.509433] ? __kthread_create_on_node+0x540/0x540 [ 324.514502] ? kasan_check_read+0x11/0x20 [ 324.518690] lo_ioctl+0x7f6/0x1d60 [ 324.522254] ? lo_rw_aio+0x1ef0/0x1ef0 [ 324.526157] blkdev_ioctl+0x9ac/0x2010 [ 324.530056] ? blkpg_ioctl+0xc10/0xc10 [ 324.533957] ? lock_downgrade+0x900/0x900 [ 324.535353] binder: 10603:10604 got reply transaction with no transaction stack [ 324.538125] ? check_preemption_disabled+0x48/0x280 [ 324.538151] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 324.538167] ? kasan_check_read+0x11/0x20 [ 324.538186] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 324.538204] ? rcu_softirq_qs+0x20/0x20 [ 324.538232] ? __fget+0x4d1/0x740 [ 324.545908] binder: 10603:10604 transaction failed 29201/-71, size 88-32 line 2741 [ 324.550697] ? ksys_dup3+0x680/0x680 [ 324.550729] block_ioctl+0xee/0x130 [ 324.550747] ? blkdev_fallocate+0x400/0x400 [ 324.550764] do_vfs_ioctl+0x1de/0x1720 [ 324.550785] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 324.595751] ? ioctl_preallocate+0x300/0x300 [ 324.595784] ? __fget_light+0x2e9/0x430 [ 324.595800] ? fget_raw+0x20/0x20 [ 324.595818] ? rcu_read_lock_sched_held+0x14f/0x180 [ 324.595873] ? kmem_cache_free+0x24f/0x290 [ 324.595890] ? putname+0xf7/0x130 [ 324.595925] ? do_syscall_64+0x9a/0x820 [ 324.595944] ? do_syscall_64+0x9a/0x820 [ 324.605875] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 324.605897] ? security_file_ioctl+0x94/0xc0 [ 324.605917] ksys_ioctl+0xa9/0xd0 [ 324.605938] __x64_sys_ioctl+0x73/0xb0 [ 324.605957] do_syscall_64+0x1b9/0x820 [ 324.605973] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 324.605998] ? syscall_return_slowpath+0x5e0/0x5e0 [ 324.664570] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 324.669444] ? trace_hardirqs_on_caller+0x310/0x310 18:10:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r4 = getpgid(0xffffffffffffffff) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000180)={0xdb0, 0x5, r4, 0xff, r5, 0x80000000000, 0x800, 0x6}) ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000200)=r3) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) r6 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12634840040000000000000000000000000000000000000011000000000000000000000058000000000000002000000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="852a62770a000000", @ANYRES64=r6, @ANYBLOB="0200000000000000852a747001000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="010000000000000003000000000000001e00000000000000852a646600000000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000180000000000000040000000000000007800000000000000"], @ANYBLOB="01000010008871d50693dca5c1b58453"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000085000/0x4000)=nil, 0x4000, 0x2000000, 0x31, r3, 0xfffffffffffffffe) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:29 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r4 = getpgid(0xffffffffffffffff) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000180)={0xdb0, 0x5, r4, 0xff, r5, 0x80000000000, 0x800, 0x6}) ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000200)=r3) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) r6 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12634840040000000000000000000000000000000000000011000000000000000000000058000000000000002000000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="852a62770a000000", @ANYRES64=r6, @ANYBLOB="0200000000000000852a747001000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="010000000000000003000000000000001e00000000000000852a646600000000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000180000000000000040000000000000007800000000000000"], @ANYBLOB="01000010008871d50693dca5c1b58453"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000085000/0x4000)=nil, 0x4000, 0x2000000, 0x31, r3, 0xfffffffffffffffe) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:29 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 324.674470] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 324.679502] ? prepare_exit_to_usermode+0x291/0x3b0 [ 324.684552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 324.689424] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.694621] RIP: 0033:0x4573d7 [ 324.697824] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 324.716752] RSP: 002b:00007fbc64e15a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 324.724483] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 324.724508] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 324.724517] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 324.724527] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 324.724536] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 324.767750] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0, 18:10:29 executing program 1 (fault-call:3 fault-nth:10): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 324.802620] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 324.830149] overlayfs: missing 'lowerdir' [ 324.840956] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 324.860474] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0, 18:10:29 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) ioctl$void(r2, 0x5451) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:29 executing program 4: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 324.915720] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 324.951652] overlayfs: missing 'lowerdir' 18:10:29 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='%xt-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 325.038842] FAULT_INJECTION: forcing a failure. [ 325.038842] name failslab, interval 1, probability 0, space 0, times 0 [ 325.050685] CPU: 0 PID: 10625 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 325.059194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.068569] Call Trace: [ 325.071184] dump_stack+0x244/0x39d [ 325.072300] overlayfs: missing 'lowerdir' [ 325.074843] ? dump_stack_print_info.cold.1+0x20/0x20 [ 325.084219] ? mark_held_locks+0x130/0x130 [ 325.088496] should_fail.cold.4+0xa/0x17 [ 325.092601] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 325.097751] ? print_usage_bug+0xc0/0xc0 [ 325.101840] ? zap_class+0x640/0x640 [ 325.105598] ? lock_unpin_lock+0x4a0/0x4a0 [ 325.109869] ? pick_next_task_fair+0xa35/0x1c90 [ 325.114564] ? rcu_read_lock_sched_held+0x14f/0x180 [ 325.119596] ? __update_load_avg_blocked_se+0x690/0x690 [ 325.124980] ? zap_class+0x640/0x640 [ 325.128698] ? find_held_lock+0x36/0x1c0 [ 325.132768] ? zap_class+0x640/0x640 [ 325.136488] ? find_held_lock+0x36/0x1c0 [ 325.140570] ? print_usage_bug+0xc0/0xc0 [ 325.144649] __should_failslab+0x124/0x180 [ 325.148890] should_failslab+0x9/0x14 [ 325.152703] kmem_cache_alloc+0x47/0x730 [ 325.156777] ? lock_downgrade+0x900/0x900 [ 325.160953] radix_tree_node_alloc.constprop.19+0x1f7/0x370 [ 325.166706] idr_get_free+0x7a4/0xf70 [ 325.170538] ? radix_tree_iter_tag_clear+0x90/0x90 [ 325.175498] ? __save_stack_trace+0x8d/0xf0 [ 325.179845] ? save_stack+0xa9/0xd0 [ 325.183476] ? save_stack+0x43/0xd0 [ 325.187105] ? kasan_kmalloc+0xc7/0xe0 [ 325.190990] ? kasan_slab_alloc+0x12/0x20 [ 325.195139] ? kmem_cache_alloc+0x12e/0x730 [ 325.199459] ? __kernfs_new_node+0x127/0x8d0 [ 325.203879] ? kernfs_new_node+0x95/0x120 [ 325.208029] ? internal_create_group+0x5fc/0xd80 [ 325.212817] ? sysfs_create_group+0x1f/0x30 [ 325.217185] ? lo_ioctl+0x1307/0x1d60 [ 325.220986] ? blkdev_ioctl+0x9ac/0x2010 [ 325.225048] ? block_ioctl+0xee/0x130 [ 325.228857] ? do_vfs_ioctl+0x1de/0x1720 [ 325.232923] ? ksys_ioctl+0xa9/0xd0 [ 325.236552] ? do_syscall_64+0x1b9/0x820 [ 325.240641] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.246010] ? find_held_lock+0x36/0x1c0 [ 325.250087] idr_alloc_u32+0x1d4/0x3a0 [ 325.253983] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 325.258837] ? lock_acquire+0x1ed/0x520 [ 325.262810] ? __kernfs_new_node+0x14e/0x8d0 [ 325.267226] ? __lock_is_held+0xb5/0x140 [ 325.271309] idr_alloc_cyclic+0x166/0x350 [ 325.275474] ? idr_alloc+0x1b0/0x1b0 [ 325.279189] ? __radix_tree_preload+0x1f7/0x280 [ 325.283912] __kernfs_new_node+0x1ee/0x8d0 [ 325.288154] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 325.292934] ? _raw_spin_unlock_irq+0x60/0x80 [ 325.297435] ? __schedule+0x168b/0x21d0 [ 325.301415] ? zap_class+0x640/0x640 [ 325.305135] ? zap_class+0x640/0x640 [ 325.308857] ? trace_hardirqs_on+0xbd/0x310 [ 325.313180] ? kasan_check_read+0x11/0x20 [ 325.317337] ? find_held_lock+0x36/0x1c0 [ 325.321415] kernfs_new_node+0x95/0x120 [ 325.325400] kernfs_create_dir_ns+0x4d/0x160 [ 325.329853] internal_create_group+0x5fc/0xd80 [ 325.334463] ? remove_files.isra.1+0x190/0x190 [ 325.339049] ? up_write+0x7b/0x220 [ 325.342626] ? down_write_nested+0x130/0x130 [ 325.347041] ? down_read+0x120/0x120 [ 325.350777] sysfs_create_group+0x1f/0x30 [ 325.354928] lo_ioctl+0x1307/0x1d60 [ 325.358571] ? lo_rw_aio+0x1ef0/0x1ef0 [ 325.362457] blkdev_ioctl+0x9ac/0x2010 [ 325.366349] ? blkpg_ioctl+0xc10/0xc10 [ 325.370236] ? lock_downgrade+0x900/0x900 [ 325.374390] ? check_preemption_disabled+0x48/0x280 [ 325.379422] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 325.384353] ? kasan_check_read+0x11/0x20 [ 325.388513] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 325.393803] ? rcu_softirq_qs+0x20/0x20 [ 325.397835] ? __fget+0x4d1/0x740 [ 325.401304] ? ksys_dup3+0x680/0x680 [ 325.405041] block_ioctl+0xee/0x130 [ 325.408675] ? blkdev_fallocate+0x400/0x400 [ 325.412999] do_vfs_ioctl+0x1de/0x1720 [ 325.416896] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 325.422437] ? ioctl_preallocate+0x300/0x300 [ 325.426853] ? __fget_light+0x2e9/0x430 [ 325.430836] ? fget_raw+0x20/0x20 [ 325.434293] ? rcu_read_lock_sched_held+0x14f/0x180 [ 325.439313] ? kmem_cache_free+0x24f/0x290 [ 325.443549] ? putname+0xf7/0x130 [ 325.447018] ? do_syscall_64+0x9a/0x820 [ 325.450997] ? do_syscall_64+0x9a/0x820 [ 325.454981] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 325.459582] ? security_file_ioctl+0x94/0xc0 [ 325.464001] ksys_ioctl+0xa9/0xd0 [ 325.467478] __x64_sys_ioctl+0x73/0xb0 [ 325.471370] do_syscall_64+0x1b9/0x820 [ 325.475306] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 325.480674] ? syscall_return_slowpath+0x5e0/0x5e0 [ 325.485607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 325.490452] ? trace_hardirqs_on_caller+0x310/0x310 [ 325.495475] ? prepare_exit_to_usermode+0x291/0x3b0 [ 325.500516] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 325.505368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.510564] RIP: 0033:0x4573d7 [ 325.513767] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 325.532842] RSP: 002b:00007fbc64e15a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 325.540565] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 325.547839] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 325.555107] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 325.562374] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 325.569638] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:30 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 325.613096] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 325.625327] binder: send failed reply for transaction 268 to 10639:10640 [ 325.644769] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue 18:10:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 325.698618] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0, 18:10:30 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 325.757729] overlayfs: missing 'lowerdir' 18:10:30 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:30 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ex\n-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:30 executing program 4 (fault-call:3 fault-nth:0): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 325.886431] binder: send failed reply for transaction 270 to 10659:10663 [ 325.925319] binder_alloc: 10659: binder_alloc_buf, no vma 18:10:30 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 325.941256] overlayfs: missing 'lowerdir' [ 325.963688] binder: 10659:10669 transaction failed 29189/-3, size 0-0 line 2973 [ 325.974283] binder: undelivered TRANSACTION_ERROR: 29189 [ 326.033766] overlayfs: missing 'lowerdir' 18:10:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 326.058178] overlayfs: missing 'lowerdir' [ 326.069937] overlayfs: missing 'lowerdir' [ 326.091077] FAULT_INJECTION: forcing a failure. [ 326.091077] name failslab, interval 1, probability 0, space 0, times 0 [ 326.126185] CPU: 0 PID: 10681 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 326.134724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.144092] Call Trace: [ 326.146710] dump_stack+0x244/0x39d [ 326.150383] ? dump_stack_print_info.cold.1+0x20/0x20 [ 326.155624] ? lock_downgrade+0x900/0x900 [ 326.159807] should_fail.cold.4+0xa/0x17 [ 326.163901] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 326.169028] ? lock_downgrade+0x900/0x900 [ 326.173190] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 326.178737] ? proc_fail_nth_write+0x9e/0x210 [ 326.183245] ? proc_cwd_link+0x1d0/0x1d0 [ 326.187326] ? find_held_lock+0x36/0x1c0 [ 326.188550] binder: 10698:10699 got transaction to context manager from process owning it [ 326.191421] ? perf_trace_sched_process_exec+0x860/0x860 [ 326.191446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 326.205933] binder: 10698:10699 transaction failed 29201/-22, size 0-0 line 2825 [ 326.210736] __should_failslab+0x124/0x180 [ 326.210757] should_failslab+0x9/0x14 18:10:31 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r3 = accept4(r2, 0x0, &(0x7f0000000040), 0x80800) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x44) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 326.210777] __kmalloc+0x2e0/0x760 [ 326.229855] ? strncpy_from_user+0x5a0/0x5a0 [ 326.234275] ? fput+0x130/0x1a0 [ 326.237581] ? do_syscall_64+0x9a/0x820 [ 326.241574] ? __x64_sys_memfd_create+0x142/0x4f0 [ 326.246433] ? do_syscall_64+0x9a/0x820 [ 326.250423] __x64_sys_memfd_create+0x142/0x4f0 [ 326.255107] ? memfd_fcntl+0x1910/0x1910 [ 326.259192] do_syscall_64+0x1b9/0x820 [ 326.263097] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 326.268481] ? syscall_return_slowpath+0x5e0/0x5e0 [ 326.270689] binder: send failed reply for transaction 276 to 10700:10701 [ 326.273417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 326.273454] ? trace_hardirqs_on_caller+0x310/0x310 [ 326.273472] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 326.273490] ? prepare_exit_to_usermode+0x291/0x3b0 [ 326.273511] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 326.305015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.310210] RIP: 0033:0x457569 [ 326.313403] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 326.332300] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 326.340006] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 326.347275] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 326.354619] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 326.361907] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fe92e7e66d4 [ 326.369177] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:31 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ex%-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) r3 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)='(%\x00', 0xfffffffffffffffe) keyctl$revoke(0x3, r3) 18:10:31 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='%xt-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:31 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:31 executing program 4 (fault-call:3 fault-nth:1): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 326.516380] overlayfs: missing 'lowerdir' [ 326.566436] overlayfs: missing 'lowerdir' [ 326.577027] overlayfs: missing 'lowerdir' [ 326.581605] binder: send failed reply for transaction 278 to 10706:10709 [ 326.611930] FAULT_INJECTION: forcing a failure. [ 326.611930] name failslab, interval 1, probability 0, space 0, times 0 [ 326.626249] overlayfs: missing 'lowerdir' [ 326.644778] CPU: 1 PID: 10719 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 326.653283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.653291] Call Trace: [ 326.653321] dump_stack+0x244/0x39d [ 326.653371] ? dump_stack_print_info.cold.1+0x20/0x20 [ 326.674075] should_fail.cold.4+0xa/0x17 [ 326.678150] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 326.683273] ? zap_class+0x640/0x640 [ 326.686996] ? __lock_acquire+0x62f/0x4c20 [ 326.691243] ? lock_downgrade+0x900/0x900 [ 326.695420] ? check_preemption_disabled+0x48/0x280 [ 326.700452] ? find_held_lock+0x36/0x1c0 [ 326.704570] ? expand_files.part.8+0x571/0x9a0 [ 326.709184] ? perf_trace_sched_process_exec+0x860/0x860 [ 326.714654] ? find_held_lock+0x36/0x1c0 [ 326.718734] __should_failslab+0x124/0x180 [ 326.723009] should_failslab+0x9/0x14 [ 326.726814] kmem_cache_alloc+0x2be/0x730 [ 326.730977] ? shmem_destroy_callback+0xc0/0xc0 [ 326.735656] shmem_alloc_inode+0x1b/0x40 [ 326.739719] alloc_inode+0x63/0x190 [ 326.743362] new_inode_pseudo+0x71/0x1a0 [ 326.747423] ? prune_icache_sb+0x1c0/0x1c0 [ 326.751663] ? _raw_spin_unlock+0x2c/0x50 [ 326.755817] new_inode+0x1c/0x40 [ 326.759184] shmem_get_inode+0xf1/0x920 [ 326.763677] ? shmem_encode_fh+0x340/0x340 [ 326.767935] ? lock_downgrade+0x900/0x900 [ 326.772094] ? lock_release+0xa10/0xa10 [ 326.776068] ? perf_trace_sched_process_exec+0x860/0x860 [ 326.781520] ? usercopy_warn+0x110/0x110 [ 326.785605] __shmem_file_setup.part.50+0x83/0x2a0 [ 326.790546] shmem_file_setup+0x65/0x90 [ 326.794551] __x64_sys_memfd_create+0x2af/0x4f0 [ 326.799243] ? memfd_fcntl+0x1910/0x1910 [ 326.803322] do_syscall_64+0x1b9/0x820 [ 326.807227] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 326.812600] ? syscall_return_slowpath+0x5e0/0x5e0 [ 326.817532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 326.822392] ? trace_hardirqs_on_caller+0x310/0x310 [ 326.827575] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 326.832596] ? prepare_exit_to_usermode+0x291/0x3b0 [ 326.837621] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 326.842495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.847682] RIP: 0033:0x457569 [ 326.850877] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 326.869778] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 326.877488] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 326.884754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 326.892023] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 326.899303] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fe92e7e66d4 18:10:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 326.906588] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 [ 326.961933] binder: send failed reply for transaction 280 to 10733:10734 [ 326.979235] overlayfs: missing 'lowerdir' 18:10:31 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="97cd9c0f5f14aa3c6edefeba581163597f38de1b484c", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:32 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ex%-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext^\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 4 (fault-call:3 fault-nth:2): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 327.127394] binder: 10743:10745 unknown command 261934487 [ 327.136031] overlayfs: missing 'lowerdir' [ 327.137201] binder: 10743:10745 ioctl c0306201 20007000 returned -22 [ 327.176027] overlayfs: missing 'lowerdir' 18:10:32 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 327.288093] overlayfs: missing 'lowerdir' [ 327.302648] overlayfs: missing 'lowerdir' [ 327.309330] FAULT_INJECTION: forcing a failure. [ 327.309330] name failslab, interval 1, probability 0, space 0, times 0 [ 327.345937] CPU: 0 PID: 10763 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 327.354451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.363827] Call Trace: [ 327.366477] dump_stack+0x244/0x39d [ 327.370132] ? dump_stack_print_info.cold.1+0x20/0x20 [ 327.375362] should_fail.cold.4+0xa/0x17 [ 327.379464] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 327.384590] ? __kernel_text_address+0xd/0x40 [ 327.386436] overlayfs: missing 'lowerdir' [ 327.389100] ? unwind_get_return_address+0x61/0xa0 [ 327.389143] ? find_held_lock+0x36/0x1c0 [ 327.389167] ? icl_pll_get_hw_state+0x798/0x7f0 [ 327.398247] ? perf_trace_sched_process_exec+0x860/0x860 [ 327.398277] __should_failslab+0x124/0x180 [ 327.398313] should_failslab+0x9/0x14 [ 327.407044] kmem_cache_alloc+0x2be/0x730 [ 327.407062] ? mpol_shared_policy_init+0x235/0x650 [ 327.407078] ? current_time+0x72/0x1b0 [ 327.407100] __d_alloc+0xc8/0xb90 [ 327.407122] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 327.407142] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 327.424285] overlayfs: missing 'lowerdir' [ 327.424755] ? ktime_get_coarse_real_ts64+0x22e/0x370 [ 327.424774] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 327.424787] ? timespec64_trunc+0xea/0x180 [ 327.424805] ? inode_init_owner+0x340/0x340 [ 327.433635] ? _raw_spin_unlock+0x2c/0x50 [ 327.433655] ? current_time+0x10b/0x1b0 [ 327.433686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 327.433707] ? __lockdep_init_map+0x105/0x590 [ 327.442178] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 327.442194] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 327.442216] d_alloc_pseudo+0x1d/0x30 [ 327.442238] alloc_file_pseudo+0x158/0x3f0 [ 327.507854] ? alloc_file+0x4d0/0x4d0 [ 327.511642] ? usercopy_warn+0x110/0x110 [ 327.515722] __shmem_file_setup.part.50+0x110/0x2a0 [ 327.520742] shmem_file_setup+0x65/0x90 [ 327.524711] __x64_sys_memfd_create+0x2af/0x4f0 [ 327.529469] ? memfd_fcntl+0x1910/0x1910 [ 327.533522] do_syscall_64+0x1b9/0x820 [ 327.537406] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 327.542770] ? syscall_return_slowpath+0x5e0/0x5e0 [ 327.547695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 327.552542] ? trace_hardirqs_on_caller+0x310/0x310 [ 327.557567] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 327.562608] ? prepare_exit_to_usermode+0x291/0x3b0 [ 327.567620] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 327.572476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 327.577664] RIP: 0033:0x457569 [ 327.580861] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 327.599759] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 327.607476] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 327.614745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 327.622013] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 327.629287] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fe92e7e66d4 [ 327.636877] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 [ 327.653695] overlayfs: missing 'lowerdir' 18:10:32 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742df8", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext\n\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:32 executing program 4 (fault-call:3 fault-nth:3): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 327.859935] overlayfs: missing 'lowerdir' 18:10:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r0, 0x5473, &(0x7f0000000040)=0x3f2) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) fcntl$getownex(r1, 0x10, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 327.918104] overlayfs: missing 'lowerdir' 18:10:32 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 327.958358] overlayfs: missing 'lowerdir' 18:10:33 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742dc0", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 328.044627] FAULT_INJECTION: forcing a failure. [ 328.044627] name failslab, interval 1, probability 0, space 0, times 0 18:10:33 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext%\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:33 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 328.086358] binder: 10816:10821 ioctl 5473 20000040 returned -22 [ 328.133134] binder: 10816:10826 unknown command 0 [ 328.151164] binder: 10816:10826 ioctl c0306201 20007000 returned -22 [ 328.189466] overlayfs: missing 'lowerdir' [ 328.192667] CPU: 1 PID: 10813 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 328.202138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.211498] Call Trace: [ 328.214113] dump_stack+0x244/0x39d [ 328.217773] ? dump_stack_print_info.cold.1+0x20/0x20 [ 328.222983] ? __save_stack_trace+0x8d/0xf0 [ 328.227323] should_fail.cold.4+0xa/0x17 [ 328.231411] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 328.236528] ? save_stack+0x43/0xd0 [ 328.240171] ? kasan_kmalloc+0xc7/0xe0 [ 328.244082] ? percpu_ref_put_many+0x11c/0x260 [ 328.248682] ? zap_class+0x640/0x640 [ 328.252410] ? find_held_lock+0x36/0x1c0 [ 328.256507] ? perf_trace_sched_process_exec+0x860/0x860 [ 328.261970] ? lock_downgrade+0x900/0x900 [ 328.266136] __should_failslab+0x124/0x180 [ 328.270387] should_failslab+0x9/0x14 [ 328.274203] kmem_cache_alloc+0x2be/0x730 [ 328.278364] ? d_set_d_op+0x31d/0x410 [ 328.282188] __alloc_file+0xa8/0x470 [ 328.285920] ? file_free_rcu+0xd0/0xd0 [ 328.287636] overlayfs: missing 'lowerdir' [ 328.289818] ? d_instantiate+0x79/0xa0 [ 328.289835] ? lock_downgrade+0x900/0x900 [ 328.289861] ? kasan_check_read+0x11/0x20 [ 328.289876] ? do_raw_spin_unlock+0xa7/0x330 [ 328.289892] ? do_raw_spin_trylock+0x270/0x270 [ 328.289913] alloc_empty_file+0x72/0x170 [ 328.289937] alloc_file+0x5e/0x4d0 [ 328.319253] ? _raw_spin_unlock+0x2c/0x50 [ 328.319277] alloc_file_pseudo+0x261/0x3f0 [ 328.319299] ? alloc_file+0x4d0/0x4d0 [ 328.319319] ? usercopy_warn+0x110/0x110 [ 328.319353] __shmem_file_setup.part.50+0x110/0x2a0 [ 328.327047] shmem_file_setup+0x65/0x90 [ 328.327067] __x64_sys_memfd_create+0x2af/0x4f0 [ 328.327083] ? memfd_fcntl+0x1910/0x1910 [ 328.327113] do_syscall_64+0x1b9/0x820 [ 328.327129] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 328.327147] ? syscall_return_slowpath+0x5e0/0x5e0 [ 328.327162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 328.327182] ? trace_hardirqs_on_caller+0x310/0x310 [ 328.327203] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 328.348250] ? prepare_exit_to_usermode+0x291/0x3b0 [ 328.348274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 328.348298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.348311] RIP: 0033:0x457569 [ 328.348347] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 328.348356] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 328.348376] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 18:10:33 executing program 4 (fault-call:3 fault-nth:4): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 328.357088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 328.357098] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 328.357108] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fe92e7e66d4 [ 328.357117] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 [ 328.525152] overlayfs: missing 'lowerdir' 18:10:33 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext/\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:33 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 328.576825] overlayfs: missing 'lowerdir' 18:10:33 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:33 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 328.620221] FAULT_INJECTION: forcing a failure. [ 328.620221] name failslab, interval 1, probability 0, space 0, times 0 [ 328.643672] CPU: 0 PID: 10853 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 328.652198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.661571] Call Trace: [ 328.664189] dump_stack+0x244/0x39d [ 328.667855] ? dump_stack_print_info.cold.1+0x20/0x20 [ 328.673063] ? lock_downgrade+0x900/0x900 [ 328.677237] ? check_preemption_disabled+0x48/0x280 [ 328.682292] should_fail.cold.4+0xa/0x17 [ 328.686368] ? rcu_softirq_qs+0x20/0x20 [ 328.690354] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 328.695477] ? is_bpf_text_address+0xd3/0x170 [ 328.700029] ? kernel_text_address+0x79/0xf0 [ 328.704460] ? __kernel_text_address+0xd/0x40 [ 328.708996] ? unwind_get_return_address+0x61/0xa0 [ 328.713940] ? __save_stack_trace+0x8d/0xf0 [ 328.718279] ? find_held_lock+0x36/0x1c0 [ 328.722370] ? mlx4_ib_create_ah+0x9e8/0x1450 [ 328.726901] ? __x64_sys_memfd_create+0x2af/0x4f0 [ 328.731768] ? perf_trace_sched_process_exec+0x860/0x860 [ 328.737240] __should_failslab+0x124/0x180 [ 328.739652] overlayfs: missing 'lowerdir' [ 328.741492] should_failslab+0x9/0x14 [ 328.741510] kmem_cache_alloc_trace+0x2d7/0x750 [ 328.741529] ? __might_sleep+0x95/0x190 [ 328.741552] apparmor_file_alloc_security+0x17b/0xac0 [ 328.741594] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 328.741617] ? apparmor_path_rename+0xcd0/0xcd0 [ 328.741655] ? rcu_read_lock_sched_held+0x14f/0x180 [ 328.763594] ? kmem_cache_alloc+0x33a/0x730 [ 328.763610] ? d_set_d_op+0x31d/0x410 [ 328.763633] security_file_alloc+0x4c/0xa0 [ 328.763654] __alloc_file+0x12a/0x470 [ 328.763676] ? file_free_rcu+0xd0/0xd0 [ 328.773873] ? d_instantiate+0x79/0xa0 [ 328.773893] ? lock_downgrade+0x900/0x900 [ 328.773918] ? kasan_check_read+0x11/0x20 [ 328.773932] ? do_raw_spin_unlock+0xa7/0x330 [ 328.773952] ? do_raw_spin_trylock+0x270/0x270 [ 328.820153] alloc_empty_file+0x72/0x170 [ 328.824244] alloc_file+0x5e/0x4d0 [ 328.827796] ? _raw_spin_unlock+0x2c/0x50 [ 328.831974] alloc_file_pseudo+0x261/0x3f0 [ 328.836231] ? alloc_file+0x4d0/0x4d0 [ 328.840048] ? usercopy_warn+0x110/0x110 [ 328.844135] __shmem_file_setup.part.50+0x110/0x2a0 [ 328.849183] shmem_file_setup+0x65/0x90 [ 328.853158] __x64_sys_memfd_create+0x2af/0x4f0 [ 328.857836] ? memfd_fcntl+0x1910/0x1910 [ 328.861894] do_syscall_64+0x1b9/0x820 [ 328.865768] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 328.871122] ? syscall_return_slowpath+0x5e0/0x5e0 [ 328.876076] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 328.880920] ? trace_hardirqs_on_caller+0x310/0x310 [ 328.885941] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 328.890942] ? prepare_exit_to_usermode+0x291/0x3b0 [ 328.895946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 328.900780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.905959] RIP: 0033:0x457569 [ 328.909155] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 328.928042] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 328.935748] RAX: ffffffffffffffda RBX: 0000000020000540 RCX: 0000000000457569 [ 328.943011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc78a [ 328.950289] RBP: 000000000072bf00 R08: 0000000000000820 R09: 00000000fbad8001 [ 328.957555] R10: 0000000020000540 R11: 0000000000000246 R12: 00007fe92e7e66d4 [ 328.964853] R13: 00000000004c4a1e R14: 00000000004d7d88 R15: 0000000000000003 18:10:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000d51000/0x3000)=nil, 0x3000, 0x2, 0x30, r0, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="1922efd8", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:34 executing program 4 (fault-call:3 fault-nth:5): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:34 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.111308] overlayfs: missing 'lowerdir' [ 329.117434] overlayfs: missing 'lowerdir' [ 329.166521] binder: 10871:10881 unknown command -655416807 [ 329.178206] overlayfs: missing 'lowerdir' [ 329.192181] binder: 10871:10881 ioctl c0306201 20007000 returned -22 18:10:34 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.241187] EXT4-fs: 31 callbacks suppressed [ 329.241205] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue 18:10:34 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:34 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-l', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.293511] overlayfs: missing 'lowerdir' [ 329.326432] FAULT_INJECTION: forcing a failure. [ 329.326432] name failslab, interval 1, probability 0, space 0, times 0 [ 329.340709] overlayfs: missing 'lowerdir' [ 329.346169] CPU: 0 PID: 10893 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 329.346186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.364020] Call Trace: [ 329.366642] dump_stack+0x244/0x39d [ 329.370288] ? dump_stack_print_info.cold.1+0x20/0x20 [ 329.375494] ? find_held_lock+0x36/0x1c0 [ 329.379600] should_fail.cold.4+0xa/0x17 [ 329.383681] ? find_held_lock+0x36/0x1c0 [ 329.387798] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 329.392947] ? lock_downgrade+0x900/0x900 [ 329.397098] ? current_time+0x72/0x1b0 [ 329.401003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.406547] ? timespec64_trunc+0xea/0x180 [ 329.410858] ? inode_init_owner+0x340/0x340 [ 329.415182] ? find_held_lock+0x36/0x1c0 [ 329.419264] ? perf_trace_sched_process_exec+0x860/0x860 [ 329.424771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.430329] __should_failslab+0x124/0x180 [ 329.434602] should_failslab+0x9/0x14 [ 329.438389] kmem_cache_alloc+0x2be/0x730 [ 329.442524] ? do_sys_ftruncate+0x428/0x550 [ 329.446859] ? lock_downgrade+0x900/0x900 [ 329.451018] getname_flags+0xd0/0x590 [ 329.454826] ? __lock_is_held+0xb5/0x140 [ 329.458904] getname+0x19/0x20 [ 329.462097] do_sys_open+0x383/0x700 [ 329.465799] ? filp_open+0x80/0x80 [ 329.469328] ? trace_hardirqs_off_caller+0x300/0x300 [ 329.474418] ? do_sys_ftruncate+0x449/0x550 [ 329.478737] __x64_sys_open+0x7e/0xc0 [ 329.482542] do_syscall_64+0x1b9/0x820 [ 329.486423] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 329.491799] ? syscall_return_slowpath+0x5e0/0x5e0 [ 329.496740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 329.501590] ? trace_hardirqs_on_caller+0x310/0x310 [ 329.506594] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 329.511599] ? prepare_exit_to_usermode+0x291/0x3b0 [ 329.516607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 329.521441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 329.526618] RIP: 0033:0x4111a1 [ 329.529815] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 329.548723] RSP: 002b:00007fe92e7e5a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 329.556436] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 329.563705] RDX: 00007fe92e7e5afa RSI: 0000000000000002 RDI: 00007fe92e7e5af0 [ 329.570960] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 329.578219] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 329.585514] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 329.670800] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:34 executing program 4 (fault-call:3 fault-nth:6): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.711596] overlayfs: missing 'lowerdir' [ 329.732616] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue 18:10:34 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.795920] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue 18:10:34 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.841534] overlayfs: missing 'lowerdir' [ 329.848554] overlayfs: missing 'lowerdir' [ 329.848875] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 329.878165] FAULT_INJECTION: forcing a failure. [ 329.878165] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 329.889994] CPU: 1 PID: 10918 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 329.898490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.907875] Call Trace: [ 329.910501] dump_stack+0x244/0x39d [ 329.914155] ? dump_stack_print_info.cold.1+0x20/0x20 [ 329.919379] should_fail.cold.4+0xa/0x17 [ 329.923465] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 329.928611] ? print_usage_bug+0xc0/0xc0 [ 329.932712] ? mark_held_locks+0x130/0x130 [ 329.936959] ? zap_class+0x640/0x640 18:10:34 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 329.940688] ? print_usage_bug+0xc0/0xc0 [ 329.944765] ? zap_class+0x640/0x640 [ 329.948506] ? lock_downgrade+0x900/0x900 [ 329.952666] ? check_preemption_disabled+0x48/0x280 [ 329.957708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.963261] ? should_fail+0x22d/0xd01 [ 329.967159] ? find_held_lock+0x36/0x1c0 [ 329.971235] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 329.974291] binder: 10871:10931 unknown command -655416807 [ 329.976361] __alloc_pages_nodemask+0x34b/0xdd0 [ 329.976377] ? current_time+0x72/0x1b0 [ 329.976399] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 329.976418] ? inode_init_owner+0x340/0x340 [ 329.982952] binder: 10871:10931 ioctl c0306201 20007000 returned -22 [ 329.986705] ? find_held_lock+0x36/0x1c0 [ 329.986732] ? intel_display_capture_error_state+0x12e8/0x1a40 [ 329.986764] ? trace_hardirqs_off+0xb8/0x310 [ 329.986785] cache_grow_begin+0xa5/0x8c0 [ 329.986815] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 329.986830] ? check_preemption_disabled+0x48/0x280 [ 329.986850] kmem_cache_alloc+0x66b/0x730 18:10:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB, @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 329.986865] ? do_sys_ftruncate+0x428/0x550 [ 329.986891] getname_flags+0xd0/0x590 [ 330.023577] overlayfs: missing 'lowerdir' [ 330.025058] ? __lock_is_held+0xb5/0x140 [ 330.025078] getname+0x19/0x20 [ 330.025095] do_sys_open+0x383/0x700 [ 330.025114] ? filp_open+0x80/0x80 [ 330.025134] ? trace_hardirqs_off_caller+0x300/0x300 [ 330.025149] ? do_sys_ftruncate+0x449/0x550 [ 330.025173] __x64_sys_open+0x7e/0xc0 [ 330.079782] do_syscall_64+0x1b9/0x820 [ 330.083683] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 330.085494] overlayfs: missing 'lowerdir' [ 330.089061] ? syscall_return_slowpath+0x5e0/0x5e0 [ 330.089078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 330.089097] ? trace_hardirqs_on_caller+0x310/0x310 [ 330.089116] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 330.089133] ? prepare_exit_to_usermode+0x291/0x3b0 [ 330.089157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 330.089186] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 330.128163] RIP: 0033:0x4111a1 [ 330.131453] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 330.137627] 9pnet_virtio: no channels available for device / [ 330.150361] RSP: 002b:00007fe92e7e5a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 330.150375] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 330.150385] RDX: 00007fe92e7e5afa RSI: 0000000000000002 RDI: 00007fe92e7e5af0 [ 330.150394] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 330.150402] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 330.150411] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 330.194272] binder: 10935:10937 unknown command 0 [ 330.207545] binder: 10935:10937 ioctl c0306201 20007000 returned -22 [ 330.215097] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:35 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:35 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-L', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:35 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 330.355478] overlayfs: missing 'lowerdir' [ 330.402012] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 330.441872] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 330.498607] overlayfs: missing 'lowerdir' [ 330.502751] overlayfs: missing 'lowerdir' [ 330.509051] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue 18:10:35 executing program 4 (fault-call:3 fault-nth:7): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:35 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:35 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 330.579319] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:35 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:35 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742d04", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 330.728072] overlayfs: missing 'lowerdir' [ 330.735442] overlayfs: missing 'lowerdir' [ 330.752611] FAULT_INJECTION: forcing a failure. [ 330.752611] name failslab, interval 1, probability 0, space 0, times 0 [ 330.765905] CPU: 0 PID: 10986 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 330.774415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.783778] Call Trace: [ 330.786388] dump_stack+0x244/0x39d [ 330.790041] ? dump_stack_print_info.cold.1+0x20/0x20 [ 330.795252] ? print_usage_bug+0xc0/0xc0 [ 330.799344] should_fail.cold.4+0xa/0x17 [ 330.803184] overlayfs: missing 'lowerdir' [ 330.803423] ? find_held_lock+0x36/0x1c0 [ 330.803446] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 330.803478] ? lock_downgrade+0x900/0x900 [ 330.820877] ? check_preemption_disabled+0x48/0x280 [ 330.825901] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 330.830846] ? kasan_check_read+0x11/0x20 [ 330.830872] ? find_held_lock+0x36/0x1c0 [ 330.839086] ? perf_trace_sched_process_exec+0x860/0x860 [ 330.839125] __should_failslab+0x124/0x180 [ 330.839158] should_failslab+0x9/0x14 [ 330.839175] kmem_cache_alloc+0x2be/0x730 [ 330.839190] ? zap_class+0x640/0x640 [ 330.839205] ? print_usage_bug+0xc0/0xc0 [ 330.839223] ? mark_held_locks+0x130/0x130 [ 330.869516] __alloc_file+0xa8/0x470 [ 330.873249] ? file_free_rcu+0xd0/0xd0 [ 330.877159] ? find_held_lock+0x36/0x1c0 [ 330.881254] ? is_bpf_text_address+0xac/0x170 [ 330.885763] ? lock_downgrade+0x900/0x900 [ 330.889920] ? check_preemption_disabled+0x48/0x280 [ 330.894953] alloc_empty_file+0x72/0x170 [ 330.899038] path_openat+0x170/0x5150 [ 330.902893] ? rcu_softirq_qs+0x20/0x20 [ 330.906896] ? unwind_dump+0x190/0x190 [ 330.910845] ? zap_class+0x640/0x640 [ 330.914579] ? path_lookupat.isra.43+0xc00/0xc00 [ 330.914595] ? unwind_get_return_address+0x61/0xa0 [ 330.914613] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 330.914629] ? expand_files.part.8+0x571/0x9a0 [ 330.914650] ? find_held_lock+0x36/0x1c0 [ 330.924376] ? __alloc_fd+0x347/0x6e0 [ 330.924407] ? lock_downgrade+0x900/0x900 [ 330.924418] ? getname+0x19/0x20 [ 330.924469] ? kasan_check_read+0x11/0x20 [ 330.924482] ? do_raw_spin_unlock+0xa7/0x330 [ 330.924498] ? do_raw_spin_trylock+0x270/0x270 [ 330.962583] ? __lock_is_held+0xb5/0x140 [ 330.966654] ? __check_object_size+0xb1/0x782 [ 330.971155] ? _raw_spin_unlock+0x2c/0x50 [ 330.975291] ? __alloc_fd+0x347/0x6e0 [ 330.979086] do_filp_open+0x255/0x380 [ 330.982888] ? may_open_dev+0x100/0x100 [ 330.986859] ? get_unused_fd_flags+0x122/0x1a0 [ 330.991436] ? __alloc_fd+0x6e0/0x6e0 [ 330.995239] ? __lock_is_held+0xb5/0x140 [ 330.999310] do_sys_open+0x568/0x700 [ 331.003024] ? filp_open+0x80/0x80 [ 331.006554] ? trace_hardirqs_off_caller+0x300/0x300 [ 331.011664] ? do_sys_ftruncate+0x449/0x550 [ 331.015986] __x64_sys_open+0x7e/0xc0 [ 331.019775] do_syscall_64+0x1b9/0x820 [ 331.023649] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 331.029002] ? syscall_return_slowpath+0x5e0/0x5e0 [ 331.033917] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 331.038746] ? trace_hardirqs_on_caller+0x310/0x310 [ 331.043764] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 331.048766] ? prepare_exit_to_usermode+0x291/0x3b0 [ 331.053771] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 331.058609] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.063797] RIP: 0033:0x4111a1 18:10:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffc) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigreturn() ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x1c, r1, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x100, 0x0) ioctl$EVIOCGSND(r3, 0x8040451a, &(0x7f0000000100)=""/155) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB='\a\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r4 = dup3(r0, r1, 0x0) ioctl$DRM_IOCTL_GET_MAP(r4, 0xc0286404, &(0x7f0000000040)={&(0x7f0000d9d000/0x3000)=nil, 0xc3, 0x3, 0xc9, &(0x7f0000c95000/0x4000)=nil, 0xdb4}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 331.066979] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 331.085863] RSP: 002b:00007fe92e7e5a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 331.093576] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 331.100852] RDX: 00007fe92e7e5afa RSI: 0000000000000002 RDI: 00007fe92e7e5af0 [ 331.108106] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 331.115361] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 331.122617] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 331.186122] overlayfs: missing 'lowerdir' 18:10:36 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xe, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 331.263332] overlayfs: missing 'lowerdir' 18:10:36 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:36 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:36 executing program 4 (fault-call:3 fault-nth:8): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:36 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="0000000000c2a4a68eabe48b38e1838323c4a87aa91ae948ac450c7baf35da6909c4271b00ff2142e4a1030000f2cab63a34089f1053284a54bf9a55270df35d4195fd78fb7664d8fb19f55e8f88b0b260897768dc72b985aa36dcfdf9b064e783b842be3db48f13e18a8769d421802405049ae60899d153056335e7feca319f47d83b46bf9e4b56e20ac1c500000000000000000000000000000000000000000000000000000000000000"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 331.420017] binder: send failed reply for transaction 287 to 11018:11022 [ 331.442282] overlayfs: missing 'lowerdir' [ 331.544456] overlayfs: missing 'lowerdir' [ 331.569325] overlayfs: missing 'lowerdir' 18:10:36 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 331.596185] binder: 11041:11043 transaction failed 29201/-22, size 7627467946705307052-4765370256655369225 line 2973 [ 331.624829] FAULT_INJECTION: forcing a failure. [ 331.624829] name failslab, interval 1, probability 0, space 0, times 0 18:10:36 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 331.650039] CPU: 1 PID: 11042 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 331.658632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.667998] Call Trace: [ 331.670620] dump_stack+0x244/0x39d [ 331.674279] ? dump_stack_print_info.cold.1+0x20/0x20 [ 331.679493] ? lock_downgrade+0x900/0x900 [ 331.683660] ? check_preemption_disabled+0x48/0x280 [ 331.688734] should_fail.cold.4+0xa/0x17 [ 331.692825] ? rcu_softirq_qs+0x20/0x20 [ 331.696556] overlayfs: missing 'lowerdir' [ 331.696823] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 331.696850] ? is_bpf_text_address+0xd3/0x170 [ 331.696873] ? kernel_text_address+0x79/0xf0 [ 331.715017] ? __kernel_text_address+0xd/0x40 [ 331.719526] ? unwind_get_return_address+0x61/0xa0 [ 331.724472] ? __save_stack_trace+0x8d/0xf0 [ 331.728810] ? find_held_lock+0x36/0x1c0 [ 331.732903] ? do_syscall_64+0x1b9/0x820 [ 331.736978] ? perf_trace_sched_process_exec+0x860/0x860 [ 331.742456] __should_failslab+0x124/0x180 [ 331.746706] should_failslab+0x9/0x14 [ 331.750520] kmem_cache_alloc_trace+0x2d7/0x750 [ 331.755276] ? __might_sleep+0x95/0x190 [ 331.759323] apparmor_file_alloc_security+0x17b/0xac0 [ 331.765052] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 331.768842] overlayfs: missing 'lowerdir' [ 331.770621] ? apparmor_path_rename+0xcd0/0xcd0 [ 331.770646] ? rcu_read_lock_sched_held+0x14f/0x180 [ 331.770663] ? kmem_cache_alloc+0x33a/0x730 [ 331.770691] ? zap_class+0x640/0x640 [ 331.770712] security_file_alloc+0x4c/0xa0 [ 331.770747] __alloc_file+0x12a/0x470 18:10:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x3, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000040)='ip_vti0\x00') ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 331.770780] ? file_free_rcu+0xd0/0xd0 [ 331.770801] ? find_held_lock+0x36/0x1c0 [ 331.808655] ? is_bpf_text_address+0xac/0x170 [ 331.813162] ? lock_downgrade+0x900/0x900 [ 331.813178] ? check_preemption_disabled+0x48/0x280 [ 331.813201] alloc_empty_file+0x72/0x170 [ 331.813219] path_openat+0x170/0x5150 [ 331.813243] ? rcu_softirq_qs+0x20/0x20 [ 331.834220] ? unwind_dump+0x190/0x190 [ 331.834246] ? zap_class+0x640/0x640 [ 331.834265] ? path_lookupat.isra.43+0xc00/0xc00 [ 331.834279] ? unwind_get_return_address+0x61/0xa0 [ 331.834299] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 331.841900] ? expand_files.part.8+0x571/0x9a0 [ 331.841923] ? find_held_lock+0x36/0x1c0 [ 331.841948] ? __alloc_fd+0x347/0x6e0 [ 331.841965] ? lock_downgrade+0x900/0x900 [ 331.841981] ? getname+0x19/0x20 [ 331.851666] ? kasan_check_read+0x11/0x20 [ 331.851682] ? do_raw_spin_unlock+0xa7/0x330 [ 331.851697] ? do_raw_spin_trylock+0x270/0x270 [ 331.851714] ? __lock_is_held+0xb5/0x140 [ 331.851728] ? __check_object_size+0xb1/0x782 [ 331.851751] ? _raw_spin_unlock+0x2c/0x50 [ 331.851774] ? __alloc_fd+0x347/0x6e0 [ 331.906383] do_filp_open+0x255/0x380 [ 331.910202] ? may_open_dev+0x100/0x100 [ 331.913883] binder: send failed reply for transaction 291 to 11055:11057 [ 331.914204] ? get_unused_fd_flags+0x122/0x1a0 [ 331.914221] ? __alloc_fd+0x6e0/0x6e0 [ 331.914239] ? __lock_is_held+0xb5/0x140 [ 331.914262] do_sys_open+0x568/0x700 [ 331.914280] ? filp_open+0x80/0x80 [ 331.940764] ? trace_hardirqs_off_caller+0x300/0x300 [ 331.945867] ? do_sys_ftruncate+0x449/0x550 [ 331.950194] __x64_sys_open+0x7e/0xc0 [ 331.954001] do_syscall_64+0x1b9/0x820 [ 331.957891] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 331.963258] ? syscall_return_slowpath+0x5e0/0x5e0 [ 331.968190] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 331.973039] ? trace_hardirqs_on_caller+0x310/0x310 [ 331.978058] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 331.983083] ? prepare_exit_to_usermode+0x291/0x3b0 [ 331.988110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 331.992963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.998150] RIP: 0033:0x4111a1 [ 332.001351] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 332.020251] RSP: 002b:00007fe92e7e5a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 332.027956] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004111a1 [ 332.035223] RDX: 00007fe92e7e5afa RSI: 0000000000000002 RDI: 00007fe92e7e5af0 [ 332.042491] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 332.049756] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 332.057024] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:37 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500b6600900d0f2418757002ffda0deac398037e4969495107b4460e35ef9d7598f39a87bb5de4ea2aff9d422f427dcf128e96aa170adb9dbe3fded8f4befd13ad37a6c89e12410f22ad624af0f0d1825b510dda7793601dcd651b23e928309a5766b608a9eb65102000000d8", @ANYRES64=0x0, @ANYBLOB="0000000000020000"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 332.192840] overlayfs: missing 'lowerdir' 18:10:37 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:37 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 332.272533] binder: 11068:11070 unknown command 1622540309 [ 332.293802] binder: 11068:11070 ioctl c0306201 20007000 returned -22 [ 332.307872] overlayfs: missing 'lowerdir' 18:10:37 executing program 4 (fault-call:3 fault-nth:9): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 332.337309] overlayfs: missing 'lowerdir' 18:10:37 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:37 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = fcntl$dupfd(r0, 0x406, r0) getsockopt$inet6_dccp_int(r2, 0x21, 0x5, &(0x7f0000000040), &(0x7f00000000c0)=0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000100)=0x0) ptrace$setregset(0x4205, r4, 0x200, &(0x7f0000000180)={&(0x7f0000000140)="be1d55f6c9525a59866b71c97e0037f4af09b63c5ba4f321", 0x18}) [ 332.427538] overlayfs: missing 'lowerdir' 18:10:37 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742df5", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 332.565506] overlayfs: missing 'lowerdir' [ 332.586659] FAULT_INJECTION: forcing a failure. [ 332.586659] name failslab, interval 1, probability 0, space 0, times 0 [ 332.604012] overlayfs: missing 'lowerdir' [ 332.611850] CPU: 0 PID: 11106 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 332.620357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.629719] Call Trace: [ 332.632361] dump_stack+0x244/0x39d [ 332.633299] overlayfs: missing 'lowerdir' [ 332.636019] ? dump_stack_print_info.cold.1+0x20/0x20 [ 332.636055] should_fail.cold.4+0xa/0x17 [ 332.636086] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 332.642491] binder: send failed reply for transaction 294 to 11101:11102 [ 332.645419] ? down_write_nested+0x130/0x130 [ 332.645436] ? down_read+0x120/0x120 [ 332.645459] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 332.645479] ? zap_class+0x640/0x640 [ 332.650044] binder: 11101:11102 ioctl 8904 20000100 returned -22 [ 332.654623] ? lock_acquire+0x1ed/0x520 [ 332.654638] ? lo_ioctl+0x8e/0x1d60 [ 332.654662] ? find_held_lock+0x36/0x1c0 [ 332.654683] ? __lock_is_held+0xb5/0x140 [ 332.654712] ? perf_trace_sched_process_exec+0x860/0x860 [ 332.706088] __should_failslab+0x124/0x180 [ 332.710330] should_failslab+0x9/0x14 [ 332.714132] kmem_cache_alloc_trace+0x2d7/0x750 [ 332.718808] ? check_preemption_disabled+0x48/0x280 [ 332.723851] __kthread_create_on_node+0x137/0x540 [ 332.728703] ? loop_get_status64+0x140/0x140 [ 332.733113] ? kthread_parkme+0xb0/0xb0 [ 332.737108] ? __lockdep_init_map+0x105/0x590 [ 332.741611] ? __lockdep_init_map+0x105/0x590 [ 332.746115] ? loop_get_status64+0x140/0x140 [ 332.750553] kthread_create_on_node+0xb1/0xe0 [ 332.755088] ? __kthread_create_on_node+0x540/0x540 [ 332.760111] ? kasan_check_read+0x11/0x20 [ 332.764483] lo_ioctl+0x7f6/0x1d60 [ 332.768031] ? lo_rw_aio+0x1ef0/0x1ef0 [ 332.771923] blkdev_ioctl+0x9ac/0x2010 [ 332.775816] ? blkpg_ioctl+0xc10/0xc10 [ 332.779708] ? lock_downgrade+0x900/0x900 [ 332.783859] ? check_preemption_disabled+0x48/0x280 [ 332.788886] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 332.793815] ? kasan_check_read+0x11/0x20 [ 332.797973] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 332.803252] ? rcu_softirq_qs+0x20/0x20 [ 332.807330] ? __fget+0x4d1/0x740 [ 332.810810] ? ksys_dup3+0x680/0x680 [ 332.814542] block_ioctl+0xee/0x130 [ 332.818178] ? blkdev_fallocate+0x400/0x400 [ 332.822502] do_vfs_ioctl+0x1de/0x1720 [ 332.826390] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 332.831976] ? ioctl_preallocate+0x300/0x300 [ 332.836400] ? __fget_light+0x2e9/0x430 [ 332.840375] ? fget_raw+0x20/0x20 [ 332.843840] ? rcu_read_lock_sched_held+0x14f/0x180 [ 332.848861] ? kmem_cache_free+0x24f/0x290 [ 332.853102] ? putname+0xf7/0x130 [ 332.856574] ? do_syscall_64+0x9a/0x820 [ 332.860552] ? do_syscall_64+0x9a/0x820 [ 332.864540] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 332.869138] ? security_file_ioctl+0x94/0xc0 [ 332.873554] ksys_ioctl+0xa9/0xd0 [ 332.877037] __x64_sys_ioctl+0x73/0xb0 [ 332.880947] do_syscall_64+0x1b9/0x820 [ 332.884849] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 332.890219] ? syscall_return_slowpath+0x5e0/0x5e0 [ 332.895160] ? trace_hardirqs_on_caller+0x310/0x310 [ 332.900177] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 332.905200] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 332.911870] ? __switch_to_asm+0x40/0x70 [ 332.915929] ? __switch_to_asm+0x34/0x70 [ 332.919997] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 332.924881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 332.930100] RIP: 0033:0x4573d7 [ 332.933305] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 332.952206] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 332.959916] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 332.967184] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 332.974459] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 332.981725] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 332.988991] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:38 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:38 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742dfd", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="00000000000000005dbd74e1e3c851f8b18742b77695f01f54f596508cc0cf30dd342ee1ad64eb7ab9ed80b683aeb20f20bd51eb97eb1c0f3471daecb77fe149be73124e6ea5df8ac76b2c091595c6311efc3222efe3c993a73b3b24bc60ed0a596e850f3b13bdcb405d59f8bc99418067008e8b260353746698c8badb043fd231d4b3ae59a2"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) gettid() ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 333.077674] overlayfs: missing 'lowerdir' 18:10:38 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:38 executing program 4 (fault-call:3 fault-nth:10): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 333.135991] binder: 11121:11122 transaction failed 29201/-28, size 3517241542879671636-8857283790124233949 line 2973 [ 333.187480] overlayfs: missing 'lowerdir' 18:10:38 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) ioctl$EXT4_IOC_GROUP_EXTEND(r2, 0x40086607, &(0x7f0000000040)=0x80000000) [ 333.353509] overlayfs: missing 'lowerdir' [ 333.365272] overlayfs: missing 'lowerdir' 18:10:38 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742df8", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 333.407752] overlayfs: missing 'lowerdir' [ 333.427331] FAULT_INJECTION: forcing a failure. [ 333.427331] name failslab, interval 1, probability 0, space 0, times 0 [ 333.432558] binder: send failed reply for transaction 298 to 11148:11149 [ 333.438806] CPU: 0 PID: 11151 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 333.454052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.463426] Call Trace: [ 333.466025] dump_stack+0x244/0x39d [ 333.469700] ? dump_stack_print_info.cold.1+0x20/0x20 [ 333.474918] should_fail.cold.4+0xa/0x17 [ 333.478983] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 333.484127] ? zap_class+0x640/0x640 [ 333.487845] ? attach_entity_load_avg+0x860/0x860 [ 333.492700] ? __lock_acquire+0x62f/0x4c20 [ 333.496940] ? rcu_read_lock_sched_held+0x14f/0x180 [ 333.501963] ? __update_load_avg_blocked_se+0x690/0x690 [ 333.507357] ? __update_load_avg_se+0xae0/0xae0 [ 333.512030] ? cgroup_rstat_flush_locked+0xe48/0x1230 [ 333.517228] ? zap_class+0x640/0x640 [ 333.520943] ? update_load_avg+0x387/0x2470 [ 333.525267] ? __update_load_avg_se+0xae0/0xae0 [ 333.529939] ? __lock_is_held+0xb5/0x140 [ 333.534020] ? cgroup_rstat_flush_locked+0xe98/0x1230 [ 333.539220] ? print_usage_bug+0xc0/0xc0 [ 333.543291] __should_failslab+0x124/0x180 [ 333.547537] should_failslab+0x9/0x14 [ 333.551348] kmem_cache_alloc+0x47/0x730 [ 333.555416] ? lock_downgrade+0x900/0x900 [ 333.559584] radix_tree_node_alloc.constprop.19+0x1f7/0x370 [ 333.565302] idr_get_free+0x7a4/0xf70 [ 333.569120] ? radix_tree_iter_tag_clear+0x90/0x90 [ 333.574051] ? __save_stack_trace+0x8d/0xf0 [ 333.578393] ? save_stack+0xa9/0xd0 [ 333.582025] ? save_stack+0x43/0xd0 [ 333.585649] ? kasan_kmalloc+0xc7/0xe0 [ 333.589534] ? kasan_slab_alloc+0x12/0x20 [ 333.593689] ? kmem_cache_alloc+0x12e/0x730 [ 333.598011] ? __kernfs_new_node+0x127/0x8d0 [ 333.602449] ? kernfs_new_node+0x95/0x120 [ 333.606607] ? internal_create_group+0x5fc/0xd80 [ 333.611368] ? sysfs_create_group+0x1f/0x30 [ 333.615689] ? lo_ioctl+0x1307/0x1d60 [ 333.619486] ? blkdev_ioctl+0x9ac/0x2010 [ 333.623550] ? block_ioctl+0xee/0x130 [ 333.627360] ? do_vfs_ioctl+0x1de/0x1720 [ 333.631898] ? ksys_ioctl+0xa9/0xd0 [ 333.635529] ? do_syscall_64+0x1b9/0x820 [ 333.639604] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 333.644972] ? find_held_lock+0x36/0x1c0 [ 333.649066] idr_alloc_u32+0x1d4/0x3a0 [ 333.652979] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 333.657829] ? lock_acquire+0x1ed/0x520 [ 333.661813] ? __kernfs_new_node+0x14e/0x8d0 [ 333.666229] ? __lock_is_held+0xb5/0x140 [ 333.670299] idr_alloc_cyclic+0x166/0x350 [ 333.674454] ? idr_alloc+0x1b0/0x1b0 [ 333.678173] ? __radix_tree_preload+0x1f7/0x280 [ 333.682886] __kernfs_new_node+0x1ee/0x8d0 [ 333.687144] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 333.691921] ? zap_class+0x640/0x640 [ 333.695642] ? print_usage_bug+0xc0/0xc0 [ 333.699707] ? zap_class+0x640/0x640 [ 333.703464] ? trace_hardirqs_on+0xbd/0x310 [ 333.707799] ? kasan_check_read+0x11/0x20 [ 333.711960] ? find_held_lock+0x36/0x1c0 [ 333.716051] kernfs_new_node+0x95/0x120 [ 333.720035] kernfs_create_dir_ns+0x4d/0x160 [ 333.724449] internal_create_group+0x5fc/0xd80 [ 333.729045] ? remove_files.isra.1+0x190/0x190 [ 333.733627] ? up_write+0x7b/0x220 [ 333.737173] ? down_write_nested+0x130/0x130 [ 333.741591] ? down_read+0x120/0x120 [ 333.745324] sysfs_create_group+0x1f/0x30 [ 333.749489] lo_ioctl+0x1307/0x1d60 [ 333.753126] ? lo_rw_aio+0x1ef0/0x1ef0 [ 333.757019] blkdev_ioctl+0x9ac/0x2010 [ 333.760929] ? blkpg_ioctl+0xc10/0xc10 [ 333.764816] ? lock_downgrade+0x900/0x900 [ 333.769014] ? check_preemption_disabled+0x48/0x280 [ 333.774037] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 333.778970] ? kasan_check_read+0x11/0x20 [ 333.783120] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 333.788417] ? rcu_softirq_qs+0x20/0x20 [ 333.792443] ? __fget+0x4d1/0x740 [ 333.795908] ? ksys_dup3+0x680/0x680 [ 333.799639] block_ioctl+0xee/0x130 [ 333.803267] ? blkdev_fallocate+0x400/0x400 [ 333.807608] do_vfs_ioctl+0x1de/0x1720 [ 333.811528] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 333.817107] ? ioctl_preallocate+0x300/0x300 [ 333.821522] ? __fget_light+0x2e9/0x430 [ 333.825498] ? fget_raw+0x20/0x20 [ 333.828956] ? rcu_read_lock_sched_held+0x14f/0x180 [ 333.833979] ? kmem_cache_free+0x24f/0x290 [ 333.838221] ? putname+0xf7/0x130 [ 333.841681] ? do_syscall_64+0x9a/0x820 [ 333.845662] ? do_syscall_64+0x9a/0x820 [ 333.849638] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 333.854225] ? security_file_ioctl+0x94/0xc0 [ 333.858643] ksys_ioctl+0xa9/0xd0 [ 333.862100] __x64_sys_ioctl+0x73/0xb0 [ 333.865996] do_syscall_64+0x1b9/0x820 [ 333.869890] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 333.875359] ? syscall_return_slowpath+0x5e0/0x5e0 [ 333.880342] ? trace_hardirqs_on_caller+0x310/0x310 [ 333.885378] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 333.890402] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 333.897070] ? __switch_to_asm+0x40/0x70 [ 333.901133] ? __switch_to_asm+0x34/0x70 [ 333.905201] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 333.910051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 333.915239] RIP: 0033:0x4573d7 [ 333.918463] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 333.937361] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 333.945068] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 333.952334] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 18:10:38 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 333.959606] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 333.966874] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 333.974138] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0xfffffffffffffffd) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000040)) dup3(r0, r1, 0x0) dup3(r3, r2, 0x80000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 334.037397] overlayfs: missing 'lowerdir' 18:10:39 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:39 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:39 executing program 4 (fault-call:3 fault-nth:11): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 334.187300] overlayfs: missing 'lowerdir' 18:10:39 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742d06", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:39 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 334.340719] overlayfs: missing 'lowerdir' [ 334.357119] overlayfs: missing 'lowerdir' [ 334.379747] FAULT_INJECTION: forcing a failure. [ 334.379747] name failslab, interval 1, probability 0, space 0, times 0 [ 334.391072] CPU: 0 PID: 11191 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 334.399581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.408941] Call Trace: [ 334.411561] dump_stack+0x244/0x39d [ 334.415217] ? dump_stack_print_info.cold.1+0x20/0x20 [ 334.420424] should_fail.cold.4+0xa/0x17 [ 334.424489] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 334.429612] ? zap_class+0x640/0x640 [ 334.433355] ? attach_entity_load_avg+0x860/0x860 [ 334.438222] ? __lock_acquire+0x62f/0x4c20 [ 334.442464] ? rcu_read_lock_sched_held+0x14f/0x180 [ 334.447493] ? __update_load_avg_blocked_se+0x690/0x690 [ 334.452883] ? zap_class+0x640/0x640 [ 334.456615] ? find_held_lock+0x36/0x1c0 [ 334.460694] ? zap_class+0x640/0x640 [ 334.464419] ? find_held_lock+0x36/0x1c0 [ 334.468484] ? print_usage_bug+0xc0/0xc0 [ 334.472578] __should_failslab+0x124/0x180 [ 334.476919] should_failslab+0x9/0x14 [ 334.480725] kmem_cache_alloc+0x47/0x730 [ 334.484795] ? lock_downgrade+0x900/0x900 [ 334.488955] radix_tree_node_alloc.constprop.19+0x1f7/0x370 [ 334.494676] idr_get_free+0x7a4/0xf70 [ 334.498527] ? radix_tree_iter_tag_clear+0x90/0x90 [ 334.503459] ? __save_stack_trace+0x8d/0xf0 [ 334.507798] ? save_stack+0xa9/0xd0 [ 334.511431] ? save_stack+0x43/0xd0 [ 334.515079] ? kasan_kmalloc+0xc7/0xe0 [ 334.518966] ? kasan_slab_alloc+0x12/0x20 [ 334.523116] ? kmem_cache_alloc+0x12e/0x730 [ 334.527437] ? __kernfs_new_node+0x127/0x8d0 [ 334.531851] ? kernfs_new_node+0x95/0x120 [ 334.536004] ? internal_create_group+0x5fc/0xd80 [ 334.540761] ? sysfs_create_group+0x1f/0x30 [ 334.545080] ? lo_ioctl+0x1307/0x1d60 [ 334.548883] ? blkdev_ioctl+0x9ac/0x2010 [ 334.552944] ? block_ioctl+0xee/0x130 [ 334.556766] ? do_vfs_ioctl+0x1de/0x1720 [ 334.560824] ? ksys_ioctl+0xa9/0xd0 [ 334.564462] ? do_syscall_64+0x1b9/0x820 [ 334.568525] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 334.573891] ? find_held_lock+0x36/0x1c0 [ 334.577969] idr_alloc_u32+0x1d4/0x3a0 [ 334.581869] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 334.586721] ? lock_acquire+0x1ed/0x520 [ 334.590695] ? __kernfs_new_node+0x14e/0x8d0 [ 334.595111] ? __lock_is_held+0xb5/0x140 [ 334.599186] idr_alloc_cyclic+0x166/0x350 [ 334.603377] ? idr_alloc+0x1b0/0x1b0 [ 334.607121] ? __radix_tree_preload+0x1f7/0x280 [ 334.611800] __kernfs_new_node+0x1ee/0x8d0 [ 334.616041] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 334.620811] ? _raw_spin_unlock_irq+0x60/0x80 [ 334.625388] ? __schedule+0x168b/0x21d0 [ 334.629392] ? zap_class+0x640/0x640 [ 334.633110] ? zap_class+0x640/0x640 [ 334.636862] ? trace_hardirqs_on+0xbd/0x310 [ 334.641186] ? kasan_check_read+0x11/0x20 [ 334.645350] ? find_held_lock+0x36/0x1c0 [ 334.649440] kernfs_new_node+0x95/0x120 [ 334.653438] kernfs_create_dir_ns+0x4d/0x160 [ 334.657878] internal_create_group+0x5fc/0xd80 [ 334.662473] ? remove_files.isra.1+0x190/0x190 [ 334.667057] ? up_write+0x7b/0x220 [ 334.670605] ? down_write_nested+0x130/0x130 [ 334.675015] ? down_read+0x120/0x120 [ 334.678746] sysfs_create_group+0x1f/0x30 [ 334.682900] lo_ioctl+0x1307/0x1d60 [ 334.686536] ? lo_rw_aio+0x1ef0/0x1ef0 [ 334.690449] blkdev_ioctl+0x9ac/0x2010 [ 334.694341] ? blkpg_ioctl+0xc10/0xc10 [ 334.698230] ? lock_downgrade+0x900/0x900 [ 334.702379] ? check_preemption_disabled+0x48/0x280 [ 334.707415] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 334.712341] ? kasan_check_read+0x11/0x20 [ 334.716497] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 334.721795] ? rcu_softirq_qs+0x20/0x20 [ 334.725788] ? __fget+0x4d1/0x740 [ 334.729257] ? ksys_dup3+0x680/0x680 [ 334.733029] block_ioctl+0xee/0x130 [ 334.736660] ? blkdev_fallocate+0x400/0x400 [ 334.740988] do_vfs_ioctl+0x1de/0x1720 [ 334.744881] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 334.750457] ? ioctl_preallocate+0x300/0x300 [ 334.754874] ? __fget_light+0x2e9/0x430 [ 334.758859] ? fget_raw+0x20/0x20 [ 334.762464] ? rcu_read_lock_sched_held+0x14f/0x180 [ 334.767488] ? kmem_cache_free+0x24f/0x290 [ 334.771728] ? putname+0xf7/0x130 [ 334.775192] ? do_syscall_64+0x9a/0x820 [ 334.779172] ? do_syscall_64+0x9a/0x820 [ 334.783156] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 334.787745] ? security_file_ioctl+0x94/0xc0 [ 334.792160] ksys_ioctl+0xa9/0xd0 [ 334.795632] __x64_sys_ioctl+0x73/0xb0 [ 334.799522] do_syscall_64+0x1b9/0x820 [ 334.803410] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 334.808793] ? syscall_return_slowpath+0x5e0/0x5e0 [ 334.813725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 334.818583] ? trace_hardirqs_on_caller+0x310/0x310 [ 334.823618] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 334.828863] ? prepare_exit_to_usermode+0x291/0x3b0 [ 334.833888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 334.838747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 334.843933] RIP: 0033:0x4573d7 [ 334.847133] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 334.866030] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 334.873742] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 334.881015] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 334.888286] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 334.895555] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 334.902831] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:39 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="11634840e6965a654e855d2ebb64a30a7fe5f07d41c51fa95feb4b6b8aa217f22b8e4c68bb1145a6fc2d99026e1de08c30aa9d2e7c644de61731000000000000000000100927504f1bf479b95e00000000000000f0033c70bd218ebe82e5e518bbcd4c19b9fc8b08f7d39e92d5fc529ad9e054d05a2079863d9ff8dbdfea988adbedfd18cda382cd6539b7c565d40505d60fd7ba084854d84b6b1bb53d1a626404eebcc365333155ed0c0348a8ad13da17c82252d3abcd270a4a23fc2fb3c520c2e1eb741f2b2bca4a619bae19649f814a38b4c4b4828f32156c854dabe445ec764925f084f23c78495de88a13448e7bcde329ef390c68ad84b2e170d930dd4470142e2f86eabbacb6aeef5512080f51007cabefce06cdd1953dcf58f68ac367a0261214d5f7d0eb06d279aaa8a25feb83dd7729df", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r3 = dup3(r0, r1, 0x3) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000000040)={0x3, "73b63a"}, 0x4) ioctl$LOOP_SET_DIRECT_IO(r3, 0x4c08, 0x101) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 335.025422] EXT4-fs: 26 callbacks suppressed [ 335.025435] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 335.060069] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue 18:10:40 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 335.090002] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 335.120307] binder: 11217:11219 got transaction to invalid handle 18:10:40 executing program 4 (fault-call:3 fault-nth:12): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:40 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 335.151442] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 335.159868] binder: 11217:11219 transaction failed 29201/-22, size 187231422657139131-3359028022586908014 line 2834 [ 335.171179] overlayfs: missing 'lowerdir' 18:10:40 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:40 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 335.293931] overlayfs: missing 'lowerdir' [ 335.309768] overlayfs: missing 'lowerdir' [ 335.323399] FAULT_INJECTION: forcing a failure. [ 335.323399] name failslab, interval 1, probability 0, space 0, times 0 [ 335.351969] CPU: 1 PID: 11230 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 335.360482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.360491] Call Trace: [ 335.360518] dump_stack+0x244/0x39d [ 335.360545] ? dump_stack_print_info.cold.1+0x20/0x20 [ 335.360571] ? radix_tree_tag_set+0x3d0/0x3d0 [ 335.360602] should_fail.cold.4+0xa/0x17 [ 335.360640] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 335.395011] ? kernfs_activate+0x8e/0x2c0 [ 335.399174] ? zap_class+0x640/0x640 [ 335.402899] ? lock_release+0xa10/0xa10 [ 335.406883] ? perf_trace_sched_process_exec+0x860/0x860 [ 335.412358] ? find_held_lock+0x36/0x1c0 [ 335.412380] ? __lock_is_held+0xb5/0x140 [ 335.412412] ? perf_trace_sched_process_exec+0x860/0x860 [ 335.412428] ? find_held_lock+0x36/0x1c0 [ 335.412452] __should_failslab+0x124/0x180 [ 335.434292] should_failslab+0x9/0x14 [ 335.438110] kmem_cache_alloc+0x2be/0x730 [ 335.442279] ? find_held_lock+0x36/0x1c0 [ 335.446374] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 335.451405] __kernfs_new_node+0x127/0x8d0 [ 335.453292] overlayfs: missing 'lowerdir' [ 335.455651] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 335.455669] ? kasan_check_write+0x14/0x20 [ 335.455688] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 335.455704] ? __kernfs_new_node+0x697/0x8d0 [ 335.455724] ? wait_for_completion+0x8a0/0x8a0 [ 335.455743] ? zap_class+0x640/0x640 [ 335.455763] ? kasan_check_write+0x14/0x20 [ 335.455782] ? __lock_is_held+0xb5/0x140 [ 335.455798] ? wait_for_completion+0x8a0/0x8a0 [ 335.455823] ? mutex_unlock+0xd/0x10 [ 335.494896] ? kernfs_activate+0x21a/0x2c0 [ 335.494918] kernfs_new_node+0x95/0x120 [ 335.494941] __kernfs_create_file+0x5a/0x340 [ 335.494964] sysfs_add_file_mode_ns+0x222/0x530 [ 335.494990] internal_create_group+0x3df/0xd80 [ 335.495019] ? remove_files.isra.1+0x190/0x190 [ 335.495033] ? up_write+0x7b/0x220 [ 335.495049] ? down_write_nested+0x130/0x130 [ 335.495065] ? down_read+0x120/0x120 [ 335.495097] sysfs_create_group+0x1f/0x30 [ 335.495113] lo_ioctl+0x1307/0x1d60 [ 335.495136] ? lo_rw_aio+0x1ef0/0x1ef0 [ 335.495153] blkdev_ioctl+0x9ac/0x2010 [ 335.495169] ? blkpg_ioctl+0xc10/0xc10 [ 335.495184] ? lock_downgrade+0x900/0x900 [ 335.495200] ? check_preemption_disabled+0x48/0x280 [ 335.495223] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 335.495240] ? kasan_check_read+0x11/0x20 [ 335.495259] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 335.495277] ? rcu_softirq_qs+0x20/0x20 [ 335.495306] ? __fget+0x4d1/0x740 [ 335.495329] ? ksys_dup3+0x680/0x680 [ 335.495366] block_ioctl+0xee/0x130 [ 335.495384] ? blkdev_fallocate+0x400/0x400 [ 335.495403] do_vfs_ioctl+0x1de/0x1720 [ 335.503704] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 335.503725] ? ioctl_preallocate+0x300/0x300 [ 335.503742] ? __fget_light+0x2e9/0x430 [ 335.503759] ? fget_raw+0x20/0x20 [ 335.503776] ? rcu_read_lock_sched_held+0x14f/0x180 [ 335.503794] ? kmem_cache_free+0x24f/0x290 [ 335.503811] ? putname+0xf7/0x130 [ 335.503834] ? do_syscall_64+0x9a/0x820 [ 335.557378] ? do_syscall_64+0x9a/0x820 [ 335.565407] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 335.565430] ? security_file_ioctl+0x94/0xc0 [ 335.565451] ksys_ioctl+0xa9/0xd0 [ 335.565471] __x64_sys_ioctl+0x73/0xb0 [ 335.565489] do_syscall_64+0x1b9/0x820 [ 335.565505] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 335.565522] ? syscall_return_slowpath+0x5e0/0x5e0 [ 335.565538] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 335.565559] ? trace_hardirqs_on_caller+0x310/0x310 [ 335.686637] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 335.691683] ? prepare_exit_to_usermode+0x291/0x3b0 [ 335.696734] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 335.701634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 335.706846] RIP: 0033:0x4573d7 [ 335.710062] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 335.728983] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.736714] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 335.743994] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 335.751257] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 335.758521] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 335.765952] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 335.774741] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 335.803080] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 335.819623] overlayfs: missing 'lowerdir' [ 335.827395] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 335.837975] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 335.847117] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue 18:10:40 executing program 4 (fault-call:3 fault-nth:13): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 335.893488] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 335.915693] overlayfs: missing 'lowerdir' 18:10:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x80000) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) pread64(r2, &(0x7f00000000c0)=""/127, 0x7f, 0x24) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:40 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:40 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:40 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 335.963916] binder: undelivered TRANSACTION_ERROR: 29201 [ 336.001009] overlayfs: missing 'lowerdir' 18:10:41 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 336.067793] FAULT_INJECTION: forcing a failure. [ 336.067793] name failslab, interval 1, probability 0, space 0, times 0 [ 336.082439] binder: 11270:11272 ioctl 40086602 20000040 returned -22 [ 336.089099] CPU: 1 PID: 11268 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 336.097624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.106997] Call Trace: [ 336.109640] dump_stack+0x244/0x39d [ 336.113310] ? dump_stack_print_info.cold.1+0x20/0x20 [ 336.118551] should_fail.cold.4+0xa/0x17 [ 336.122689] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 336.127825] ? lock_release+0xa10/0xa10 [ 336.131828] ? perf_trace_sched_process_exec+0x860/0x860 [ 336.137316] ? zap_class+0x640/0x640 [ 336.141071] ? find_held_lock+0x36/0x1c0 [ 336.145162] ? __lock_is_held+0xb5/0x140 [ 336.145194] ? perf_trace_sched_process_exec+0x860/0x860 [ 336.145214] ? kernfs_activate+0x21a/0x2c0 [ 336.154794] __should_failslab+0x124/0x180 [ 336.154817] should_failslab+0x9/0x14 [ 336.154833] kmem_cache_alloc+0x2be/0x730 [ 336.154850] ? lock_downgrade+0x900/0x900 [ 336.154869] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 336.154888] __kernfs_new_node+0x127/0x8d0 [ 336.154908] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 336.175554] binder: send failed reply for transaction 303 to 11270:11272 [ 336.180501] ? zap_class+0x640/0x640 [ 336.180528] ? __lock_is_held+0xb5/0x140 [ 336.180546] ? wait_for_completion+0x8a0/0x8a0 [ 336.180598] ? mutex_unlock+0xd/0x10 [ 336.212596] ? kernfs_activate+0x21a/0x2c0 [ 336.216851] ? kernfs_walk_and_get_ns+0x340/0x340 [ 336.221713] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 336.227267] ? kernfs_link_sibling+0x1d2/0x3b0 [ 336.231876] kernfs_new_node+0x95/0x120 [ 336.235870] __kernfs_create_file+0x5a/0x340 [ 336.240303] sysfs_add_file_mode_ns+0x222/0x530 [ 336.244997] internal_create_group+0x3df/0xd80 [ 336.249626] ? remove_files.isra.1+0x190/0x190 [ 336.254224] ? up_write+0x7b/0x220 [ 336.257789] ? down_write_nested+0x130/0x130 [ 336.262213] ? down_read+0x120/0x120 [ 336.265960] sysfs_create_group+0x1f/0x30 [ 336.270119] lo_ioctl+0x1307/0x1d60 [ 336.273763] ? lo_rw_aio+0x1ef0/0x1ef0 [ 336.277668] blkdev_ioctl+0x9ac/0x2010 [ 336.281592] ? blkpg_ioctl+0xc10/0xc10 [ 336.285497] ? lock_downgrade+0x900/0x900 [ 336.289658] ? check_preemption_disabled+0x48/0x280 [ 336.294698] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 336.299645] ? kasan_check_read+0x11/0x20 [ 336.303808] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 336.309103] ? rcu_softirq_qs+0x20/0x20 [ 336.313106] ? __fget+0x4d1/0x740 [ 336.316602] ? ksys_dup3+0x680/0x680 [ 336.320352] block_ioctl+0xee/0x130 [ 336.323995] ? blkdev_fallocate+0x400/0x400 [ 336.328330] do_vfs_ioctl+0x1de/0x1720 [ 336.332243] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 336.337802] ? ioctl_preallocate+0x300/0x300 [ 336.342229] ? __fget_light+0x2e9/0x430 [ 336.346218] ? fget_raw+0x20/0x20 [ 336.349688] ? rcu_read_lock_sched_held+0x14f/0x180 [ 336.354718] ? kmem_cache_free+0x24f/0x290 [ 336.358968] ? putname+0xf7/0x130 [ 336.362436] ? do_syscall_64+0x9a/0x820 [ 336.366428] ? do_syscall_64+0x9a/0x820 [ 336.370418] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 336.375018] ? security_file_ioctl+0x94/0xc0 [ 336.379448] ksys_ioctl+0xa9/0xd0 [ 336.382917] __x64_sys_ioctl+0x73/0xb0 [ 336.386822] do_syscall_64+0x1b9/0x820 [ 336.390784] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 336.396169] ? syscall_return_slowpath+0x5e0/0x5e0 [ 336.401117] ? trace_hardirqs_on_caller+0x310/0x310 [ 336.406146] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 336.411179] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 336.417857] ? __switch_to_asm+0x40/0x70 [ 336.421930] ? __switch_to_asm+0x34/0x70 [ 336.426014] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 336.430874] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.436076] RIP: 0033:0x4573d7 [ 336.439283] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 336.458196] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 336.465915] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 336.473192] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 336.480475] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 336.487758] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 336.495128] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xffffff74, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="ff000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f00000000c0)="510d4bf0936397f2e00000"}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 336.616046] overlayfs: missing 'lowerdir' 18:10:41 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742d7f", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:41 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 336.709097] overlayfs: missing 'lowerdir' 18:10:41 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:41 executing program 4 (fault-call:3 fault-nth:14): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 336.735432] binder: 11301:11303 unknown command 255 [ 336.752217] binder: 11301:11303 ioctl c0306201 20000040 returned -22 18:10:41 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 336.841498] overlayfs: missing 'lowerdir' [ 336.860209] FAULT_INJECTION: forcing a failure. [ 336.860209] name failslab, interval 1, probability 0, space 0, times 0 [ 336.882708] CPU: 0 PID: 11316 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 336.891232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.900626] Call Trace: [ 336.903256] dump_stack+0x244/0x39d [ 336.903384] overlayfs: missing 'lowerdir' [ 336.906923] ? dump_stack_print_info.cold.1+0x20/0x20 [ 336.906955] should_fail.cold.4+0xa/0x17 [ 336.906978] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 336.925495] ? lock_release+0xa10/0xa10 [ 336.929488] ? perf_trace_sched_process_exec+0x860/0x860 [ 336.934970] ? zap_class+0x640/0x640 [ 336.938719] ? find_held_lock+0x36/0x1c0 [ 336.942809] ? __lock_is_held+0xb5/0x140 [ 336.946917] ? perf_trace_sched_process_exec+0x860/0x860 [ 336.952387] ? kernfs_activate+0x21a/0x2c0 [ 336.956657] __should_failslab+0x124/0x180 [ 336.956685] should_failslab+0x9/0x14 [ 336.964732] kmem_cache_alloc+0x2be/0x730 [ 336.964749] ? lock_downgrade+0x900/0x900 [ 336.964769] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 336.964788] __kernfs_new_node+0x127/0x8d0 [ 336.964807] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 336.987087] ? zap_class+0x640/0x640 [ 336.990804] ? __lock_is_held+0xb5/0x140 [ 336.994872] ? wait_for_completion+0x8a0/0x8a0 [ 336.999478] ? mutex_unlock+0xd/0x10 [ 337.003206] ? kernfs_activate+0x21a/0x2c0 [ 337.007443] ? kernfs_walk_and_get_ns+0x340/0x340 [ 337.012285] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 337.017823] ? kernfs_link_sibling+0x1d2/0x3b0 [ 337.022438] kernfs_new_node+0x95/0x120 [ 337.026430] __kernfs_create_file+0x5a/0x340 [ 337.030858] sysfs_add_file_mode_ns+0x222/0x530 [ 337.035531] internal_create_group+0x3df/0xd80 [ 337.040117] ? remove_files.isra.1+0x190/0x190 [ 337.044700] ? up_write+0x7b/0x220 [ 337.048236] ? down_write_nested+0x130/0x130 [ 337.052644] ? down_read+0x120/0x120 [ 337.056364] sysfs_create_group+0x1f/0x30 [ 337.060514] lo_ioctl+0x1307/0x1d60 [ 337.064146] ? lo_rw_aio+0x1ef0/0x1ef0 [ 337.068038] blkdev_ioctl+0x9ac/0x2010 [ 337.071934] ? blkpg_ioctl+0xc10/0xc10 [ 337.075833] ? lock_downgrade+0x900/0x900 [ 337.079984] ? check_preemption_disabled+0x48/0x280 [ 337.085126] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 337.090053] ? kasan_check_read+0x11/0x20 [ 337.094222] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 337.099511] ? rcu_softirq_qs+0x20/0x20 [ 337.103617] ? __fget+0x4d1/0x740 [ 337.107088] ? ksys_dup3+0x680/0x680 [ 337.110818] block_ioctl+0xee/0x130 [ 337.114446] ? blkdev_fallocate+0x400/0x400 [ 337.118779] do_vfs_ioctl+0x1de/0x1720 [ 337.122681] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 337.128218] ? ioctl_preallocate+0x300/0x300 [ 337.132630] ? __fget_light+0x2e9/0x430 [ 337.136619] ? fget_raw+0x20/0x20 [ 337.140070] ? rcu_read_lock_sched_held+0x14f/0x180 [ 337.145084] ? kmem_cache_free+0x24f/0x290 [ 337.149317] ? putname+0xf7/0x130 [ 337.152780] ? do_syscall_64+0x9a/0x820 [ 337.156765] ? do_syscall_64+0x9a/0x820 [ 337.160738] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 337.165331] ? security_file_ioctl+0x94/0xc0 [ 337.169740] ksys_ioctl+0xa9/0xd0 [ 337.173191] __x64_sys_ioctl+0x73/0xb0 [ 337.177078] do_syscall_64+0x1b9/0x820 [ 337.180963] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 337.186323] ? syscall_return_slowpath+0x5e0/0x5e0 [ 337.191263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 337.196126] ? trace_hardirqs_on_caller+0x310/0x310 [ 337.201142] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 337.206156] ? prepare_exit_to_usermode+0x291/0x3b0 [ 337.211185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 337.216044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 337.221231] RIP: 0033:0x4573d7 [ 337.224421] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 337.243319] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 337.251176] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 337.258443] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 337.265716] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 337.272980] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 337.280255] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:42 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:42 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:42 executing program 4 (fault-call:3 fault-nth:15): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:42 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\r', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 337.436790] overlayfs: missing 'lowerdir' [ 337.477793] overlayfs: missing 'lowerdir' 18:10:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xb8eb3da9ebfee2b0, 0xb01, 0xffff, 0x2, 0x10, r0, 0x8000}, 0x2c) r4 = fcntl$dupfd(r1, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f0000000140), 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000040)=[@acquire_done={0x40486311}], 0xce, 0x0, &(0x7f0000000040)}) r5 = shmget$private(0x0, 0x4000, 0x1, &(0x7f0000708000/0x4000)=nil) shmctl$SHM_INFO(r5, 0xe, &(0x7f0000000200)=""/205) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 337.554412] overlayfs: missing 'lowerdir' [ 337.602358] overlayfs: missing 'lowerdir' 18:10:42 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742dc0", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 337.663271] FAULT_INJECTION: forcing a failure. [ 337.663271] name failslab, interval 1, probability 0, space 0, times 0 [ 337.675881] binder_alloc: 11363: binder_alloc_buf size 2554215420696027696 failed, no address space 18:10:42 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:42 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 337.705553] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384) [ 337.757763] binder: 11363:11364 transaction failed 29201/-28, size 0-0 line 2973 [ 337.811377] CPU: 1 PID: 11365 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 337.820013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.829386] Call Trace: [ 337.832011] dump_stack+0x244/0x39d [ 337.835679] ? dump_stack_print_info.cold.1+0x20/0x20 [ 337.840916] should_fail.cold.4+0xa/0x17 [ 337.845014] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 337.850148] ? lock_release+0xa10/0xa10 [ 337.854147] ? perf_trace_sched_process_exec+0x860/0x860 [ 337.859659] ? zap_class+0x640/0x640 [ 337.863410] ? find_held_lock+0x36/0x1c0 [ 337.867499] ? __lock_is_held+0xb5/0x140 [ 337.871624] ? perf_trace_sched_process_exec+0x860/0x860 [ 337.877097] ? kernfs_activate+0x21a/0x2c0 [ 337.881376] __should_failslab+0x124/0x180 [ 337.885645] should_failslab+0x9/0x14 [ 337.889469] kmem_cache_alloc+0x2be/0x730 [ 337.893645] ? lock_downgrade+0x900/0x900 [ 337.897821] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 337.902862] __kernfs_new_node+0x127/0x8d0 [ 337.904450] overlayfs: missing 'lowerdir' [ 337.907124] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 337.907142] ? zap_class+0x640/0x640 [ 337.907169] ? __lock_is_held+0xb5/0x140 [ 337.907187] ? wait_for_completion+0x8a0/0x8a0 [ 337.907215] ? mutex_unlock+0xd/0x10 [ 337.918371] overlayfs: missing 'lowerdir' [ 337.919832] ? kernfs_activate+0x21a/0x2c0 [ 337.919852] ? kernfs_walk_and_get_ns+0x340/0x340 [ 337.919871] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 337.919887] ? kernfs_link_sibling+0x1d2/0x3b0 [ 337.919911] kernfs_new_node+0x95/0x120 [ 337.919941] __kernfs_create_file+0x5a/0x340 [ 337.940730] sysfs_add_file_mode_ns+0x222/0x530 [ 337.940760] internal_create_group+0x3df/0xd80 [ 337.940789] ? remove_files.isra.1+0x190/0x190 [ 337.940802] ? up_write+0x7b/0x220 [ 337.940818] ? down_write_nested+0x130/0x130 [ 337.940840] ? down_read+0x120/0x120 [ 337.951244] sysfs_create_group+0x1f/0x30 [ 337.951262] lo_ioctl+0x1307/0x1d60 [ 337.951285] ? lo_rw_aio+0x1ef0/0x1ef0 [ 337.951301] blkdev_ioctl+0x9ac/0x2010 [ 337.951317] ? blkpg_ioctl+0xc10/0xc10 [ 337.951336] ? lock_downgrade+0x900/0x900 [ 337.978184] ? check_preemption_disabled+0x48/0x280 [ 337.978209] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 337.978226] ? kasan_check_read+0x11/0x20 [ 337.978245] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 337.978263] ? rcu_softirq_qs+0x20/0x20 [ 337.978289] ? __fget+0x4d1/0x740 [ 337.986253] ? ksys_dup3+0x680/0x680 [ 337.986283] block_ioctl+0xee/0x130 [ 337.986300] ? blkdev_fallocate+0x400/0x400 [ 337.986319] do_vfs_ioctl+0x1de/0x1720 [ 338.023622] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 338.023644] ? ioctl_preallocate+0x300/0x300 [ 338.023662] ? __fget_light+0x2e9/0x430 [ 338.023679] ? fget_raw+0x20/0x20 [ 338.023698] ? rcu_read_lock_sched_held+0x14f/0x180 [ 338.023714] ? kmem_cache_free+0x24f/0x290 [ 338.023733] ? putname+0xf7/0x130 [ 338.033171] ? do_syscall_64+0x9a/0x820 [ 338.033189] ? do_syscall_64+0x9a/0x820 [ 338.033207] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 338.033228] ? security_file_ioctl+0x94/0xc0 [ 338.033248] ksys_ioctl+0xa9/0xd0 [ 338.033268] __x64_sys_ioctl+0x73/0xb0 [ 338.033287] do_syscall_64+0x1b9/0x820 [ 338.114533] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 338.119906] ? syscall_return_slowpath+0x5e0/0x5e0 [ 338.124856] ? trace_hardirqs_on_caller+0x310/0x310 [ 338.129877] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 338.134911] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 338.141598] ? __switch_to_asm+0x40/0x70 [ 338.145666] ? __switch_to_asm+0x34/0x70 [ 338.149745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 338.154628] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.159830] RIP: 0033:0x4573d7 [ 338.163023] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 338.181934] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.189669] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 338.196950] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 338.204216] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 338.211484] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 338.218761] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:43 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:43 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) [ 338.280541] overlayfs: missing 'lowerdir' 18:10:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x3) 18:10:43 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:43 executing program 4 (fault-call:3 fault-nth:16): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:43 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 338.428778] binder: send failed reply for transaction 308 to 11401:11402 18:10:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x20011, r1, 0x100000000800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x4080, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 338.511470] overlayfs: missing 'lowerdir' [ 338.522240] overlayfs: missing 'lowerdir' [ 338.530965] overlayfs: missing 'lowerdir' [ 338.557497] FAULT_INJECTION: forcing a failure. [ 338.557497] name failslab, interval 1, probability 0, space 0, times 0 [ 338.569758] CPU: 0 PID: 11416 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 338.578278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.578287] Call Trace: [ 338.578317] dump_stack+0x244/0x39d [ 338.578349] ? dump_stack_print_info.cold.1+0x20/0x20 [ 338.578384] should_fail.cold.4+0xa/0x17 [ 338.578407] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 338.578426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 338.578442] ? wake_up_klogd+0x11a/0x180 [ 338.578460] ? console_device+0xc0/0xc0 [ 338.578492] ? __down_trylock_console_sem+0x151/0x1f0 [ 338.590451] ? zap_class+0x640/0x640 [ 338.630914] ? vprintk_emit+0x293/0x990 [ 338.634921] ? find_held_lock+0x36/0x1c0 [ 338.639032] ? __lock_is_held+0xb5/0x140 [ 338.643193] ? perf_trace_sched_process_exec+0x860/0x860 [ 338.648675] ? vprintk_default+0x28/0x30 [ 338.652765] __should_failslab+0x124/0x180 [ 338.657028] should_failslab+0x9/0x14 [ 338.660863] kmem_cache_alloc_trace+0x2d7/0x750 [ 338.665619] kobject_uevent_env+0x2f3/0x101e [ 338.670069] kobject_uevent+0x1f/0x24 [ 338.673899] lo_ioctl+0x1385/0x1d60 [ 338.677557] ? lo_rw_aio+0x1ef0/0x1ef0 [ 338.677827] binder_alloc: 11426: binder_alloc_buf, no vma [ 338.681495] blkdev_ioctl+0x9ac/0x2010 [ 338.681513] ? blkpg_ioctl+0xc10/0xc10 [ 338.681528] ? lock_downgrade+0x900/0x900 [ 338.681543] ? check_preemption_disabled+0x48/0x280 [ 338.681590] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 338.709014] ? kasan_check_read+0x11/0x20 [ 338.713184] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 338.718406] binder: 11426:11431 transaction failed 29189/-3, size 0-0 line 2973 [ 338.718490] ? rcu_softirq_qs+0x20/0x20 [ 338.729975] ? __fget+0x4d1/0x740 [ 338.733459] ? ksys_dup3+0x680/0x680 [ 338.737207] block_ioctl+0xee/0x130 [ 338.737225] ? blkdev_fallocate+0x400/0x400 [ 338.737242] do_vfs_ioctl+0x1de/0x1720 [ 338.737263] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 338.754657] ? ioctl_preallocate+0x300/0x300 [ 338.759090] ? __fget_light+0x2e9/0x430 [ 338.763326] ? fget_raw+0x20/0x20 [ 338.766831] ? rcu_read_lock_sched_held+0x14f/0x180 [ 338.771885] ? kmem_cache_free+0x24f/0x290 [ 338.776142] ? putname+0xf7/0x130 [ 338.779643] ? do_syscall_64+0x9a/0x820 [ 338.783642] ? do_syscall_64+0x9a/0x820 [ 338.787644] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 338.792261] ? security_file_ioctl+0x94/0xc0 [ 338.796700] ksys_ioctl+0xa9/0xd0 [ 338.800181] __x64_sys_ioctl+0x73/0xb0 [ 338.804092] do_syscall_64+0x1b9/0x820 [ 338.808008] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 338.813395] ? syscall_return_slowpath+0x5e0/0x5e0 [ 338.818354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 338.823214] ? trace_hardirqs_on_caller+0x310/0x310 [ 338.828231] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 338.833266] ? prepare_exit_to_usermode+0x291/0x3b0 [ 338.838288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 338.843139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.848326] RIP: 0033:0x4573d7 [ 338.851519] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 338.870515] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.878229] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 338.885512] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 338.892779] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 338.900094] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 18:10:43 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 338.907410] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 338.951371] overlayfs: missing 'lowerdir' 18:10:43 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:44 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}]}) 18:10:44 executing program 4 (fault-call:3 fault-nth:17): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:44 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742dff", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:44 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 339.214492] overlayfs: missing 'lowerdir' [ 339.241261] FAULT_INJECTION: forcing a failure. [ 339.241261] name failslab, interval 1, probability 0, space 0, times 0 [ 339.252765] CPU: 1 PID: 11463 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 339.261278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.263192] overlayfs: missing 'lowerdir' [ 339.270644] Call Trace: [ 339.270674] dump_stack+0x244/0x39d [ 339.270703] ? dump_stack_print_info.cold.1+0x20/0x20 [ 339.270735] should_fail.cold.4+0xa/0x17 [ 339.270759] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 339.270789] ? lock_release+0xa10/0xa10 [ 339.299485] ? perf_trace_sched_process_exec+0x860/0x860 [ 339.304964] ? zap_class+0x640/0x640 [ 339.308713] ? find_held_lock+0x36/0x1c0 [ 339.312799] ? __lock_is_held+0xb5/0x140 [ 339.316897] ? perf_trace_sched_process_exec+0x860/0x860 [ 339.322370] ? kernfs_activate+0x21a/0x2c0 [ 339.322398] __should_failslab+0x124/0x180 [ 339.322423] should_failslab+0x9/0x14 [ 339.334710] kmem_cache_alloc+0x2be/0x730 [ 339.334729] ? lock_downgrade+0x900/0x900 [ 339.334749] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 339.334769] __kernfs_new_node+0x127/0x8d0 [ 339.334788] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 339.334804] ? zap_class+0x640/0x640 [ 339.334830] ? __lock_is_held+0xb5/0x140 [ 339.334851] ? wait_for_completion+0x8a0/0x8a0 [ 339.369548] ? mutex_unlock+0xd/0x10 [ 339.373315] ? kernfs_activate+0x21a/0x2c0 [ 339.377611] ? kernfs_walk_and_get_ns+0x340/0x340 [ 339.382481] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 339.388044] ? kernfs_link_sibling+0x1d2/0x3b0 [ 339.392658] kernfs_new_node+0x95/0x120 [ 339.396667] __kernfs_create_file+0x5a/0x340 [ 339.401097] sysfs_add_file_mode_ns+0x222/0x530 [ 339.405794] internal_create_group+0x3df/0xd80 [ 339.410413] ? remove_files.isra.1+0x190/0x190 [ 339.415020] ? up_write+0x7b/0x220 [ 339.418610] ? down_write_nested+0x130/0x130 [ 339.423031] ? down_read+0x120/0x120 [ 339.426762] sysfs_create_group+0x1f/0x30 [ 339.430923] lo_ioctl+0x1307/0x1d60 [ 339.434593] ? lo_rw_aio+0x1ef0/0x1ef0 [ 339.438504] blkdev_ioctl+0x9ac/0x2010 [ 339.442404] ? blkpg_ioctl+0xc10/0xc10 [ 339.446290] ? lock_downgrade+0x900/0x900 [ 339.450437] ? check_preemption_disabled+0x48/0x280 [ 339.455455] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 339.460383] ? kasan_check_read+0x11/0x20 [ 339.464604] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 339.469886] ? rcu_softirq_qs+0x20/0x20 [ 339.473867] ? __fget+0x4d1/0x740 [ 339.477325] ? ksys_dup3+0x680/0x680 [ 339.481049] block_ioctl+0xee/0x130 [ 339.484677] ? blkdev_fallocate+0x400/0x400 [ 339.489000] do_vfs_ioctl+0x1de/0x1720 [ 339.492886] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 339.498422] ? ioctl_preallocate+0x300/0x300 [ 339.502838] ? __fget_light+0x2e9/0x430 [ 339.506828] ? fget_raw+0x20/0x20 [ 339.510286] ? rcu_read_lock_sched_held+0x14f/0x180 [ 339.515301] ? kmem_cache_free+0x24f/0x290 [ 339.519533] ? putname+0xf7/0x130 [ 339.523002] ? do_syscall_64+0x9a/0x820 [ 339.526974] ? do_syscall_64+0x9a/0x820 [ 339.530947] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 339.535532] ? security_file_ioctl+0x94/0xc0 [ 339.540086] ksys_ioctl+0xa9/0xd0 [ 339.543566] __x64_sys_ioctl+0x73/0xb0 [ 339.547495] do_syscall_64+0x1b9/0x820 [ 339.551382] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 339.556771] ? syscall_return_slowpath+0x5e0/0x5e0 [ 339.561699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 339.566561] ? trace_hardirqs_on_caller+0x310/0x310 [ 339.571620] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 339.576758] ? prepare_exit_to_usermode+0x291/0x3b0 [ 339.581804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 339.586658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 339.591851] RIP: 0033:0x4573d7 [ 339.595055] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 339.613964] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 339.621683] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 339.628953] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 18:10:44 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:44 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 339.636504] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 339.643776] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 339.651065] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="08421550c238721d0e", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x31, r0, 0x200005e) dup3(r0, r2, 0x80000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 339.732000] binder: undelivered TRANSACTION_ERROR: 29189 [ 339.737653] overlayfs: missing 'lowerdir' 18:10:44 executing program 4 (fault-call:3 fault-nth:18): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 339.817411] overlayfs: missing 'lowerdir' 18:10:44 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\'', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 339.870832] binder: 11493:11496 unknown command 1343570440 18:10:44 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 339.916671] binder: 11493:11496 ioctl c0306201 20007000 returned -22 18:10:44 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4000, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0xffffffff, 0xe0902888232b15af) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000100)=0x1e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) write$P9_RXATTRCREATE(r2, &(0x7f0000000180)={0x7, 0x21, 0x2}, 0x7) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 340.010044] overlayfs: missing 'lowerdir' [ 340.056786] overlayfs: missing 'lowerdir' [ 340.075169] FAULT_INJECTION: forcing a failure. [ 340.075169] name failslab, interval 1, probability 0, space 0, times 0 [ 340.083620] binder: send failed reply for transaction 313 to 11518:11519 [ 340.099935] CPU: 1 PID: 11516 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 340.106295] overlayfs: missing 'lowerdir' [ 340.108455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.108461] Call Trace: [ 340.108490] dump_stack+0x244/0x39d [ 340.108517] ? dump_stack_print_info.cold.1+0x20/0x20 [ 340.108540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.108603] should_fail.cold.4+0xa/0x17 [ 340.143100] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 340.148217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.153771] ? wake_up_klogd+0x11a/0x180 [ 340.157847] ? console_device+0xc0/0xc0 [ 340.161841] ? __down_trylock_console_sem+0x151/0x1f0 [ 340.167048] ? zap_class+0x640/0x640 [ 340.170772] ? vprintk_emit+0x293/0x990 [ 340.174772] ? find_held_lock+0x36/0x1c0 [ 340.178852] ? __lock_is_held+0xb5/0x140 [ 340.182945] ? perf_trace_sched_process_exec+0x860/0x860 [ 340.188410] ? vprintk_default+0x28/0x30 [ 340.192491] __should_failslab+0x124/0x180 [ 340.196744] should_failslab+0x9/0x14 [ 340.200560] kmem_cache_alloc_trace+0x2d7/0x750 [ 340.205278] kobject_uevent_env+0x2f3/0x101e [ 340.209723] kobject_uevent+0x1f/0x24 [ 340.213539] lo_ioctl+0x1385/0x1d60 [ 340.217209] ? lo_rw_aio+0x1ef0/0x1ef0 [ 340.221110] blkdev_ioctl+0x9ac/0x2010 [ 340.225016] ? blkpg_ioctl+0xc10/0xc10 [ 340.228917] ? lock_downgrade+0x900/0x900 [ 340.233077] ? check_preemption_disabled+0x48/0x280 [ 340.238114] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 340.243060] ? kasan_check_read+0x11/0x20 [ 340.247223] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 340.252519] ? rcu_softirq_qs+0x20/0x20 [ 340.256518] ? __fget+0x4d1/0x740 [ 340.259994] ? ksys_dup3+0x680/0x680 [ 340.263740] block_ioctl+0xee/0x130 [ 340.267384] ? blkdev_fallocate+0x400/0x400 [ 340.271720] do_vfs_ioctl+0x1de/0x1720 [ 340.275647] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 340.281205] ? ioctl_preallocate+0x300/0x300 [ 340.285646] ? __fget_light+0x2e9/0x430 [ 340.289637] ? fget_raw+0x20/0x20 [ 340.293109] ? rcu_read_lock_sched_held+0x14f/0x180 [ 340.298140] ? kmem_cache_free+0x24f/0x290 [ 340.302387] ? putname+0xf7/0x130 [ 340.305855] ? do_syscall_64+0x9a/0x820 [ 340.309843] ? do_syscall_64+0x9a/0x820 [ 340.313834] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 340.318435] ? security_file_ioctl+0x94/0xc0 [ 340.322866] ksys_ioctl+0xa9/0xd0 [ 340.326337] __x64_sys_ioctl+0x73/0xb0 [ 340.330245] do_syscall_64+0x1b9/0x820 [ 340.334149] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 340.339529] ? syscall_return_slowpath+0x5e0/0x5e0 [ 340.344480] ? trace_hardirqs_on_caller+0x310/0x310 [ 340.349514] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 340.354546] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 340.361247] ? __switch_to_asm+0x40/0x70 [ 340.365325] ? __switch_to_asm+0x34/0x70 [ 340.369409] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 340.374272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 340.379474] RIP: 0033:0x4573d7 [ 340.382683] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 340.401615] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.409335] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 340.416641] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 340.423922] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 340.431200] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 340.438479] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 340.460294] EXT4-fs: 26 callbacks suppressed [ 340.460311] EXT4-fs (sda1): re-mounted. Opts: grpid,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="00000000000000001ead8a9017178622c3b85e7f87f02cf91ce57a649f1366c786195cb8fc000000001e58105761084c35798598379cfca79d6e0b77b4cb21724bbe337b169d8e19a5d1b99a95431ec3a4d1944417048b7047c386952eafceed5d219f572e2729f35fefc524ab3f59efd2e670876c883b4c26649bcd99dfe39f5363cbc0ee0a"], 0x0, 0x0, &(0x7f0000000040)}) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc0\x00', 0x1040000, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000140)={r4}, 0x8) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000040)=0x5, 0x4) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 340.520141] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 340.534958] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue 18:10:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x40, 0x4000) ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f00000000c0)=0x7ff) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000100)=0x3) dup3(r2, r1, 0x80000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:45 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:45 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 340.566792] binder: 11531:11535 transaction failed 29201/-22, size -4078550837230901988-1085424802182 line 2973 [ 340.592946] overlayfs: missing 'lowerdir' 18:10:45 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742df6", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:45 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 340.641083] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 340.765165] overlayfs: missing 'lowerdir' [ 340.823399] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 340.852117] binder: send failed reply for transaction 317 to 11547:11548 [ 340.869221] binder: undelivered TRANSACTION_COMPLETE 18:10:45 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:45 executing program 4 (fault-call:3 fault-nth:19): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:45 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 340.952036] binder: undelivered TRANSACTION_ERROR: 29189 [ 340.963223] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 340.990203] overlayfs: missing 'lowerdir' [ 341.013682] overlayfs: missing 'lowerdir' [ 341.047387] FAULT_INJECTION: forcing a failure. [ 341.047387] name failslab, interval 1, probability 0, space 0, times 0 [ 341.062812] CPU: 1 PID: 11575 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 341.071334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.080718] Call Trace: [ 341.083351] dump_stack+0x244/0x39d [ 341.087021] ? dump_stack_print_info.cold.1+0x20/0x20 [ 341.092256] should_fail.cold.4+0xa/0x17 [ 341.096365] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 341.101506] ? lock_release+0xa10/0xa10 [ 341.105503] ? perf_trace_sched_process_exec+0x860/0x860 [ 341.110975] ? zap_class+0x640/0x640 [ 341.114712] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 341.119758] ? find_held_lock+0x36/0x1c0 [ 341.123846] ? __lock_is_held+0xb5/0x140 [ 341.127941] ? put_dec+0x3b/0xf0 [ 341.131332] ? perf_trace_sched_process_exec+0x860/0x860 [ 341.136814] ? zap_class+0x640/0x640 [ 341.140565] __should_failslab+0x124/0x180 [ 341.144854] should_failslab+0x9/0x14 [ 341.148682] kmem_cache_alloc_node+0x26e/0x730 [ 341.153286] ? find_held_lock+0x36/0x1c0 [ 341.157382] __alloc_skb+0x114/0x770 [ 341.159532] overlayfs: missing 'lowerdir' [ 341.161124] ? netdev_alloc_frag+0x1f0/0x1f0 [ 341.161231] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 341.161248] ? kasan_check_read+0x11/0x20 [ 341.161267] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 341.161287] ? rcu_softirq_qs+0x20/0x20 [ 341.161317] ? netlink_has_listeners+0x2cb/0x4a0 [ 341.161336] ? netlink_tap_init_net+0x3d0/0x3d0 [ 341.197676] alloc_uevent_skb+0x84/0x1da [ 341.201767] kobject_uevent_env+0xa52/0x101e [ 341.206212] kobject_uevent+0x1f/0x24 [ 341.208101] binder: send failed reply for transaction 320 to 11581:11582 [ 341.210034] lo_ioctl+0x1385/0x1d60 [ 341.210063] ? lo_rw_aio+0x1ef0/0x1ef0 [ 341.224521] blkdev_ioctl+0x9ac/0x2010 [ 341.228423] ? blkpg_ioctl+0xc10/0xc10 [ 341.232323] ? lock_downgrade+0x900/0x900 [ 341.236491] ? check_preemption_disabled+0x48/0x280 [ 341.241529] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 341.246563] ? kasan_check_read+0x11/0x20 [ 341.250758] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 341.256069] ? rcu_softirq_qs+0x20/0x20 [ 341.260073] ? __fget+0x4d1/0x740 [ 341.263547] ? ksys_dup3+0x680/0x680 [ 341.267307] block_ioctl+0xee/0x130 [ 341.270955] ? blkdev_fallocate+0x400/0x400 [ 341.275291] do_vfs_ioctl+0x1de/0x1720 [ 341.279196] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 341.284751] ? ioctl_preallocate+0x300/0x300 [ 341.289175] ? __fget_light+0x2e9/0x430 [ 341.293164] ? fget_raw+0x20/0x20 [ 341.296731] ? rcu_read_lock_sched_held+0x14f/0x180 [ 341.301765] ? kmem_cache_free+0x24f/0x290 [ 341.306015] ? putname+0xf7/0x130 [ 341.309484] ? do_syscall_64+0x9a/0x820 [ 341.313476] ? do_syscall_64+0x9a/0x820 [ 341.317469] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 341.322068] ? security_file_ioctl+0x94/0xc0 [ 341.326493] ksys_ioctl+0xa9/0xd0 [ 341.329963] __x64_sys_ioctl+0x73/0xb0 [ 341.333928] do_syscall_64+0x1b9/0x820 [ 341.337834] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 341.343222] ? syscall_return_slowpath+0x5e0/0x5e0 [ 341.348169] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 341.353036] ? trace_hardirqs_on_caller+0x310/0x310 [ 341.358071] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 341.363103] ? prepare_exit_to_usermode+0x291/0x3b0 [ 341.368141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 341.373003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.378204] RIP: 0033:0x4573d7 18:10:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f00001b9000/0x1000)=nil, 0x1000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="000000e9c275e600"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r3 = dup3(r0, r1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r3, 0x0, 0x12, &(0x7f0000000040)='$selfeth0}trusted\x00', 0xffffffffffffffff}, 0x30) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0xfffffffeffffffff, 0x7, 0xfffffffffffffe01, 0x100000000, 0x0, 0x2, 0x1a00, 0xc, 0x6, 0xb08, 0x2, 0xdd, 0xffff, 0xffffffffffff8001, 0x1, 0x6, 0xfffffffffffffff9, 0x5, 0x6, 0x2, 0x60, 0x7, 0x2, 0x80000000, 0xfffffffffffffffa, 0x8, 0x1, 0xe7c, 0x38b, 0x20, 0x3, 0x5, 0xffffffffffff7fff, 0xffffffff, 0x81, 0x7fff, 0x0, 0x2, 0x2, @perf_config_ext={0x76e, 0x80}, 0x100, 0x7, 0x0, 0x0, 0x80000001, 0x9, 0x40}, r4, 0x7, r3, 0xb) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:46 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 341.381416] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 341.400418] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.408139] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 341.415420] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 341.422851] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 341.430135] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 341.437414] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 341.461740] overlayfs: missing 'lowerdir' 18:10:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x416000, 0x0) ioctl$SG_GET_SCSI_ID(r2, 0x2276, &(0x7f00000000c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 341.485729] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 341.550507] overlayfs: missing 'lowerdir' [ 341.555758] EXT4-fs (sda1): re-mounted. Opts: usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 341.581332] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 341.583741] binder: send failed reply for transaction 322 to 11594:11595 18:10:46 executing program 4 (fault-call:3 fault-nth:20): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 341.612952] EXT4-fs (sda1): re-mounted. Opts: usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:46 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:46 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x6, 0x515083) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r3, &(0x7f0000000140)={0xf, 0x8, 0xfa00, {r4, 0x1b}}, 0x10) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 341.746862] overlayfs: missing 'lowerdir' 18:10:46 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:46 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 341.854180] overlayfs: missing 'lowerdir' [ 341.863164] FAULT_INJECTION: forcing a failure. [ 341.863164] name failslab, interval 1, probability 0, space 0, times 0 [ 341.892953] CPU: 0 PID: 11617 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 341.893800] binder: send failed reply for transaction 324 to 11614:11618 [ 341.901474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.901481] Call Trace: [ 341.901512] dump_stack+0x244/0x39d [ 341.901539] ? dump_stack_print_info.cold.1+0x20/0x20 [ 341.901599] should_fail.cold.4+0xa/0x17 [ 341.901626] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 341.901647] ? __save_stack_trace+0x8d/0xf0 [ 341.901684] ? zap_class+0x640/0x640 [ 341.917883] ? save_stack+0xa9/0xd0 [ 341.917903] ? save_stack+0x43/0xd0 [ 341.917924] ? find_held_lock+0x36/0x1c0 [ 341.917944] ? __lock_is_held+0xb5/0x140 [ 341.917971] ? zap_class+0x640/0x640 [ 341.917990] ? perf_trace_sched_process_exec+0x860/0x860 [ 341.924246] ? check_preemption_disabled+0x48/0x280 [ 341.924269] __should_failslab+0x124/0x180 [ 341.924290] should_failslab+0x9/0x14 [ 341.924307] kmem_cache_alloc_node_trace+0x270/0x740 [ 341.924335] __kmalloc_node_track_caller+0x3c/0x70 [ 341.994319] __kmalloc_reserve.isra.40+0x41/0xe0 [ 341.999101] __alloc_skb+0x150/0x770 [ 342.002840] ? netdev_alloc_frag+0x1f0/0x1f0 [ 342.007303] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 342.012251] ? kasan_check_read+0x11/0x20 [ 342.016417] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 342.021714] ? rcu_softirq_qs+0x20/0x20 [ 342.025805] ? netlink_has_listeners+0x2cb/0x4a0 [ 342.030598] ? netlink_tap_init_net+0x3d0/0x3d0 [ 342.035288] alloc_uevent_skb+0x84/0x1da [ 342.039372] kobject_uevent_env+0xa52/0x101e [ 342.043807] kobject_uevent+0x1f/0x24 [ 342.047642] lo_ioctl+0x1385/0x1d60 [ 342.051377] ? lo_rw_aio+0x1ef0/0x1ef0 [ 342.055280] blkdev_ioctl+0x9ac/0x2010 [ 342.059183] ? blkpg_ioctl+0xc10/0xc10 [ 342.063092] ? lock_downgrade+0x900/0x900 [ 342.067252] ? check_preemption_disabled+0x48/0x280 [ 342.072286] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 342.077229] ? kasan_check_read+0x11/0x20 [ 342.081393] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 342.086690] ? rcu_softirq_qs+0x20/0x20 [ 342.090692] ? __fget+0x4d1/0x740 [ 342.094168] ? ksys_dup3+0x680/0x680 [ 342.097911] block_ioctl+0xee/0x130 [ 342.101555] ? blkdev_fallocate+0x400/0x400 [ 342.105917] do_vfs_ioctl+0x1de/0x1720 [ 342.109825] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 342.115387] ? ioctl_preallocate+0x300/0x300 [ 342.119809] ? __fget_light+0x2e9/0x430 [ 342.123826] ? fget_raw+0x20/0x20 [ 342.127304] ? rcu_read_lock_sched_held+0x14f/0x180 [ 342.132340] ? kmem_cache_free+0x24f/0x290 [ 342.136612] ? putname+0xf7/0x130 [ 342.140123] ? do_syscall_64+0x9a/0x820 [ 342.144113] ? do_syscall_64+0x9a/0x820 [ 342.148103] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 342.152707] ? security_file_ioctl+0x94/0xc0 [ 342.157224] ksys_ioctl+0xa9/0xd0 [ 342.160695] __x64_sys_ioctl+0x73/0xb0 [ 342.164624] do_syscall_64+0x1b9/0x820 [ 342.168525] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 342.173904] ? syscall_return_slowpath+0x5e0/0x5e0 [ 342.178853] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 342.183712] ? trace_hardirqs_on_caller+0x310/0x310 [ 342.188747] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 342.193840] ? prepare_exit_to_usermode+0x291/0x3b0 [ 342.198889] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 342.203755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 342.208961] RIP: 0033:0x4573d7 [ 342.212171] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 342.231146] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 342.238868] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 342.246202] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 18:10:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = mmap$binder(&(0x7f0000716000/0x2000)=nil, 0x2000, 0x1000000, 0x2010, r0, 0x0) r5 = mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0xb106df32e88797df, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xb0, 0x0, &(0x7f0000000200)=[@clear_death={0x400c630f, 0x1, 0x1}, @exit_looper, @clear_death={0x400c630f, 0x3}, @increfs_done={0x40106308, r4, 0x1}, @decrefs={0x40046307, 0x3}, @register_looper, @reply={0x40406301, {0x3, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000040)=[@fd={0x66642a85, 0x0, r2, 0x0, 0x4}], &(0x7f00000000c0)=[0x38, 0x78, 0x28, 0x48, 0x58, 0x0, 0x68, 0x40, 0x30]}}, @acquire_done={0x40106309, r5}, @dead_binder_done={0x40086310, 0x3}, @acquire={0x40046305, 0x4}], 0x3e, 0x0, &(0x7f0000000140)="2e32e973d6bb9b5d1cfbdb0e808c2f90963b81e2ba0bed6a8f8fc96614258d417872488d9f9a840f12a419b1e7e4dd47e8a03d71a70fb9076ec452266562"}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB='\x00\b\x00\x00', @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r6 = dup3(r0, r1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r6, 0x29, 0x1, &(0x7f00000002c0), 0x4) syz_open_dev$evdev(&(0x7f0000000300)='/dev/input/event#\x00', 0x10000, 0x8000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 342.253478] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 342.260757] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 342.268097] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:47 executing program 4 (fault-call:3 fault-nth:21): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 342.352125] binder: 11624:11625 BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 342.383402] overlayfs: missing 'lowerdir' [ 342.383482] overlayfs: missing 'lowerdir' [ 342.423862] binder: 11624:11625 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 342.456042] binder: undelivered TRANSACTION_COMPLETE 18:10:47 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:47 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000c80)=ANY=[], &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000200)='./file0//ile0\x00', &(0x7f0000000280)='trusted.overlay.nlink\x00', &(0x7f0000000340)={'L+', 0xff}, 0x28, 0x0) rmdir(&(0x7f0000000b40)='./file0//ile0\x00') mkdir(&(0x7f0000000680)='./file0//ile0\x00', 0x0) [ 342.501012] overlayfs: missing 'lowerdir' [ 342.517512] binder: undelivered TRANSACTION_ERROR: 29189 [ 342.520413] binder: 11624:11625 BC_INCREFS_DONE u0000000000000000 no match 18:10:47 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:47 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 342.601310] overlayfs: missing 'lowerdir' [ 342.608158] binder: 11624:11625 DecRefs 0 refcount change on invalid ref 3 ret -22 [ 342.629467] FAULT_INJECTION: forcing a failure. [ 342.629467] name failslab, interval 1, probability 0, space 0, times 0 [ 342.641361] CPU: 1 PID: 11648 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 342.643256] binder: 11624:11625 ERROR: BC_REGISTER_LOOPER called without request [ 342.649879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 342.649888] Call Trace: [ 342.649916] dump_stack+0x244/0x39d [ 342.649946] ? dump_stack_print_info.cold.1+0x20/0x20 [ 342.649980] should_fail.cold.4+0xa/0x17 [ 342.650004] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 342.674606] binder: 11624:11657 unknown command 2048 [ 342.678548] ? lock_release+0xa10/0xa10 [ 342.678569] ? perf_trace_sched_process_exec+0x860/0x860 [ 342.684019] binder: 11624:11657 ioctl c0306201 20007000 returned -22 [ 342.687765] ? zap_class+0x640/0x640 [ 342.687782] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 342.687807] ? find_held_lock+0x36/0x1c0 [ 342.687833] ? __lock_is_held+0xb5/0x140 [ 342.703799] binder: 11624:11625 unknown command 0 [ 342.708886] ? put_dec+0x3b/0xf0 [ 342.708904] ? perf_trace_sched_process_exec+0x860/0x860 [ 342.708920] ? zap_class+0x640/0x640 [ 342.708944] __should_failslab+0x124/0x180 18:10:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r3 = dup3(r0, r1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000100)={0x2, 'erspan0\x00', 0x4}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000c71000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10) [ 342.712869] binder: 11624:11625 ioctl c0306201 20000180 returned -22 [ 342.717692] should_failslab+0x9/0x14 [ 342.717710] kmem_cache_alloc_node+0x26e/0x730 [ 342.717726] ? find_held_lock+0x36/0x1c0 [ 342.717751] __alloc_skb+0x114/0x770 [ 342.717772] ? netdev_alloc_frag+0x1f0/0x1f0 [ 342.717794] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 342.743324] ? kasan_check_read+0x11/0x20 [ 342.754080] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 342.754098] ? rcu_softirq_qs+0x20/0x20 [ 342.754128] ? netlink_has_listeners+0x2cb/0x4a0 [ 342.754147] ? netlink_tap_init_net+0x3d0/0x3d0 [ 342.754166] alloc_uevent_skb+0x84/0x1da [ 342.800276] binder: send failed reply for transaction 327 to 11658:11659 [ 342.803072] kobject_uevent_env+0xa52/0x101e [ 342.803098] kobject_uevent+0x1f/0x24 [ 342.822215] lo_ioctl+0x1385/0x1d60 [ 342.825864] ? lo_rw_aio+0x1ef0/0x1ef0 [ 342.829770] blkdev_ioctl+0x9ac/0x2010 [ 342.833677] ? blkpg_ioctl+0xc10/0xc10 [ 342.837603] ? lock_downgrade+0x900/0x900 [ 342.841771] ? check_preemption_disabled+0x48/0x280 [ 342.846807] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 342.851749] ? kasan_check_read+0x11/0x20 [ 342.855916] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 342.861212] ? rcu_softirq_qs+0x20/0x20 [ 342.865280] ? __fget+0x4d1/0x740 [ 342.868759] ? ksys_dup3+0x680/0x680 [ 342.872505] block_ioctl+0xee/0x130 [ 342.876147] ? blkdev_fallocate+0x400/0x400 [ 342.880486] do_vfs_ioctl+0x1de/0x1720 [ 342.884392] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 342.889945] ? ioctl_preallocate+0x300/0x300 [ 342.894372] ? __fget_light+0x2e9/0x430 [ 342.898368] ? fget_raw+0x20/0x20 [ 342.901837] ? rcu_read_lock_sched_held+0x14f/0x180 [ 342.906869] ? kmem_cache_free+0x24f/0x290 [ 342.911121] ? putname+0xf7/0x130 [ 342.914616] ? do_syscall_64+0x9a/0x820 [ 342.918629] ? do_syscall_64+0x9a/0x820 [ 342.922637] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 342.927240] ? security_file_ioctl+0x94/0xc0 [ 342.931670] ksys_ioctl+0xa9/0xd0 [ 342.935144] __x64_sys_ioctl+0x73/0xb0 [ 342.939052] do_syscall_64+0x1b9/0x820 [ 342.942963] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 342.948349] ? syscall_return_slowpath+0x5e0/0x5e0 [ 342.953295] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 342.958158] ? trace_hardirqs_on_caller+0x310/0x310 [ 342.963191] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 342.968227] ? prepare_exit_to_usermode+0x291/0x3b0 [ 342.973263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 342.978132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 342.983329] RIP: 0033:0x4573d7 18:10:48 executing program 0: [ 342.986539] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.005473] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.013195] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 343.020477] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 343.027759] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 343.035113] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 343.042395] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 18:10:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x0, 0x101040) ioctl$TCFLSH(r3, 0x540b, 0x470) r4 = dup3(r0, r1, 0x0) ioctl$KVM_INTERRUPT(r4, 0x4004ae86, &(0x7f00000000c0)=0x40) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:48 executing program 4 (fault-call:3 fault-nth:22): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 343.203415] overlayfs: missing 'lowerdir' 18:10:48 executing program 0: [ 343.305737] overlayfs: missing 'lowerdir' 18:10:48 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 343.347138] overlayfs: missing 'lowerdir' 18:10:48 executing program 3: 18:10:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0xfffffedd, 0x0, &(0x7f00000000c0), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 343.368398] FAULT_INJECTION: forcing a failure. [ 343.368398] name failslab, interval 1, probability 0, space 0, times 0 [ 343.381975] binder: send failed reply for transaction 329 to 11673:11681 [ 343.399378] binder: undelivered TRANSACTION_COMPLETE 18:10:48 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-l', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:48 executing program 0: [ 343.424652] binder: undelivered TRANSACTION_ERROR: 29189 [ 343.436251] CPU: 0 PID: 11687 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 343.444787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.454163] Call Trace: [ 343.456797] dump_stack+0x244/0x39d [ 343.460459] ? dump_stack_print_info.cold.1+0x20/0x20 [ 343.465688] should_fail.cold.4+0xa/0x17 [ 343.469778] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 343.474998] ? __save_stack_trace+0x8d/0xf0 [ 343.479353] ? zap_class+0x640/0x640 [ 343.483101] ? save_stack+0xa9/0xd0 [ 343.485790] binder: send failed reply for transaction 331 to 11695:11697 [ 343.486755] ? save_stack+0x43/0xd0 [ 343.486778] ? find_held_lock+0x36/0x1c0 [ 343.486804] ? __lock_is_held+0xb5/0x140 [ 343.505413] ? zap_class+0x640/0x640 [ 343.509153] ? perf_trace_sched_process_exec+0x860/0x860 [ 343.514647] ? check_preemption_disabled+0x48/0x280 [ 343.519687] __should_failslab+0x124/0x180 [ 343.523944] should_failslab+0x9/0x14 [ 343.527763] kmem_cache_alloc_node_trace+0x270/0x740 [ 343.532897] __kmalloc_node_track_caller+0x3c/0x70 [ 343.537855] __kmalloc_reserve.isra.40+0x41/0xe0 [ 343.542643] __alloc_skb+0x150/0x770 [ 343.546382] ? netdev_alloc_frag+0x1f0/0x1f0 [ 343.550808] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 343.555752] ? kasan_check_read+0x11/0x20 [ 343.559918] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 343.565213] ? rcu_softirq_qs+0x20/0x20 [ 343.569338] ? netlink_has_listeners+0x2cb/0x4a0 [ 343.574110] ? netlink_tap_init_net+0x3d0/0x3d0 [ 343.578798] alloc_uevent_skb+0x84/0x1da [ 343.582887] kobject_uevent_env+0xa52/0x101e [ 343.587377] kobject_uevent+0x1f/0x24 [ 343.591195] lo_ioctl+0x1385/0x1d60 [ 343.594843] ? lo_rw_aio+0x1ef0/0x1ef0 [ 343.598754] blkdev_ioctl+0x9ac/0x2010 [ 343.602659] ? blkpg_ioctl+0xc10/0xc10 [ 343.606563] ? lock_downgrade+0x900/0x900 [ 343.610747] ? check_preemption_disabled+0x48/0x280 [ 343.615785] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 343.620729] ? kasan_check_read+0x11/0x20 [ 343.624893] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 343.630477] ? rcu_softirq_qs+0x20/0x20 [ 343.634481] ? __fget+0x4d1/0x740 [ 343.637960] ? ksys_dup3+0x680/0x680 [ 343.641711] block_ioctl+0xee/0x130 [ 343.645352] ? blkdev_fallocate+0x400/0x400 [ 343.649696] do_vfs_ioctl+0x1de/0x1720 [ 343.653651] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 343.659204] ? ioctl_preallocate+0x300/0x300 [ 343.663638] ? __fget_light+0x2e9/0x430 [ 343.667640] ? fget_raw+0x20/0x20 [ 343.671108] ? rcu_read_lock_sched_held+0x14f/0x180 [ 343.676145] ? kmem_cache_free+0x24f/0x290 [ 343.680392] ? putname+0xf7/0x130 [ 343.683866] ? do_syscall_64+0x9a/0x820 [ 343.687860] ? do_syscall_64+0x9a/0x820 [ 343.691858] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 343.696466] ? security_file_ioctl+0x94/0xc0 [ 343.700899] ksys_ioctl+0xa9/0xd0 [ 343.704373] __x64_sys_ioctl+0x73/0xb0 [ 343.708281] do_syscall_64+0x1b9/0x820 [ 343.712351] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 343.717734] ? syscall_return_slowpath+0x5e0/0x5e0 [ 343.722683] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 343.727546] ? trace_hardirqs_on_caller+0x310/0x310 [ 343.732624] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 343.737663] ? prepare_exit_to_usermode+0x291/0x3b0 [ 343.742706] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 343.747594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 343.752802] RIP: 0033:0x4573d7 [ 343.756013] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:10:48 executing program 0: [ 343.775015] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.782738] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 [ 343.790021] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 343.797301] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 343.804601] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 343.811884] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 343.820094] binder: 11695:11698 unknown command 0 18:10:48 executing program 3: 18:10:48 executing program 0: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000240)='./file0\x00', &(0x7f0000000440), &(0x7f0000000300)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x7fd, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff) ioctl$int_in(r2, 0x5452, &(0x7f0000008ff8)=0x3f) recvfrom$unix(r3, &(0x7f0000bf5000), 0x0, 0x0, &(0x7f0000d93ff6)=@abs, 0x8) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) fcntl$setown(r2, 0x8, r0) fcntl$setsig(r2, 0xa, 0x12) dup2(r1, r3) tkill(r0, 0x16) [ 343.837631] binder: 11695:11698 ioctl c0306201 2000efd0 returned -22 18:10:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f0000000040)) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:48 executing program 4 (fault-call:3 fault-nth:23): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:48 executing program 3: clone(0x200, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000001c0)='./file1\x00', 0xc042, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1042, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x7a3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = creat(&(0x7f0000000080)="e91f7189591e9233614b00", 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)="e91f7189591e9233614b00", &(0x7f0000000140), &(0x7f0000000500)) ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000001c0)=ANY=[]) open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', &(0x7f00000003c0), &(0x7f0000000b40)) socketpair$inet6(0xa, 0x0, 0x0, &(0x7f00000002c0)) [ 343.974700] overlayfs: missing 'lowerdir' 18:10:48 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 344.048200] overlayfs: missing 'lowerdir' 18:10:49 executing program 0: r0 = getpid() socketpair$inet(0x2, 0x5, 0x40, &(0x7f0000000000)) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) write(r1, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9703, 0x7f}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 344.090137] overlayfs: missing 'lowerdir' [ 344.092605] binder: 11720:11726 ioctl 8921 20000040 returned -22 18:10:49 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742dfd", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 344.130831] FAULT_INJECTION: forcing a failure. [ 344.130831] name failslab, interval 1, probability 0, space 0, times 0 [ 344.193989] CPU: 1 PID: 11729 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 344.202551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.211958] Call Trace: [ 344.214608] dump_stack+0x244/0x39d [ 344.218451] ? dump_stack_print_info.cold.1+0x20/0x20 [ 344.223866] should_fail.cold.4+0xa/0x17 [ 344.227963] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 344.233093] ? __save_stack_trace+0x8d/0xf0 [ 344.237455] ? zap_class+0x640/0x640 [ 344.241201] ? save_stack+0xa9/0xd0 [ 344.244856] ? save_stack+0x43/0xd0 [ 344.248514] ? find_held_lock+0x36/0x1c0 [ 344.252626] ? __lock_is_held+0xb5/0x140 [ 344.256726] ? zap_class+0x640/0x640 [ 344.260461] ? perf_trace_sched_process_exec+0x860/0x860 [ 344.260482] ? check_preemption_disabled+0x48/0x280 [ 344.260503] __should_failslab+0x124/0x180 [ 344.270991] should_failslab+0x9/0x14 [ 344.271010] kmem_cache_alloc_node_trace+0x270/0x740 [ 344.271037] __kmalloc_node_track_caller+0x3c/0x70 [ 344.289145] __kmalloc_reserve.isra.40+0x41/0xe0 [ 344.293939] __alloc_skb+0x150/0x770 [ 344.297694] ? netdev_alloc_frag+0x1f0/0x1f0 [ 344.302135] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 344.307106] ? kasan_check_read+0x11/0x20 [ 344.311280] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 344.316608] ? rcu_softirq_qs+0x20/0x20 [ 344.320640] ? netlink_has_listeners+0x2cb/0x4a0 [ 344.325425] ? netlink_tap_init_net+0x3d0/0x3d0 [ 344.330126] alloc_uevent_skb+0x84/0x1da [ 344.334219] kobject_uevent_env+0xa52/0x101e [ 344.338666] kobject_uevent+0x1f/0x24 [ 344.342496] lo_ioctl+0x1385/0x1d60 [ 344.346156] ? lo_rw_aio+0x1ef0/0x1ef0 [ 344.350068] blkdev_ioctl+0x9ac/0x2010 [ 344.353983] ? blkpg_ioctl+0xc10/0xc10 [ 344.357893] ? lock_downgrade+0x900/0x900 [ 344.362065] ? check_preemption_disabled+0x48/0x280 [ 344.367116] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 344.372074] ? kasan_check_read+0x11/0x20 [ 344.376252] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 344.381555] ? rcu_softirq_qs+0x20/0x20 [ 344.385615] ? __fget+0x4d1/0x740 [ 344.389107] ? ksys_dup3+0x680/0x680 [ 344.392862] block_ioctl+0xee/0x130 [ 344.396518] ? blkdev_fallocate+0x400/0x400 [ 344.400870] do_vfs_ioctl+0x1de/0x1720 [ 344.404786] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 344.410364] ? ioctl_preallocate+0x300/0x300 [ 344.414801] ? __fget_light+0x2e9/0x430 [ 344.418800] ? fget_raw+0x20/0x20 [ 344.422282] ? rcu_read_lock_sched_held+0x14f/0x180 [ 344.427333] ? kmem_cache_free+0x24f/0x290 [ 344.431619] ? putname+0xf7/0x130 [ 344.435120] ? do_syscall_64+0x9a/0x820 [ 344.439120] ? do_syscall_64+0x9a/0x820 [ 344.443122] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 344.447738] ? security_file_ioctl+0x94/0xc0 [ 344.452172] ksys_ioctl+0xa9/0xd0 [ 344.455741] __x64_sys_ioctl+0x73/0xb0 [ 344.459659] do_syscall_64+0x1b9/0x820 [ 344.463597] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 344.469130] ? syscall_return_slowpath+0x5e0/0x5e0 [ 344.474198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 344.479086] ? trace_hardirqs_on_caller+0x310/0x310 [ 344.484132] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 344.489177] ? prepare_exit_to_usermode+0x291/0x3b0 [ 344.494219] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 344.499100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 344.504307] RIP: 0033:0x4573d7 [ 344.507525] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 344.526453] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 344.534182] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 00000000004573d7 18:10:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="05000000000000000d000040050000a9000000000000000000000040000000000100000000003d0025000000ff"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x490}]}) [ 344.541475] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 344.548766] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 344.556055] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 344.563339] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 344.571669] binder: send failed reply for transaction 333 to 11720:11726 [ 344.588706] binder: undelivered TRANSACTION_COMPLETE 18:10:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r1, r1, 0x80000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 344.593864] binder: undelivered TRANSACTION_ERROR: 29189 [ 344.722065] overlayfs: missing 'lowerdir' 18:10:49 executing program 4 (fault-call:3 fault-nth:24): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:49 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10, 0x0, 0x40030000000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000301fffefffffa000000000000000000"], 0x14}}, 0x0) 18:10:49 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 344.781066] overlayfs: missing 'lowerdir' 18:10:49 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 344.889188] overlayfs: missing 'lowerdir' [ 344.898536] FAULT_INJECTION: forcing a failure. [ 344.898536] name failslab, interval 1, probability 0, space 0, times 0 [ 344.910430] CPU: 0 PID: 11781 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 344.918947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.928314] Call Trace: [ 344.930928] dump_stack+0x244/0x39d [ 344.934607] ? dump_stack_print_info.cold.1+0x20/0x20 [ 344.939823] ? __handle_mm_fault+0xa57/0x5be0 [ 344.944359] should_fail.cold.4+0xa/0x17 [ 344.948449] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 344.953605] ? kasan_check_read+0x11/0x20 [ 344.957777] ? do_raw_spin_unlock+0xa7/0x330 [ 344.962202] ? trace_hardirqs_on+0x310/0x310 [ 344.966665] ? zap_class+0x640/0x640 [ 344.970403] ? zap_class+0x640/0x640 [ 344.974140] ? zap_class+0x640/0x640 [ 344.977881] ? find_held_lock+0x36/0x1c0 [ 344.981967] ? ceph_con_workfn+0x31e8/0x96f0 [ 344.986408] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 344.991355] ? perf_trace_sched_process_exec+0x860/0x860 [ 344.996828] ? rcu_softirq_qs+0x20/0x20 [ 345.000832] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 345.006398] __should_failslab+0x124/0x180 [ 345.010658] should_failslab+0x9/0x14 [ 345.014487] __kmalloc_track_caller+0x2d1/0x760 [ 345.019274] ? strncpy_from_user+0x5a0/0x5a0 [ 345.023707] ? strndup_user+0x77/0xd0 [ 345.027545] memdup_user+0x2c/0xa0 [ 345.031141] strndup_user+0x77/0xd0 [ 345.034800] ksys_mount+0x3c/0x140 [ 345.038365] __x64_sys_mount+0xbe/0x150 [ 345.042370] do_syscall_64+0x1b9/0x820 [ 345.044544] overlayfs: missing 'lowerdir' [ 345.046289] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 345.046310] ? syscall_return_slowpath+0x5e0/0x5e0 [ 345.046327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 345.046346] ? trace_hardirqs_on_caller+0x310/0x310 [ 345.046361] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 345.046379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 345.046399] ? prepare_exit_to_usermode+0x291/0x3b0 18:10:49 executing program 3: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 345.086338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 345.091222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.096426] RIP: 0033:0x459fda [ 345.099642] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 345.118556] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 345.118572] RAX: ffffffffffffffda RBX: 00007fe92e7e5b30 RCX: 0000000000459fda [ 345.118606] RDX: 00007fe92e7e5ad0 RSI: 0000000020000080 RDI: 00007fe92e7e5af0 [ 345.118615] RBP: 0000000020000080 R08: 00007fe92e7e5b30 R09: 00007fe92e7e5ad0 [ 345.118624] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 345.118632] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 18:10:50 executing program 4 (fault-call:3 fault-nth:25): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 345.239031] overlayfs: missing 'lowerdir' 18:10:50 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:50 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 345.318628] overlayfs: missing 'lowerdir' [ 345.381062] overlayfs: missing 'lowerdir' [ 345.432137] FAULT_INJECTION: forcing a failure. [ 345.432137] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 345.444087] CPU: 1 PID: 11811 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 345.452621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 345.462083] Call Trace: [ 345.464704] dump_stack+0x244/0x39d [ 345.468470] ? dump_stack_print_info.cold.1+0x20/0x20 [ 345.473717] should_fail.cold.4+0xa/0x17 [ 345.477805] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 345.482933] ? kobject_uevent_env+0xf76/0x101e [ 345.487541] ? wait_for_completion+0x8a0/0x8a0 [ 345.492184] ? mark_held_locks+0x130/0x130 [ 345.496442] ? kobject_uevent_env+0x100d/0x101e [ 345.501148] ? mutex_unlock+0xd/0x10 [ 345.503016] overlayfs: missing 'lowerdir' [ 345.504881] ? lo_ioctl+0xe6/0x1d60 [ 345.504908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 345.504922] ? should_fail+0x22d/0xd01 [ 345.504937] ? blkdev_ioctl+0x15d/0x2010 [ 345.504952] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 345.504966] ? blkpg_ioctl+0xc10/0xc10 [ 345.504981] ? lock_downgrade+0x900/0x900 [ 345.505003] __alloc_pages_nodemask+0x34b/0xdd0 [ 345.505021] ? kasan_check_read+0x11/0x20 [ 345.505040] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 345.505060] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 345.505085] ? find_held_lock+0x36/0x1c0 [ 345.505125] ? trace_hardirqs_off+0xb8/0x310 [ 345.505146] cache_grow_begin+0xa5/0x8c0 [ 345.505164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 345.505180] ? check_preemption_disabled+0x48/0x280 [ 345.505202] kmem_cache_alloc+0x66b/0x730 [ 345.505220] ? fget_raw+0x20/0x20 [ 345.505240] getname_flags+0xd0/0x590 [ 345.505260] do_mkdirat+0xc5/0x310 [ 345.505281] ? __ia32_sys_mknod+0xb0/0xb0 [ 345.505297] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.505314] ? trace_hardirqs_off_caller+0x300/0x300 [ 345.505330] ? ksys_ioctl+0x81/0xd0 [ 345.505357] __x64_sys_mkdir+0x5c/0x80 [ 345.505378] do_syscall_64+0x1b9/0x820 [ 345.505394] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 345.505413] ? syscall_return_slowpath+0x5e0/0x5e0 [ 345.505428] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 345.505447] ? trace_hardirqs_on_caller+0x310/0x310 [ 345.505465] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 345.505484] ? prepare_exit_to_usermode+0x291/0x3b0 [ 345.505506] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 345.505529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.505542] RIP: 0033:0x456987 [ 345.505559] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 345.505568] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 345.505611] RAX: ffffffffffffffda RBX: 0000000020000550 RCX: 0000000000456987 [ 345.505621] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 345.505630] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 345.505640] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 18:10:50 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:50 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742d97", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c2582354", @ANYRES64=0x0, @ANYBLOB="af327a11b83beaacfb5dae012c81bd5356c8c1b703d5956cd702634d87cda5f4b07165898d83ee6722c03e79f36a66a0a0d9fa1b83e38328dba7f906e02a2cdbecd29b16f6837bb4e63c9706"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2, 0x31, r2, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 345.505649] R13: 0000000000000000 R14: 00000000004d7d88 R15: 0000000000000003 [ 345.532736] binder: send failed reply for transaction 335 to 11758:11761 [ 345.536240] binder: undelivered TRANSACTION_COMPLETE [ 345.540979] binder: undelivered TRANSACTION_ERROR: 29189 [ 345.560163] EXT4-fs: 21 callbacks suppressed [ 345.560175] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 345.600555] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 345.828305] EXT4-fs (sda1): re-mounted. Opts: usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 345.854976] binder: 11826:11835 unknown command 1411602626 18:10:50 executing program 4 (fault-call:3 fault-nth:26): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:50 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 345.872814] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 345.888603] binder: 11826:11835 ioctl c0306201 20007000 returned -22 [ 345.890238] overlayfs: missing 'lowerdir' [ 345.966408] overlayfs: missing 'lowerdir' 18:10:50 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 345.991062] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 346.038287] overlayfs: missing 'lowerdir' [ 346.051291] EXT4-fs (sda1): re-mounted. Opts: usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:51 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)="6578742d10", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.105723] overlayfs: missing 'lowerdir' [ 346.140314] FAULT_INJECTION: forcing a failure. [ 346.140314] name failslab, interval 1, probability 0, space 0, times 0 [ 346.187929] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue [ 346.200076] CPU: 0 PID: 11847 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 346.208627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.208635] Call Trace: [ 346.208665] dump_stack+0x244/0x39d [ 346.208695] ? dump_stack_print_info.cold.1+0x20/0x20 [ 346.229478] ? __kernel_text_address+0xd/0x40 [ 346.234002] ? unwind_get_return_address+0x61/0xa0 [ 346.238966] should_fail.cold.4+0xa/0x17 [ 346.243070] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 346.248214] ? kasan_kmalloc+0xc7/0xe0 [ 346.248232] ? __kmalloc_track_caller+0x157/0x760 [ 346.248249] ? memdup_user+0x2c/0xa0 [ 346.248266] ? zap_class+0x640/0x640 [ 346.248286] ? do_syscall_64+0x1b9/0x820 [ 346.268527] ? zap_class+0x640/0x640 [ 346.272270] ? zap_class+0x640/0x640 [ 346.276019] ? find_held_lock+0x36/0x1c0 [ 346.280134] ? perf_trace_sched_process_exec+0x860/0x860 18:10:51 executing program 0: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.285642] ? lock_release+0xa10/0xa10 [ 346.289642] ? perf_trace_sched_process_exec+0x860/0x860 [ 346.295121] ? usercopy_warn+0x110/0x110 [ 346.299231] __should_failslab+0x124/0x180 [ 346.303649] should_failslab+0x9/0x14 [ 346.307481] kmem_cache_alloc_trace+0x2d7/0x750 [ 346.312184] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 346.317093] overlayfs: missing 'lowerdir' [ 346.317746] ? _copy_from_user+0xdf/0x150 [ 346.317772] copy_mount_options+0x5f/0x430 [ 346.317790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 346.317810] ksys_mount+0xd0/0x140 [ 346.336013] __x64_sys_mount+0xbe/0x150 [ 346.336036] do_syscall_64+0x1b9/0x820 [ 346.336053] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 346.336071] ? syscall_return_slowpath+0x5e0/0x5e0 [ 346.336086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 346.336105] ? trace_hardirqs_on_caller+0x310/0x310 [ 346.336126] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 346.343661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 346.343679] ? prepare_exit_to_usermode+0x291/0x3b0 [ 346.343703] ? trace_hardirqs_off_thunk+0x1a/0x1c 18:10:51 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.343730] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 346.364221] EXT4-fs (sda1): re-mounted. Opts: jqfmt=vfsv0,,errors=continue [ 346.367812] RIP: 0033:0x459fda [ 346.367844] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 346.367859] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 346.430362] RAX: ffffffffffffffda RBX: 00007fe92e7e5b30 RCX: 0000000000459fda [ 346.437696] RDX: 00007fe92e7e5ad0 RSI: 0000000020000080 RDI: 00007fe92e7e5af0 [ 346.444988] RBP: 0000000020000080 R08: 00007fe92e7e5b30 R09: 00007fe92e7e5ad0 [ 346.452278] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 346.459567] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 [ 346.503548] overlayfs: missing 'lowerdir' [ 346.525032] overlayfs: missing 'lowerdir' [ 346.537972] EXT4-fs (sda1): re-mounted. Opts: errors=continue,jqfmt=vfsv0,,errors=continue 18:10:51 executing program 4 (fault-call:3 fault-nth:27): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="116349409c7661634faa576a51968db8662c75d2d29cc3719be410b0c65c7ab909cfc7478ea2c1ad739a5c2aaa35be3ce12f9ef51e", @ANYRES64=0x0, @ANYBLOB="000099255b770000"], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) 18:10:51 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)="6578742dff", &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.622051] EXT4-fs (sda1): re-mounted. Opts: grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue 18:10:51 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.717041] overlayfs: missing 'lowerdir' 18:10:51 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.762079] FAULT_INJECTION: forcing a failure. [ 346.762079] name failslab, interval 1, probability 0, space 0, times 0 [ 346.774481] CPU: 0 PID: 11889 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 346.783048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.792408] Call Trace: [ 346.795036] dump_stack+0x244/0x39d [ 346.798713] ? dump_stack_print_info.cold.1+0x20/0x20 [ 346.803934] ? __kernel_text_address+0xd/0x40 [ 346.808458] ? unwind_get_return_address+0x61/0xa0 [ 346.813422] should_fail.cold.4+0xa/0x17 [ 346.817648] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 346.822783] ? kasan_kmalloc+0xc7/0xe0 [ 346.826737] ? __kmalloc_track_caller+0x157/0x760 [ 346.831643] ? memdup_user+0x2c/0xa0 [ 346.835380] ? zap_class+0x640/0x640 [ 346.837115] binder: 11891:11893 unknown command 1078551313 [ 346.839118] ? do_syscall_64+0x1b9/0x820 [ 346.839136] ? zap_class+0x640/0x640 [ 346.839154] ? zap_class+0x640/0x640 [ 346.848865] ? find_held_lock+0x36/0x1c0 18:10:51 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 346.856443] ? icl_pll_get_hw_state+0x798/0x7f0 [ 346.856473] ? perf_trace_sched_process_exec+0x860/0x860 [ 346.856489] ? lock_release+0xa10/0xa10 [ 346.856507] ? perf_trace_sched_process_exec+0x860/0x860 [ 346.865276] ? usercopy_warn+0x110/0x110 [ 346.874713] __should_failslab+0x124/0x180 [ 346.874734] should_failslab+0x9/0x14 [ 346.874755] kmem_cache_alloc_trace+0x2d7/0x750 [ 346.897162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 346.899492] binder: 11891:11893 ioctl c0306201 20007000 returned -22 [ 346.902871] ? _copy_from_user+0xdf/0x150 [ 346.902898] copy_mount_options+0x5f/0x430 [ 346.902922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 346.923403] ksys_mount+0xd0/0x140 [ 346.926974] __x64_sys_mount+0xbe/0x150 [ 346.931160] do_syscall_64+0x1b9/0x820 [ 346.935076] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 346.940471] ? syscall_return_slowpath+0x5e0/0x5e0 [ 346.945426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 346.950301] ? trace_hardirqs_on_caller+0x310/0x310 [ 346.955452] ? prepare_exit_to_usermode+0x3b0/0x3b0 18:10:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mlockall(0x4) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x200, 0x105000) ioctl$RNDGETENTCNT(r3, 0x80045200, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r4 = dup3(r0, r1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r4, 0x28, 0x0, &(0x7f0000000100)=0x8, 0x8) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 346.960491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 346.966062] ? prepare_exit_to_usermode+0x291/0x3b0 [ 346.971108] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 346.975987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 346.981198] RIP: 0033:0x459fda [ 346.984406] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 346.984416] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 346.984431] RAX: ffffffffffffffda RBX: 00007fe92e7e5b30 RCX: 0000000000459fda [ 346.984441] RDX: 00007fe92e7e5ad0 RSI: 0000000020000080 RDI: 00007fe92e7e5af0 [ 346.984450] RBP: 0000000020000080 R08: 00007fe92e7e5b30 R09: 00007fe92e7e5ad0 [ 346.984460] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 346.984469] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 [ 347.095129] overlayfs: missing 'lowerdir' [ 347.107067] overlayfs: missing 'lowerdir' 18:10:52 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:52 executing program 4 (fault-call:3 fault-nth:28): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0xffffffffffffffff) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x400000, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xf4, 0x28, &(0x7f00000000c0)="e21bfb2354f9f77d04ad4b828d30bd5949b2c0f1a6c88ca4b14ba3155457ae2ce73e1cbd7d9e4f39d438fd23bba05325b4826b2b332336056cc062c958a8b1b5b94286b5e0eafe15c92b27319c79d47dcb818a117e0e881e887ff79ff4f8ebeae8d5ab1225d46570ac394d5ecf3bf1bc27db89500434dfdc894947649ff6c4bd01bc9bd19bd6521a66071e08c2dc2b9db19f4de910f66381c6b1618884ae51d30c31257e338a7629b044710634924cc17b2f3c7872f9c99cb674762b1ba35e97761185932f7adb54fdd81eda58093eaccda35a659b1cd55848829deceee6f231f0a1d28dbb51311152b4822c7ecb3424989eb5ef", &(0x7f0000000200)=""/40, 0xe6}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r4 = dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000000280), &(0x7f00000002c0)=0x18) [ 347.266166] binder: send failed reply for transaction 339 to 11908:11913 [ 347.299774] binder: undelivered TRANSACTION_COMPLETE 18:10:52 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:52 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 347.348220] binder: undelivered TRANSACTION_ERROR: 29189 [ 347.395028] overlayfs: missing 'lowerdir' [ 347.412253] overlayfs: missing 'lowerdir' 18:10:52 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 347.437179] FAULT_INJECTION: forcing a failure. [ 347.437179] name failslab, interval 1, probability 0, space 0, times 0 [ 347.490706] CPU: 0 PID: 11934 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 347.499270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 347.508665] Call Trace: [ 347.511304] dump_stack+0x244/0x39d [ 347.514979] ? dump_stack_print_info.cold.1+0x20/0x20 [ 347.520213] ? __kernel_text_address+0xd/0x40 [ 347.524747] ? unwind_get_return_address+0x61/0xa0 [ 347.529715] should_fail.cold.4+0xa/0x17 [ 347.533805] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 347.538943] ? kasan_kmalloc+0xc7/0xe0 [ 347.542861] ? __kmalloc_track_caller+0x157/0x760 [ 347.547818] ? memdup_user+0x2c/0xa0 [ 347.551572] ? zap_class+0x640/0x640 [ 347.555342] ? do_syscall_64+0x1b9/0x820 [ 347.559438] ? find_held_lock+0x36/0x1c0 [ 347.563533] ? gntdev_map_grant_pages+0x488/0x1060 [ 347.568747] ? perf_trace_sched_process_exec+0x860/0x860 [ 347.574222] ? lock_release+0xa10/0xa10 [ 347.574238] ? perf_trace_sched_process_exec+0x860/0x860 [ 347.574256] ? usercopy_warn+0x110/0x110 [ 347.574277] __should_failslab+0x124/0x180 [ 347.574297] should_failslab+0x9/0x14 [ 347.574313] kmem_cache_alloc_trace+0x2d7/0x750 [ 347.574336] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 347.600617] ? _copy_from_user+0xdf/0x150 [ 347.600644] copy_mount_options+0x5f/0x430 [ 347.600663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 347.600680] ksys_mount+0xd0/0x140 [ 347.623743] __x64_sys_mount+0xbe/0x150 [ 347.627760] do_syscall_64+0x1b9/0x820 [ 347.632218] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 347.637641] ? syscall_return_slowpath+0x5e0/0x5e0 [ 347.642620] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 347.647494] ? trace_hardirqs_on_caller+0x310/0x310 [ 347.652538] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 347.653401] overlayfs: missing 'lowerdir' [ 347.657628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 347.657645] ? prepare_exit_to_usermode+0x291/0x3b0 [ 347.657668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 347.657693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 347.657706] RIP: 0033:0x459fda [ 347.657723] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 347.657732] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 347.657747] RAX: ffffffffffffffda RBX: 00007fe92e7e5b30 RCX: 0000000000459fda [ 347.657757] RDX: 00007fe92e7e5ad0 RSI: 0000000020000080 RDI: 00007fe92e7e5af0 [ 347.657767] RBP: 0000000020000080 R08: 00007fe92e7e5b30 R09: 00007fe92e7e5ad0 [ 347.657777] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 347.657786] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 18:10:52 executing program 4 (fault-call:3 fault-nth:29): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:52 executing program 0: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 347.845628] overlayfs: missing 'lowerdir' [ 347.850549] overlayfs: missing 'lowerdir' 18:10:52 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:52 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:52 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 348.005363] overlayfs: missing 'lowerdir' [ 348.049983] FAULT_INJECTION: forcing a failure. [ 348.049983] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 348.061858] CPU: 0 PID: 11972 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 348.070365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.079740] Call Trace: [ 348.081028] overlayfs: missing 'lowerdir' [ 348.082360] dump_stack+0x244/0x39d [ 348.082388] ? dump_stack_print_info.cold.1+0x20/0x20 [ 348.082411] ? find_get_entries_tag+0x1400/0x1400 [ 348.082431] ? print_usage_bug+0xc0/0xc0 [ 348.082449] ? print_usage_bug+0xc0/0xc0 [ 348.082475] should_fail.cold.4+0xa/0x17 [ 348.082498] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 348.082537] ? mark_held_locks+0x130/0x130 [ 348.082569] ? zap_class+0x640/0x640 [ 348.125757] ? zap_class+0x640/0x640 [ 348.129508] ? print_usage_bug+0xc0/0xc0 [ 348.133650] ? is_bpf_text_address+0xac/0x170 [ 348.138186] ? find_held_lock+0x36/0x1c0 [ 348.142280] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.142306] ? should_fail+0x22d/0xd01 [ 348.151861] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 348.157354] __alloc_pages_nodemask+0x34b/0xdd0 [ 348.157373] ? rcu_softirq_qs+0x20/0x20 [ 348.157401] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 348.171353] ? find_held_lock+0x36/0x1c0 [ 348.171378] ? mlx4_ib_create_ah+0x9e8/0x1450 [ 348.171409] ? trace_hardirqs_off+0xb8/0x310 [ 348.184390] cache_grow_begin+0xa5/0x8c0 [ 348.188481] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 348.188499] ? check_preemption_disabled+0x48/0x280 [ 348.188526] kmem_cache_alloc+0x66b/0x730 [ 348.199099] ? find_held_lock+0x36/0x1c0 [ 348.207324] getname_flags+0xd0/0x590 [ 348.211184] user_path_at_empty+0x2d/0x50 [ 348.215367] do_mount+0x180/0x1d90 [ 348.218936] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 348.224499] ? rcu_pm_notify+0xc0/0xc0 [ 348.224520] ? copy_mount_string+0x40/0x40 [ 348.224543] ? copy_mount_options+0x5f/0x430 [ 348.224560] ? rcu_read_lock_sched_held+0x14f/0x180 [ 348.224606] ? kmem_cache_alloc_trace+0x353/0x750 [ 348.224627] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 348.224643] ? _copy_from_user+0xdf/0x150 [ 348.224663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.262504] ? copy_mount_options+0x315/0x430 [ 348.267035] ksys_mount+0x12d/0x140 [ 348.270700] __x64_sys_mount+0xbe/0x150 [ 348.274711] do_syscall_64+0x1b9/0x820 [ 348.278644] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 348.284037] ? syscall_return_slowpath+0x5e0/0x5e0 [ 348.288990] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 348.293870] ? trace_hardirqs_on_caller+0x310/0x310 [ 348.298906] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 348.303925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.309475] ? prepare_exit_to_usermode+0x291/0x3b0 [ 348.314532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 348.319410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 348.324649] RIP: 0033:0x459fda [ 348.327938] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 18:10:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000200)={{0x400004, 0x430b}, 'port1\x00', 0x77b77f3ff3c3150b, 0x40, 0x10000, 0x8001, 0x749, 0x0, 0x100000001, 0x0, 0x4, 0x7ff}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x20000, 0x0) fchmodat(r2, &(0x7f00000000c0)='./file0\x00', 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000040)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, r2, 0xfffffffffffffffe) dup3(r0, r1, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000005, 0x68010, r0, 0x0) r4 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f00004da000)={0x0, 0x1, 0xfffffffffffffffc}, 0x4) syz_emit_ethernet(0x36, &(0x7f0000c22000)={@random="9a52438e8227", @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x23a, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast1}, @icmp=@timestamp}}}}, &(0x7f0000ea3000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x24, 0x0, &(0x7f0000000100)=[@release, @increfs={0x40046304, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x1, 0x2}], 0x1, 0xfdfd, &(0x7f00000001c0)="ef"}) [ 348.347324] RSP: 002b:00007fe92e7e5a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 348.355048] RAX: ffffffffffffffda RBX: 00007fe92e7e5b30 RCX: 0000000000459fda [ 348.362316] RDX: 00007fe92e7e5ad0 RSI: 0000000020000080 RDI: 00007fe92e7e5af0 [ 348.369611] RBP: 0000000020000080 R08: 00007fe92e7e5b30 R09: 00007fe92e7e5ad0 [ 348.376882] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 348.384203] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 18:10:53 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:53 executing program 4 (fault-call:3 fault-nth:30): mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 348.511190] overlayfs: missing 'lowerdir' [ 348.519475] binder: 11995:12001 ioctl 40a85321 20000200 returned -22 18:10:53 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x200) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto='xino=auto'}, {@metacopy_off='metacopy=off'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) 18:10:53 executing program 2: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 348.563360] binder: 11995:12001 Release 1 refcount change on invalid ref 0 ret -22 [ 348.580844] binder: 11995:12001 IncRefs 0 refcount change on invalid ref 2 ret -22 [ 348.603113] binder: 11995:12001 BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 348.654911] overlayfs: missing 'lowerdir' [ 348.692257] overlayfs: missing 'lowerdir' [ 348.704978] FAULT_INJECTION: forcing a failure. [ 348.704978] name failslab, interval 1, probability 0, space 0, times 0 18:10:53 executing program 3: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x122) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)={[{@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}]}) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 348.809816] CPU: 0 PID: 12018 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 348.818382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.827757] Call Trace: [ 348.827790] dump_stack+0x244/0x39d [ 348.827819] ? dump_stack_print_info.cold.1+0x20/0x20 [ 348.827847] ? kernel_text_address+0x79/0xf0 [ 348.839281] should_fail.cold.4+0xa/0x17 [ 348.847772] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 348.847796] ? save_stack+0xa9/0xd0 [ 348.847813] ? save_stack+0x43/0xd0 [ 348.847829] ? kmem_cache_alloc_trace+0x152/0x750 [ 348.847860] ? vfs_new_fs_context+0x5e/0x77c [ 348.865094] ? do_mount+0xb70/0x1d90 [ 348.865108] ? ksys_mount+0x12d/0x140 [ 348.865120] ? __x64_sys_mount+0xbe/0x150 [ 348.865136] ? do_syscall_64+0x1b9/0x820 [ 348.865152] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 348.865173] ? find_held_lock+0x36/0x1c0 [ 348.894816] ? perf_trace_sched_process_exec+0x860/0x860 [ 348.900301] ? lockref_get+0x42/0x50 [ 348.904044] ? lock_downgrade+0x900/0x900 [ 348.908237] __should_failslab+0x124/0x180 [ 348.912504] should_failslab+0x9/0x14 [ 348.916339] kmem_cache_alloc_trace+0x2d7/0x750 [ 348.921038] ? rcu_read_lock_sched_held+0x14f/0x180 [ 348.926087] ? kmem_cache_alloc_trace+0x353/0x750 [ 348.930965] legacy_init_fs_context+0x187/0x230 [ 348.935669] ? vfs_dup_fs_context+0x400/0x400 [ 348.940194] vfs_new_fs_context+0x3f4/0x77c [ 348.944557] do_mount+0xb70/0x1d90 [ 348.948247] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 348.953820] ? copy_mount_string+0x40/0x40 [ 348.958099] ? copy_mount_options+0x5f/0x430 [ 348.958120] ? kmem_cache_alloc_trace+0x353/0x750 [ 348.958141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 348.958163] ? _copy_from_user+0xdf/0x150 [ 348.967464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.967483] ? copy_mount_options+0x315/0x430 [ 348.967501] ksys_mount+0x12d/0x140 [ 348.967518] __x64_sys_mount+0xbe/0x150 [ 348.967539] do_syscall_64+0x1b9/0x820 [ 348.967559] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 349.004275] ? syscall_return_slowpath+0x5e0/0x5e0 [ 349.009230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 349.014095] ? trace_hardirqs_on_caller+0x310/0x310 [ 349.019147] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 349.024196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 349.029753] ? prepare_exit_to_usermode+0x291/0x3b0 [ 349.034789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 349.039648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.044846] RIP: 0033:0x459fda [ 349.048064] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 349.066973] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 349.074690] RAX: ffffffffffffffda RBX: 00007fe92e7c4b30 RCX: 0000000000459fda [ 349.081974] RDX: 00007fe92e7c4ad0 RSI: 0000000020000080 RDI: 00007fe92e7c4af0 [ 349.089258] RBP: 0000000020000080 R08: 00007fe92e7c4b30 R09: 00007fe92e7c4ad0 [ 349.096530] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 349.103807] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 18:10:54 executing program 1: mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000240)) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@jqfmt_vfsv0='jqfmt=vfsv0'}]}) [ 349.114387] BUG: unable to handle kernel paging request at fffffffffffffff4 [ 349.121524] PGD 926d067 P4D 926d067 PUD 926f067 PMD 0 [ 349.126864] Oops: 0000 [#1] PREEMPT SMP KASAN [ 349.131390] CPU: 1 PID: 12018 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 349.139894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 349.149330] RIP: 0010:do_mount+0xb98/0x1d90 [ 349.153709] Code: 06 00 48 89 c2 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8a 11 00 00 48 b8 00 00 00 00 00 fc ff df <4c> 8b 33 49 8d 7e 18 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5e 11 [ 349.172681] RSP: 0018:ffff88017702fc28 EFLAGS: 00010246 [ 349.178051] RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000a0e3000 [ 349.185478] RDX: 1ffffffffffffffe RSI: ffffffff81e011ec RDI: 0000000000000282 [ 349.192749] RBP: ffff88017702fdb0 R08: ffff8801cca12100 R09: 0000000000000000 [ 349.200029] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801bc9f7230 [ 349.207292] R13: ffff8801c940ab00 R14: ffff8801c940ab00 R15: ffff88018022ec80 [ 349.214559] FS: 00007fe92e7c5700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 349.222833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 349.228718] CR2: fffffffffffffff4 CR3: 00000001beb9c000 CR4: 00000000001406e0 [ 349.236161] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 349.243430] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 349.250700] Call Trace: [ 349.253305] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 349.258844] ? copy_mount_string+0x40/0x40 [ 349.263230] ? copy_mount_options+0x5f/0x430 [ 349.267655] ? kmem_cache_alloc_trace+0x353/0x750 [ 349.272522] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 349.278147] ? _copy_from_user+0xdf/0x150 [ 349.282321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 349.287861] ? copy_mount_options+0x315/0x430 [ 349.292361] ksys_mount+0x12d/0x140 [ 349.295987] __x64_sys_mount+0xbe/0x150 [ 349.300097] do_syscall_64+0x1b9/0x820 [ 349.304111] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 349.309490] ? syscall_return_slowpath+0x5e0/0x5e0 [ 349.314484] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 349.319328] ? trace_hardirqs_on_caller+0x310/0x310 [ 349.324355] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 349.329376] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 349.334989] ? prepare_exit_to_usermode+0x291/0x3b0 [ 349.340060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 349.344909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.350097] RIP: 0033:0x459fda [ 349.353290] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 349.372251] RSP: 002b:00007fe92e7c4a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 349.379958] RAX: ffffffffffffffda RBX: 00007fe92e7c4b30 RCX: 0000000000459fda [ 349.387225] RDX: 00007fe92e7c4ad0 RSI: 0000000020000080 RDI: 00007fe92e7c4af0 [ 349.394493] RBP: 0000000020000080 R08: 00007fe92e7c4b30 R09: 00007fe92e7c4ad0 [ 349.401759] R10: 0000000000000820 R11: 0000000000000206 R12: 0000000000000004 [ 349.409154] R13: 0000000000000820 R14: 00000000004d7d88 R15: 0000000000000003 [ 349.409178] kobject: 'loop4' (0000000065b7fc20): kobject_uevent_env [ 349.416458] Modules linked in: [ 349.416470] CR2: fffffffffffffff4 [ 349.416485] ---[ end trace ec749fbfb885e97c ]--- [ 349.416506] RIP: 0010:do_mount+0xb98/0x1d90 [ 349.416526] Code: 06 00 48 89 c2 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8a 11 00 00 48 b8 00 00 00 00 00 fc ff df <4c> 8b 33 49 8d 7e 18 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5e 11 [ 349.423055] kobject: 'loop4' (0000000065b7fc20): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 349.426204] RSP: 0018:ffff88017702fc28 EFLAGS: 00010246 [ 349.426217] RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000a0e3000 [ 349.426224] RDX: 1ffffffffffffffe RSI: ffffffff81e011ec RDI: 0000000000000282 [ 349.426231] RBP: ffff88017702fdb0 R08: ffff8801cca12100 R09: 0000000000000000 [ 349.426239] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801bc9f7230 [ 349.426248] R13: ffff8801c940ab00 R14: ffff8801c940ab00 R15: ffff88018022ec80 [ 349.426260] FS: 00007fe92e7c5700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 349.426269] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 349.426277] CR2: fffffffffffffff4 CR3: 00000001beb9c000 CR4: 00000000001406e0 [ 349.426291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 349.537679] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 349.544962] Kernel panic - not syncing: Fatal exception [ 349.551428] Kernel Offset: disabled [ 349.555067] Rebooting in 86400 seconds..