T_IOC_ENABLE(r0, 0x8912, 0x400200) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) [ 221.942961] binder_alloc: 11386: binder_alloc_buf, no vma 19:13:06 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:06 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:06 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:06 executing program 2: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) [ 222.768848] binder_alloc: 11425: binder_alloc_buf, no vma 19:13:07 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 2: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:07 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 2: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) [ 223.460749] binder_alloc: 11452: binder_alloc_buf, no vma 19:13:07 executing program 2: openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:07 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:07 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) [ 223.604973] binder_alloc: 11463: binder_alloc_buf, no vma 19:13:08 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 2: openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:08 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 2: openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) [ 224.298740] binder_alloc: 11492: binder_alloc_buf, no vma 19:13:08 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000100)="4fa72a"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:08 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:08 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:08 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) [ 225.117493] binder: BINDER_SET_CONTEXT_MGR already set [ 225.134131] binder: 11524:11531 ioctl 40046207 0 returned -16 [ 225.195377] binder_alloc: 11529: binder_alloc_buf, no vma 19:13:09 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000100)="4fa72a"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:09 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:09 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:09 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:09 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:09 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000100)="4fa72a"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:09 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, 0x0, 0x0, 0x0) 19:13:09 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:09 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:10 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, 0x0, 0x0, 0x0) 19:13:10 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:10 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, 0x0, 0x0, 0x0) 19:13:10 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r2, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:10 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:10 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 0: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:10 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 227.080017] binder_alloc: 11624: binder_alloc_buf, no vma 19:13:11 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) 19:13:11 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) 19:13:11 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) [ 227.909042] binder_alloc: 11674: binder_alloc_buf, no vma 19:13:11 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r2, &(0x7f00000017c0), 0x218, 0x0) 19:13:11 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:11 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:12 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:12 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0) 19:13:12 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:12 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:12 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:12 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:12 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:12 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:12 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r3, &(0x7f00000017c0), 0x218, 0x0) 19:13:12 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:12 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 228.749718] binder_alloc: 11727: binder_alloc_buf, no vma 19:13:12 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 228.826307] binder_alloc: 11745: binder_alloc_buf, no vma 19:13:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:13 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:13 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:13 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r5, &(0x7f00000017c0), 0x218, 0x0) 19:13:13 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) 19:13:13 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:13 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) 19:13:13 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) 19:13:13 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:13 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:13 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:13 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r5, &(0x7f00000017c0), 0x218, 0x0) 19:13:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:14 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:14 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:14 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:14 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r5, &(0x7f00000017c0), 0x218, 0x0) 19:13:14 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:14 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:14 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:14 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x13000)=nil, 0x6000) 19:13:14 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:14 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:14 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 230.544990] libceph: connect [d::]:6789 error -101 [ 230.556246] libceph: mon0 [d::]:6789 connect error [ 230.584948] ceph: No mds server is up or the cluster is laggy 19:13:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:15 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') 19:13:15 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:15 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:15 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x13000)=nil, 0x6000) 19:13:15 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:15 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 231.275240] libceph: connect [d::]:6789 error -101 [ 231.280500] libceph: mon0 [d::]:6789 connect error 19:13:15 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000540)=""/4073, 0xfe9}], 0x1, 0x0) 19:13:15 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 231.321937] ceph: No mds server is up or the cluster is laggy 19:13:15 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) shmat(r1, &(0x7f0000000000/0x13000)=nil, 0x6000) 19:13:15 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:15 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 231.488418] libceph: connect [d::]:6789 error -101 [ 231.493699] libceph: mon0 [d::]:6789 connect error [ 231.522618] ceph: No mds server is up or the cluster is laggy 19:13:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:15 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:15 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:15 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) 19:13:15 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:15 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:16 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:16 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:16 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 232.136448] libceph: connect [d::]:6789 error -101 [ 232.141913] libceph: mon0 [d::]:6789 connect error [ 232.164868] ceph: No mds server is up or the cluster is laggy 19:13:16 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) 19:13:16 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 232.255842] libceph: connect [d::]:6789 error -101 [ 232.261610] libceph: mon0 [d::]:6789 connect error [ 232.287501] ceph: No mds server is up or the cluster is laggy 19:13:16 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) [ 232.365999] libceph: connect [d::]:6789 error -101 [ 232.371803] libceph: mon0 [d::]:6789 connect error [ 232.400702] ceph: No mds server is up or the cluster is laggy [ 232.486483] libceph: connect [d::]:6789 error -101 [ 232.492032] libceph: mon0 [d::]:6789 connect error 19:13:16 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:16 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:16 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:16 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:16 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 233.001589] libceph: connect [d::]:6789 error -101 [ 233.006591] libceph: mon0 [d::]:6789 connect error 19:13:17 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) [ 233.260573] ceph: No mds server is up or the cluster is laggy [ 233.316485] libceph: connect [d::]:6789 error -101 [ 233.322084] libceph: mon0 [d::]:6789 connect error 19:13:17 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:17 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:17 executing program 3: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:17 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 234.030487] libceph: connect [d::]:6789 error -101 [ 234.035628] libceph: mon0 [d::]:6789 connect error 19:13:18 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) [ 234.094136] ceph: No mds server is up or the cluster is laggy [ 234.143942] libceph: connect [d::]:6789 error -101 [ 234.148951] libceph: mon0 [d::]:6789 connect error 19:13:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:13:18 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:18 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:18 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:18 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 234.653839] binder: 12049:12059 ioctl c0306201 0 returned -14 19:13:18 executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:18 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:18 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:18 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:18 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() tkill(r0, 0x1000000000016) [ 234.928646] ceph: No mds server is up or the cluster is laggy [ 234.979910] libceph: connect [d::]:6789 error -101 [ 234.984949] libceph: mon0 [d::]:6789 connect error [ 235.013076] ceph: No mds server is up or the cluster is laggy 19:13:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:13:19 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:19 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 235.469155] binder: 12102:12108 ioctl c0306201 0 returned -14 [ 235.519263] binder_alloc: 12107: binder_alloc_buf, no vma 19:13:20 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:13:20 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:20 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:20 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 236.339322] binder: 12121:12125 ioctl c0306201 0 returned -14 [ 236.423484] binder_alloc: 12128: binder_alloc_buf, no vma 19:13:20 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 237.145421] binder: 12142:12146 ioctl c0306201 20000280 returned -14 19:13:21 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() tkill(r0, 0x1000000000016) 19:13:21 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:21 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:21 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:21 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:21 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:13:21 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 237.995794] libceph: connect [d::]:6789 error -101 [ 238.001305] libceph: mon0 [d::]:6789 connect error [ 238.020678] binder: 12153:12170 ioctl c0306201 20000280 returned -14 [ 238.028205] ceph: No mds server is up or the cluster is laggy 19:13:21 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:21 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 238.048112] binder_alloc: 12159: binder_alloc_buf, no vma [ 238.066110] binder_alloc: 12156: binder_alloc_buf, no vma [ 238.086867] binder: 12181:12182 ioctl c0306201 0 returned -14 [ 238.513969] NOHZ: local_softirq_pending 08 19:13:22 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:13:22 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 238.874913] binder: 12187:12194 ioctl c0306201 20000280 returned -14 [ 238.884883] binder_alloc: 12186: binder_alloc_buf, no vma 19:13:24 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() tkill(r0, 0x1000000000016) 19:13:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:24 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:13:24 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 240.998835] binder: 12205:12209 ioctl c0306201 0 returned -14 19:13:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 241.039991] libceph: connect [d::]:6789 error -101 [ 241.049944] libceph: mon0 [d::]:6789 connect error [ 241.062670] binder_alloc: 12201: binder_alloc_buf, no vma [ 241.066008] binder: 12206:12222 unknown command 0 19:13:25 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 241.086067] binder: 12206:12222 ioctl c0306201 20000280 returned -22 [ 241.097380] ceph: No mds server is up or the cluster is laggy 19:13:25 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 241.156419] binder: 12233:12234 ioctl c0306201 0 returned -14 19:13:25 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:27 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:27 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:13:27 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x1000000000016) 19:13:27 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:27 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:27 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xf3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 244.037903] binder: 12250:12256 ioctl c0306201 0 returned -14 [ 244.073824] binder: 12254:12261 ioctl c0306201 0 returned -14 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 244.097648] libceph: connect [d::]:6789 error -101 [ 244.103650] libceph: mon0 [d::]:6789 connect error [ 244.127380] binder: 12251:12273 unknown command 0 [ 244.132563] binder: 12251:12273 ioctl c0306201 20000280 returned -22 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:28 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x1000000000016) 19:13:28 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 244.854393] binder: 12289:12290 ioctl c0306201 20000200 returned -14 [ 244.883289] ceph: No mds server is up or the cluster is laggy 19:13:28 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 244.957501] binder: 12296:12302 ioctl c0306201 0 returned -14 [ 244.980827] libceph: connect [d::]:6789 error -101 [ 244.986689] libceph: mon0 [d::]:6789 connect error [ 244.992613] binder: 12291:12310 unknown command 0 [ 244.997477] binder: 12291:12310 ioctl c0306201 20000280 returned -22 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 245.670422] binder: 12336:12337 ioctl c0306201 20000200 returned -14 19:13:29 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x1000000000016) 19:13:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 245.760636] ceph: No mds server is up or the cluster is laggy 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 245.809576] binder: 12348:12350 ioctl c0306201 20000200 returned -14 [ 245.821774] libceph: connect [d::]:6789 error -101 [ 245.824069] binder: 12338:12354 unknown command 0 [ 245.827984] libceph: mon0 [d::]:6789 connect error [ 245.842738] binder: 12338:12354 ioctl c0306201 20000280 returned -22 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:29 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:30 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:30 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 246.487501] binder: 12373:12374 ioctl c0306201 20000200 returned -14 19:13:30 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:30 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 246.602713] ceph: No mds server is up or the cluster is laggy [ 246.615134] binder: 12376:12383 unknown command 0 [ 246.640676] binder: 12376:12383 ioctl c0306201 20000280 returned -22 [ 246.662483] binder: 12385:12390 ioctl c0306201 20000200 returned -14 [ 246.693890] libceph: connect [d::]:6789 error -101 [ 246.699520] libceph: mon0 [d::]:6789 connect error 19:13:30 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 246.727661] ceph: No mds server is up or the cluster is laggy 19:13:31 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:31 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 247.306721] binder: 12405:12406 unknown command 0 [ 247.311718] binder: 12405:12406 ioctl c0306201 20000200 returned -22 19:13:31 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 247.428195] binder: 12408:12416 unknown command 0 [ 247.436480] binder: 12408:12416 ioctl c0306201 20000280 returned -22 [ 247.474423] binder: 12417:12419 ioctl c0306201 20000200 returned -14 19:13:31 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:32 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:32 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) [ 248.123142] binder: 12426:12427 unknown command 0 [ 248.128107] binder: 12426:12427 ioctl c0306201 20000200 returned -22 19:13:32 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:32 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 248.251795] binder: 12429:12436 unknown command 0 [ 248.256688] binder: 12429:12436 ioctl c0306201 20000280 returned -22 [ 248.313209] binder: 12439:12442 unknown command 0 [ 248.318164] binder: 12439:12442 ioctl c0306201 20000200 returned -22 19:13:32 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:33 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:13:33 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:33 executing program 5: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 249.693008] binder: 12453:12458 unknown command 0 [ 249.703430] binder: 12453:12458 ioctl c0306201 20000200 returned -22 [ 249.713941] binder: 12454:12460 unknown command 0 [ 249.721381] binder: 12454:12460 ioctl c0306201 20000200 returned -22 19:13:33 executing program 5: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 249.758601] libceph: connect [d::]:6789 error -101 [ 249.765225] libceph: mon0 [d::]:6789 connect error [ 249.773804] binder: 12452:12471 unknown command 0 [ 249.781685] binder: 12452:12471 ioctl c0306201 20000280 returned -22 [ 249.792102] ceph: No mds server is up or the cluster is laggy 19:13:33 executing program 5: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 5: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:33 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:36 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:36 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:36 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:36 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:36 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) [ 252.729063] binder: 12496:12500 unknown command 0 [ 252.740862] binder: 12496:12500 ioctl c0306201 20000200 returned -22 [ 252.750831] binder: 12497:12504 unknown command 0 [ 252.756940] binder: 12497:12504 ioctl c0306201 20000200 returned -22 [ 252.769467] libceph: connect [d::]:6789 error -101 [ 252.775090] libceph: mon0 [d::]:6789 connect error [ 252.799505] binder: 12499:12514 unknown command 0 [ 252.804415] ceph: No mds server is up or the cluster is laggy [ 252.810734] binder: 12499:12514 ioctl c0306201 20000280 returned -22 19:13:37 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:13:37 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:37 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:37 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:37 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:37 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:37 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 253.602229] binder: 12523:12528 unknown command 0 [ 253.608459] binder: 12522:12529 unknown command 0 [ 253.613163] binder: 12523:12528 ioctl c0306201 20000200 returned -22 [ 253.617053] binder: 12522:12529 ioctl c0306201 20000200 returned -22 19:13:37 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 253.684500] binder: 12524:12541 unknown command 25344 [ 253.699546] binder: 12524:12541 ioctl c0306201 20000280 returned -22 19:13:39 executing program 2: mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:39 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:39 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:39 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:39 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:39 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:13:39 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:39 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 255.771436] binder: 12557:12562 unknown command 0 [ 255.779151] binder: 12555:12561 unknown command 0 [ 255.785337] binder: 12557:12562 ioctl c0306201 20000200 returned -22 [ 255.791094] binder: 12555:12561 ioctl c0306201 20000200 returned -22 19:13:39 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:39 executing program 2: mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:39 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:39 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 255.833839] binder: 12558:12571 unknown command 25344 [ 255.840641] binder: 12558:12571 ioctl c0306201 20000280 returned -22 19:13:39 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:39 executing program 2: mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 255.905498] binder: 12577:12582 unknown command 0 [ 255.912182] binder: 12577:12582 ioctl c0306201 20000200 returned -22 19:13:39 executing program 2: mknod$loop(0x0, 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 255.972248] binder: 12586:12588 ioctl c0306201 0 returned -14 19:13:39 executing program 2: mknod$loop(0x0, 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:40 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:13:40 executing program 2: mknod$loop(0x0, 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:40 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 256.609991] binder: 12607:12611 unknown command 25348 [ 256.615376] binder: 12607:12611 ioctl c0306201 20000200 returned -22 [ 256.655375] binder: 12605:12616 unknown command 25344 [ 256.665978] binder: 12605:12616 ioctl c0306201 20000280 returned -22 19:13:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:40 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:40 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:40 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 256.754406] binder: 12620:12624 unknown command 25348 [ 256.760360] binder: 12620:12624 ioctl c0306201 20000200 returned -22 19:13:40 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 256.797560] binder: 12627:12629 ioctl c0306201 0 returned -14 19:13:40 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:40 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:40 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:41 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 257.444561] binder: 12655:12658 unknown command 25348 [ 257.450029] binder: 12655:12658 ioctl c0306201 20000200 returned -22 19:13:41 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:41 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:41 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 257.588577] binder: 12667:12669 unknown command 25348 [ 257.595057] binder: 12667:12669 ioctl c0306201 20000200 returned -22 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 257.651237] binder: 12673:12677 ioctl c0306201 0 returned -14 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 257.709520] libceph: resolve 'd' (ret=-3): failed [ 257.714483] libceph: parse_ips bad ip '[d' [ 257.718333] NOHZ: local_softirq_pending 08 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 257.780399] libceph: resolve 'd' (ret=-3): failed [ 257.785458] libceph: parse_ips bad ip '[d' 19:13:41 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 257.850199] libceph: resolve 'd' (ret=-3): failed [ 257.855288] libceph: parse_ips bad ip '[d' [ 257.919799] ceph: device name is missing path (no : separator in [d::]) 19:13:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:42 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) 19:13:42 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 258.282062] binder: 12702:12705 unknown command 25348 [ 258.286393] ceph: device name is missing path (no : separator in [d::]) [ 258.294435] binder: 12702:12705 ioctl c0306201 20000200 returned -22 19:13:42 executing program 0: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:42 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:42 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], 0x0, &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 258.366899] ceph: device name is missing path (no : separator in [d::]) 19:13:42 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:42 executing program 0: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:42 executing program 0: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:42 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], 0x0, &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 258.476671] binder: 12716:12724 unknown command 25348 [ 258.482062] binder: 12716:12724 ioctl c0306201 20000200 returned -22 19:13:42 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 258.526605] binder: 12723:12727 ioctl c0306201 20000200 returned -14 19:13:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:42 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], 0x0, &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) 19:13:43 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 259.122893] binder: 12744:12748 unknown command 287492 [ 259.130728] binder: 12744:12748 ioctl c0306201 20000200 returned -22 19:13:43 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:43 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:43 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:43 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 259.289670] binder: 12763:12764 unknown command 287492 [ 259.295299] binder: 12763:12764 ioctl c0306201 20000200 returned -22 19:13:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 259.353511] binder: 12769:12775 ioctl c0306201 20000200 returned -14 19:13:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 259.500552] libceph: connect [d::]:6789 error -101 [ 259.505597] libceph: mon0 [d::]:6789 connect error [ 259.533355] ceph: No mds server is up or the cluster is laggy 19:13:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 259.954774] binder: 12796:12797 unknown command 287492 [ 259.965417] binder: 12796:12797 ioctl c0306201 20000200 returned -22 [ 259.982182] binder: 12798:12802 unknown command 25348 [ 259.989880] libceph: connect [d::]:6789 error -101 [ 259.994874] libceph: mon0 [d::]:6789 connect error 19:13:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 260.000125] binder: 12798:12802 ioctl c0306201 20000200 returned -22 [ 260.015305] ceph: No mds server is up or the cluster is laggy 19:13:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 260.062772] libceph: connect [d::]:6789 error -101 [ 260.067994] libceph: mon0 [d::]:6789 connect error [ 260.073431] libceph: connect [d::]:6789 error -101 [ 260.078817] libceph: mon0 [d::]:6789 connect error 19:13:44 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 260.111442] ceph: No mds server is up or the cluster is laggy 19:13:44 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000), &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:44 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 260.283299] binder: 12826:12833 unknown command 287492 [ 260.283304] binder: 12827:12835 ioctl c0306201 20000200 returned -14 [ 260.288283] libceph: connect [d::]:6789 error -101 [ 260.292090] binder: 12826:12833 ioctl c0306201 20000200 returned -22 [ 260.301787] libceph: mon0 [d::]:6789 connect error [ 260.316457] ceph: No mds server is up or the cluster is laggy 19:13:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:44 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 260.770977] binder: 12843:12844 unknown command 287492 [ 260.776379] binder: 12843:12844 ioctl c0306201 20000200 returned -22 [ 260.815173] binder: 12845:12847 unknown command 25348 [ 260.820777] binder: 12845:12847 ioctl c0306201 20000200 returned -22 19:13:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:44 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:45 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 261.125628] binder: 12854:12858 unknown command 287492 [ 261.133454] binder: 12854:12858 ioctl c0306201 20000200 returned -22 [ 261.143311] binder: 12853:12857 unknown command 0 [ 261.149120] binder: 12853:12857 ioctl c0306201 20000200 returned -22 19:13:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:45 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 261.642514] binder: 12866:12869 unknown command 25348 [ 261.648023] binder: 12866:12869 ioctl c0306201 20000200 returned -22 19:13:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000), &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:47 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:47 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 263.295326] binder: 12892:12899 unknown command 25348 [ 263.297866] binder: 12890:12900 unknown command 0 [ 263.300720] binder: 12892:12899 ioctl c0306201 20000200 returned -22 [ 263.311741] binder: 12890:12900 ioctl c0306201 20000200 returned -22 [ 263.316017] libceph: connect [d::]:6789 error -101 [ 263.323644] libceph: mon0 [d::]:6789 connect error [ 263.335328] ceph: No mds server is up or the cluster is laggy 19:13:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 263.442790] binder: 12921:12923 ioctl c0306201 0 returned -14 19:13:50 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000), &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:50 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:50 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 266.294693] binder: 12939:12942 unknown command 0 [ 266.302820] binder: 12944:12947 ioctl c0306201 0 returned -14 [ 266.304918] binder: 12939:12942 ioctl c0306201 20000200 returned -22 [ 266.321599] binder: 12943:12946 unknown command 25348 [ 266.327283] binder: 12943:12946 ioctl c0306201 20000200 returned -22 19:13:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 266.340354] libceph: connect [d::]:6789 error -101 [ 266.345530] libceph: mon0 [d::]:6789 connect error [ 266.380006] ceph: No mds server is up or the cluster is laggy 19:13:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:53 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, 0x0) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:53 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:53 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:53 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 269.348488] binder: 12996:13004 unknown command 0 [ 269.353802] binder: 12996:13004 ioctl c0306201 20000200 returned -22 [ 269.362500] binder: 12997:13002 unknown command 25348 [ 269.365095] binder: 12998:13006 ioctl c0306201 0 returned -14 [ 269.368974] binder: 12997:13002 ioctl c0306201 20000200 returned -22 19:13:53 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:53 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 269.396685] libceph: connect [d::]:6789 error -101 [ 269.401723] libceph: mon0 [d::]:6789 connect error [ 269.408571] ceph: No mds server is up or the cluster is laggy 19:13:53 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:53 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:53 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:53 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:56 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, 0x0) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:56 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:56 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:56 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 272.373831] binder: 13054:13057 ioctl c0306201 20000200 returned -14 [ 272.382314] binder: 13052:13055 unknown command 0 [ 272.384922] binder: 13051:13059 unknown command 25348 [ 272.393930] binder: 13052:13055 ioctl c0306201 20000200 returned -22 [ 272.395603] libceph: connect [d::]:6789 error -101 [ 272.409973] libceph: mon0 [d::]:6789 connect error 19:13:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 272.418438] binder: 13051:13059 ioctl c0306201 20000200 returned -22 [ 272.428158] ceph: No mds server is up or the cluster is laggy 19:13:56 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:13:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 272.484322] binder: 13074:13077 unknown command 25348 [ 272.490559] binder: 13074:13077 ioctl c0306201 20000200 returned -22 19:13:56 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 272.570381] binder: 13082:13086 unknown command 25348 [ 272.577253] binder: 13082:13086 ioctl c0306201 20000200 returned -22 [ 272.607591] binder: 13090:13091 unknown command 25348 [ 272.612930] binder: 13090:13091 ioctl c0306201 20000200 returned -22 19:13:59 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, 0x0) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:13:59 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) 19:13:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:13:59 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:59 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 275.375027] binder: 13104:13107 ioctl c0306201 20000200 returned -14 [ 275.383309] binder: 13100:13105 unknown command 25348 [ 275.388768] binder: 13100:13105 ioctl c0306201 20000200 returned -22 [ 275.403922] binder: 13103:13109 unknown command 0 [ 275.417728] binder: 13103:13109 ioctl c0306201 20000200 returned -22 19:13:59 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) 19:13:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 275.429974] libceph: connect [d::]:6789 error -101 [ 275.435022] libceph: mon0 [d::]:6789 connect error [ 275.465292] ceph: No mds server is up or the cluster is laggy 19:13:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:13:59 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:13:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 275.484978] binder: 13119:13125 unknown command 25348 [ 275.493223] binder: 13119:13125 ioctl c0306201 20000200 returned -22 [ 275.542137] binder: 13131:13132 unknown command 25348 19:13:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 275.563483] binder: 13131:13132 ioctl c0306201 20000200 returned -22 19:14:02 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 19:14:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:02 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:02 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:02 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 278.442067] binder: 13150:13156 unknown command 25348 [ 278.450063] binder: 13146:13157 ioctl c0306201 20000200 returned -14 [ 278.457190] binder: 13150:13156 ioctl c0306201 20000200 returned -22 [ 278.465058] binder: 13148:13155 unknown command 25348 [ 278.471115] binder: 13148:13155 ioctl c0306201 20000200 returned -22 [ 278.482425] libceph: connect [d::]:6789 error -101 19:14:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 278.488098] libceph: mon0 [d::]:6789 connect error 19:14:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 278.528536] ceph: No mds server is up or the cluster is laggy 19:14:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 278.825840] NOHZ: local_softirq_pending 08 19:14:05 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 19:14:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:05 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:05 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:05 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 281.459972] binder: 13195:13198 ioctl c0306201 20000200 returned -14 [ 281.471265] binder: 13193:13196 unknown command 25348 [ 281.480910] binder: 13194:13200 unknown command 25348 [ 281.484540] binder: 13193:13196 ioctl c0306201 20000200 returned -22 [ 281.492074] binder: 13194:13200 ioctl c0306201 20000200 returned -22 [ 281.497003] binder: 13192:13201 ioctl c0306201 0 returned -14 19:14:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 281.506441] libceph: connect [d::]:6789 error -101 [ 281.511544] libceph: mon0 [d::]:6789 connect error 19:14:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 281.551869] ceph: No mds server is up or the cluster is laggy 19:14:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 281.599525] binder: 13216:13220 ioctl c0306201 0 returned -14 19:14:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 281.643917] binder: 13224:13226 ioctl c0306201 0 returned -14 19:14:08 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 19:14:08 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:08 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:08 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 19:14:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 284.518638] binder: 13241:13244 unknown command 25348 [ 284.523049] binder: 13238:13247 unknown command 25348 [ 284.527713] binder: 13239:13245 ioctl c0306201 20000200 returned -14 [ 284.541323] binder: 13241:13244 ioctl c0306201 20000200 returned -22 [ 284.544173] binder: 13238:13247 ioctl c0306201 20000200 returned -22 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 284.570562] libceph: connect [d::]:6789 error -101 [ 284.576326] libceph: mon0 [d::]:6789 connect error [ 284.603555] ceph: No mds server is up or the cluster is laggy 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 284.773200] binder: 13277:13279 ioctl c0306201 0 returned -14 19:14:11 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x1000000000016) 19:14:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:11 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 19:14:11 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:11 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:11 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 287.543639] binder: 13288:13293 unknown command 287492 [ 287.549492] binder: 13286:13292 ioctl c0306201 0 returned -14 [ 287.551043] binder: 13291:13294 ioctl c0306201 20000200 returned -14 [ 287.564426] binder: 13288:13293 ioctl c0306201 20000200 returned -22 [ 287.568366] binder: 13287:13297 unknown command 25348 [ 287.581770] binder: 13287:13297 ioctl c0306201 20000200 returned -22 19:14:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 287.600566] libceph: connect [d::]:6789 error -101 [ 287.605702] libceph: mon0 [d::]:6789 connect error [ 287.623784] binder: 13302:13305 ioctl c0306201 0 returned -14 [ 287.964763] libceph: connect [d::]:6789 error -101 [ 287.969889] libceph: mon0 [d::]:6789 connect error 19:14:12 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:12 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:12 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 19:14:12 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x1000000000016) [ 288.352903] ceph: No mds server is up or the cluster is laggy [ 288.399265] binder: 13316:13320 ioctl c0306201 20000200 returned -14 [ 288.414008] binder: 13317:13323 unknown command 287492 [ 288.433692] binder: 13317:13323 ioctl c0306201 20000200 returned -22 [ 288.442098] binder: 13319:13328 unknown command 25348 19:14:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 288.449711] binder: 13319:13328 ioctl c0306201 20000200 returned -22 [ 288.471702] libceph: connect [d::]:6789 error -101 [ 288.477226] libceph: mon0 [d::]:6789 connect error [ 289.004844] libceph: connect [d::]:6789 error -101 [ 289.009862] libceph: mon0 [d::]:6789 connect error 19:14:13 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:13 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 289.234526] ceph: No mds server is up or the cluster is laggy [ 289.253670] binder: 13350:13352 unknown command 287492 [ 289.265287] binder: 13350:13352 ioctl c0306201 20000200 returned -22 19:14:13 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x1000000000016) 19:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 289.281721] binder: 13346:13351 ioctl c0306201 20000200 returned -14 [ 289.301712] binder: 13349:13356 unknown command 25348 [ 289.314310] binder: 13349:13356 ioctl c0306201 20000200 returned -22 [ 289.361271] libceph: connect [d::]:6789 error -101 [ 289.366579] libceph: mon0 [d::]:6789 connect error 19:14:13 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 289.994823] libceph: connect [d::]:6789 error -101 [ 289.999897] libceph: mon0 [d::]:6789 connect error 19:14:13 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 290.076960] binder: 13375:13376 ioctl c0306201 20000200 returned -14 19:14:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:14 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x0) 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 290.135267] binder: 13380:13384 unknown command 25348 [ 290.140543] ceph: No mds server is up or the cluster is laggy [ 290.166458] binder: 13380:13384 ioctl c0306201 20000200 returned -22 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 290.247560] libceph: connect [d::]:6789 error -101 [ 290.253794] libceph: mon0 [d::]:6789 connect error 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 290.909552] binder: 13422:13425 ioctl c0306201 20000200 returned -14 19:14:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 290.971049] binder: 13430:13432 unknown command 25348 [ 290.980604] binder: 13430:13432 ioctl c0306201 20000200 returned -22 19:14:14 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x0) 19:14:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 291.028238] ceph: No mds server is up or the cluster is laggy 19:14:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 291.077119] libceph: connect [d::]:6789 error -101 [ 291.082327] libceph: mon0 [d::]:6789 connect error 19:14:15 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 291.733869] binder: 13465:13467 ioctl c0306201 20000200 returned -14 19:14:15 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:15 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x0) 19:14:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:15 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 291.855176] ceph: No mds server is up or the cluster is laggy 19:14:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 291.933175] libceph: connect [d::]:6789 error -101 [ 291.943447] libceph: mon0 [d::]:6789 connect error 19:14:15 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:16 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:16 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:16 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 292.580339] binder: 13514:13516 ioctl c0306201 20000200 returned -14 19:14:16 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:16 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:16 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:16 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 292.715918] ceph: No mds server is up or the cluster is laggy 19:14:16 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:16 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:16 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 292.844040] binder: 13540:13543 unknown command 25348 [ 292.863609] binder: 13540:13543 ioctl c0306201 20000200 returned -22 19:14:17 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:17 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) 19:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 293.481834] libceph: connect [d::]:6789 error -101 [ 293.494474] libceph: mon0 [d::]:6789 connect error [ 293.530447] ceph: No mds server is up or the cluster is laggy 19:14:17 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:17 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 2 (fault-call:1 fault-nth:0): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:17 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 293.689770] binder: 13598:13601 ioctl c0306201 20000200 returned -14 19:14:17 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:17 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 293.765262] FAULT_INJECTION: forcing a failure. [ 293.765262] name failslab, interval 1, probability 0, space 0, times 1 [ 293.830180] CPU: 1 PID: 13612 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 293.838101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.847547] Call Trace: [ 293.850200] dump_stack+0x1b2/0x283 [ 293.853895] should_fail.cold+0x10a/0x154 [ 293.858112] should_failslab+0xd6/0x130 [ 293.862098] __kmalloc_track_caller+0x2bc/0x400 [ 293.866817] ? strndup_user+0x5b/0xf0 [ 293.870627] memdup_user+0x22/0xa0 [ 293.874188] strndup_user+0x5b/0xf0 [ 293.877869] ? copy_mnt_ns+0x8a0/0x8a0 [ 293.881767] SyS_mount+0x39/0x120 [ 293.885242] ? copy_mnt_ns+0x8a0/0x8a0 [ 293.889137] do_syscall_64+0x1d5/0x640 [ 293.893097] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 293.898288] RIP: 0033:0x45cb29 [ 293.901473] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 293.909181] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 293.916448] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:17 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 293.923710] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 293.931024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 293.939060] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:18 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:18 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:18 executing program 2 (fault-call:1 fault-nth:1): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:18 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:18 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:18 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 294.532182] FAULT_INJECTION: forcing a failure. [ 294.532182] name failslab, interval 1, probability 0, space 0, times 0 [ 294.564455] binder: 13642:13649 ioctl c0306201 20000200 returned -14 [ 294.572948] CPU: 1 PID: 13644 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 294.580853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.590205] Call Trace: [ 294.592786] dump_stack+0x1b2/0x283 [ 294.596401] should_fail.cold+0x10a/0x154 [ 294.600538] should_failslab+0xd6/0x130 [ 294.604497] __kmalloc_track_caller+0x2bc/0x400 [ 294.609146] ? strndup_user+0x5b/0xf0 [ 294.612940] memdup_user+0x22/0xa0 [ 294.616465] strndup_user+0x5b/0xf0 [ 294.620081] ? copy_mnt_ns+0x8a0/0x8a0 [ 294.623955] SyS_mount+0x68/0x120 [ 294.627389] ? copy_mnt_ns+0x8a0/0x8a0 [ 294.631260] do_syscall_64+0x1d5/0x640 [ 294.635149] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 294.640319] RIP: 0033:0x45cb29 [ 294.643487] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 294.651176] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 294.658426] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 294.665675] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 294.672926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 19:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 294.680176] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:18 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:18 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 294.707994] binder_alloc: 13637: binder_alloc_buf, no vma [ 294.732126] binder: BINDER_SET_CONTEXT_MGR already set [ 294.738800] binder: 13656:13662 ioctl 40046207 0 returned -16 19:14:19 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:19 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:19 executing program 2 (fault-call:1 fault-nth:2): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:19 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:19 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 295.413740] FAULT_INJECTION: forcing a failure. [ 295.413740] name failslab, interval 1, probability 0, space 0, times 0 [ 295.425929] binder: 13683:13691 ioctl c0306201 20000200 returned -14 [ 295.450547] binder_alloc: 13682: binder_alloc_buf, no vma [ 295.473246] CPU: 1 PID: 13685 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 295.481158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.490513] Call Trace: [ 295.493111] dump_stack+0x1b2/0x283 [ 295.496753] should_fail.cold+0x10a/0x154 [ 295.500898] should_failslab+0xd6/0x130 [ 295.504856] kmem_cache_alloc+0x28e/0x3c0 [ 295.509046] getname_flags+0xc8/0x550 [ 295.512848] user_path_at_empty+0x2a/0x50 [ 295.516985] do_mount+0x10b/0x25e0 [ 295.520510] ? copy_mount_string+0x40/0x40 [ 295.524793] ? __might_fault+0x177/0x1b0 [ 295.528859] ? _copy_from_user+0x94/0x100 [ 295.533103] ? memdup_user+0x54/0xa0 [ 295.536803] ? copy_mount_options+0x1ec/0x2e0 [ 295.541366] ? copy_mnt_ns+0x8a0/0x8a0 [ 295.545235] SyS_mount+0xa8/0x120 [ 295.548668] ? copy_mnt_ns+0x8a0/0x8a0 [ 295.552537] do_syscall_64+0x1d5/0x640 [ 295.556418] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 295.561583] RIP: 0033:0x45cb29 [ 295.564751] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 295.572447] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 295.579696] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 295.587031] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 295.594288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 295.601547] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:20 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:20 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:20 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:20 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:20 executing program 2 (fault-call:1 fault-nth:3): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 296.258234] binder: 13711:13721 ioctl c0306201 0 returned -14 [ 296.270559] FAULT_INJECTION: forcing a failure. [ 296.270559] name failslab, interval 1, probability 0, space 0, times 0 [ 296.283556] binder: 13713:13722 ioctl c0306201 20000200 returned -14 [ 296.284093] CPU: 0 PID: 13719 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 296.297920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.307259] Call Trace: [ 296.309831] dump_stack+0x1b2/0x283 [ 296.313442] should_fail.cold+0x10a/0x154 [ 296.317589] should_failslab+0xd6/0x130 [ 296.321563] kmem_cache_alloc+0x28e/0x3c0 [ 296.325702] alloc_vfsmnt+0x23/0x7c0 [ 296.329399] vfs_kern_mount.part.0+0x27/0x3c0 [ 296.333889] do_mount+0x3c9/0x25e0 [ 296.337414] ? copy_mount_string+0x40/0x40 [ 296.341634] ? __might_fault+0x177/0x1b0 [ 296.345677] ? _copy_from_user+0x94/0x100 [ 296.349806] ? memdup_user+0x54/0xa0 [ 296.353499] ? copy_mount_options+0x1ec/0x2e0 [ 296.357973] ? copy_mnt_ns+0x8a0/0x8a0 [ 296.361848] SyS_mount+0xa8/0x120 [ 296.365284] ? copy_mnt_ns+0x8a0/0x8a0 [ 296.369156] do_syscall_64+0x1d5/0x640 [ 296.373026] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 296.378192] RIP: 0033:0x45cb29 [ 296.381362] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 296.389047] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 296.396294] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:20 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 296.403540] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 296.410787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 296.418031] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 296.432746] binder_alloc: 13714: binder_alloc_buf, no vma [ 296.435300] binder_alloc: 13710: binder_alloc_buf, no vma [ 296.447872] binder: BINDER_SET_CONTEXT_MGR already set [ 296.453205] binder: 13713:13727 ioctl 40046207 0 returned -16 19:14:20 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:20 executing program 2 (fault-call:1 fault-nth:4): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:20 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 296.472134] binder: 13729:13730 ioctl c0306201 0 returned -14 [ 296.527329] FAULT_INJECTION: forcing a failure. [ 296.527329] name failslab, interval 1, probability 0, space 0, times 0 [ 296.536203] binder: 13735:13738 ioctl c0306201 0 returned -14 [ 296.550288] binder: 13732:13736 ioctl c0306201 20000200 returned -14 [ 296.559368] CPU: 0 PID: 13734 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 296.567264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.576604] Call Trace: [ 296.579182] dump_stack+0x1b2/0x283 [ 296.582790] should_fail.cold+0x10a/0x154 [ 296.586924] should_failslab+0xd6/0x130 [ 296.590896] __kmalloc_track_caller+0x2bc/0x400 [ 296.595545] ? kstrdup_const+0x35/0x60 [ 296.599467] ? lock_downgrade+0x6e0/0x6e0 [ 296.603594] kstrdup+0x36/0x70 [ 296.606766] kstrdup_const+0x35/0x60 [ 296.610460] alloc_vfsmnt+0xe0/0x7c0 [ 296.614155] vfs_kern_mount.part.0+0x27/0x3c0 [ 296.618628] do_mount+0x3c9/0x25e0 [ 296.622151] ? copy_mount_string+0x40/0x40 [ 296.626362] ? __might_fault+0x177/0x1b0 [ 296.630404] ? _copy_from_user+0x94/0x100 [ 296.634531] ? memdup_user+0x54/0xa0 [ 296.638220] ? copy_mount_options+0x1ec/0x2e0 [ 296.642691] ? copy_mnt_ns+0x8a0/0x8a0 [ 296.646569] SyS_mount+0xa8/0x120 [ 296.649998] ? copy_mnt_ns+0x8a0/0x8a0 [ 296.653864] do_syscall_64+0x1d5/0x640 [ 296.657733] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 296.662901] RIP: 0033:0x45cb29 [ 296.666071] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:20 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 296.673757] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 296.681006] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 296.688253] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 296.695498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 296.702757] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:20 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:20 executing program 2 (fault-call:1 fault-nth:5): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 296.738834] binder: 13742:13744 ioctl c0306201 0 returned -14 [ 296.791592] FAULT_INJECTION: forcing a failure. [ 296.791592] name failslab, interval 1, probability 0, space 0, times 0 [ 296.803609] CPU: 1 PID: 13748 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 296.811501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.820851] Call Trace: [ 296.823425] dump_stack+0x1b2/0x283 [ 296.827052] should_fail.cold+0x10a/0x154 [ 296.831201] should_failslab+0xd6/0x130 [ 296.835166] __kmalloc_track_caller+0x2bc/0x400 [ 296.839820] ? kstrdup_const+0x35/0x60 [ 296.843795] ? lock_downgrade+0x6e0/0x6e0 [ 296.847935] kstrdup+0x36/0x70 [ 296.851111] kstrdup_const+0x35/0x60 [ 296.854816] alloc_vfsmnt+0xe0/0x7c0 [ 296.858521] vfs_kern_mount.part.0+0x27/0x3c0 [ 296.863439] do_mount+0x3c9/0x25e0 [ 296.866975] ? copy_mount_string+0x40/0x40 [ 296.871197] ? __might_fault+0x177/0x1b0 [ 296.875247] ? _copy_from_user+0x94/0x100 [ 296.879390] ? memdup_user+0x54/0xa0 [ 296.883082] ? copy_mount_options+0x1ec/0x2e0 [ 296.887614] ? copy_mnt_ns+0x8a0/0x8a0 [ 296.891482] SyS_mount+0xa8/0x120 [ 296.894921] ? copy_mnt_ns+0x8a0/0x8a0 [ 296.898797] do_syscall_64+0x1d5/0x640 [ 296.902671] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 296.907838] RIP: 0033:0x45cb29 [ 296.911038] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 296.918724] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 296.925990] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 296.933287] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 296.940588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 296.947847] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:20 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:20 executing program 2 (fault-call:1 fault-nth:6): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:20 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 297.124186] binder: 13760:13765 ioctl c0306201 0 returned -14 [ 297.126132] FAULT_INJECTION: forcing a failure. [ 297.126132] name failslab, interval 1, probability 0, space 0, times 0 [ 297.148226] CPU: 0 PID: 13761 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 297.156128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.165552] Call Trace: [ 297.168123] dump_stack+0x1b2/0x283 [ 297.171737] should_fail.cold+0x10a/0x154 [ 297.175871] should_failslab+0xd6/0x130 [ 297.179825] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 297.184544] ceph_mount+0xa6/0x181c [ 297.188152] ? __lockdep_init_map+0x100/0x560 [ 297.192625] ? __lockdep_init_map+0x100/0x560 [ 297.197132] mount_fs+0x92/0x2a0 [ 297.200496] vfs_kern_mount.part.0+0x5b/0x3c0 [ 297.204969] do_mount+0x3c9/0x25e0 [ 297.208492] ? copy_mount_string+0x40/0x40 [ 297.212705] ? __might_fault+0x177/0x1b0 [ 297.216745] ? _copy_from_user+0x94/0x100 [ 297.220873] ? memdup_user+0x54/0xa0 [ 297.224562] ? copy_mount_options+0x1ec/0x2e0 [ 297.229061] ? copy_mnt_ns+0x8a0/0x8a0 [ 297.232935] SyS_mount+0xa8/0x120 [ 297.236370] ? copy_mnt_ns+0x8a0/0x8a0 [ 297.240243] do_syscall_64+0x1d5/0x640 [ 297.244222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 297.249402] RIP: 0033:0x45cb29 [ 297.252580] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 297.260276] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 297.267530] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:21 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:21 executing program 2 (fault-call:1 fault-nth:7): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 297.274780] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.282027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 297.289276] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 297.301253] binder_alloc: 13759: binder_alloc_buf, no vma [ 297.355004] binder: 13771:13772 ioctl c0306201 20000200 returned -14 [ 297.397112] FAULT_INJECTION: forcing a failure. [ 297.397112] name failslab, interval 1, probability 0, space 0, times 0 [ 297.410490] CPU: 0 PID: 13776 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 297.418392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.427729] Call Trace: [ 297.430302] dump_stack+0x1b2/0x283 [ 297.433912] should_fail.cold+0x10a/0x154 [ 297.438044] should_failslab+0xd6/0x130 [ 297.442002] __kmalloc_track_caller+0x2bc/0x400 [ 297.446659] ? ceph_mount+0x1b2/0x181c [ 297.450535] kstrdup+0x36/0x70 [ 297.453713] ceph_mount+0x1b2/0x181c [ 297.457408] ? __lockdep_init_map+0x100/0x560 [ 297.461901] ? __lockdep_init_map+0x100/0x560 [ 297.466388] mount_fs+0x92/0x2a0 [ 297.469735] vfs_kern_mount.part.0+0x5b/0x3c0 [ 297.474220] do_mount+0x3c9/0x25e0 [ 297.477740] ? copy_mount_string+0x40/0x40 [ 297.481950] ? __might_fault+0x177/0x1b0 [ 297.485991] ? _copy_from_user+0x94/0x100 [ 297.490129] ? memdup_user+0x54/0xa0 [ 297.493822] ? copy_mount_options+0x1ec/0x2e0 [ 297.498301] ? copy_mnt_ns+0x8a0/0x8a0 [ 297.502174] SyS_mount+0xa8/0x120 [ 297.505605] ? copy_mnt_ns+0x8a0/0x8a0 [ 297.509472] do_syscall_64+0x1d5/0x640 [ 297.513341] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 297.518507] RIP: 0033:0x45cb29 [ 297.521675] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 297.529360] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 297.536608] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:21 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 297.543866] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.551111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 297.558358] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:21 executing program 2 (fault-call:1 fault-nth:8): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 297.640031] FAULT_INJECTION: forcing a failure. [ 297.640031] name failslab, interval 1, probability 0, space 0, times 0 [ 297.653586] CPU: 0 PID: 13784 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 297.661486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.670837] Call Trace: [ 297.673520] dump_stack+0x1b2/0x283 [ 297.677150] should_fail.cold+0x10a/0x154 [ 297.681299] should_failslab+0xd6/0x130 [ 297.685269] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 297.689989] ceph_parse_options+0xfe/0xe50 [ 297.694216] ? pcpu_alloc+0x37d/0xf70 [ 297.698001] ? ceph_sync_fs+0xf0/0xf0 [ 297.701788] ? ceph_destroy_options+0x100/0x100 [ 297.706508] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 297.711938] ? rcu_read_lock_sched_held+0x10a/0x130 [ 297.716938] ? __kmalloc_track_caller+0x39f/0x400 [ 297.721767] ? ceph_mount+0x1b2/0x181c [ 297.725649] ? memcpy+0x35/0x50 [ 297.728924] ceph_mount+0x44f/0x181c [ 297.732623] ? __lockdep_init_map+0x100/0x560 [ 297.737104] ? __lockdep_init_map+0x100/0x560 [ 297.741588] mount_fs+0x92/0x2a0 [ 297.744937] vfs_kern_mount.part.0+0x5b/0x3c0 [ 297.749411] do_mount+0x3c9/0x25e0 [ 297.752931] ? copy_mount_string+0x40/0x40 [ 297.757141] ? __might_fault+0x177/0x1b0 [ 297.761179] ? _copy_from_user+0x94/0x100 [ 297.765309] ? memdup_user+0x54/0xa0 [ 297.769000] ? copy_mount_options+0x1ec/0x2e0 [ 297.773473] ? copy_mnt_ns+0x8a0/0x8a0 [ 297.777345] SyS_mount+0xa8/0x120 [ 297.780785] ? copy_mnt_ns+0x8a0/0x8a0 [ 297.784651] do_syscall_64+0x1d5/0x640 [ 297.788520] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 297.793691] RIP: 0033:0x45cb29 [ 297.796863] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 297.804560] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 297.811821] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 297.819073] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.826327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 297.833580] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:21 executing program 2 (fault-call:1 fault-nth:9): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:21 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 297.906764] FAULT_INJECTION: forcing a failure. [ 297.906764] name failslab, interval 1, probability 0, space 0, times 0 [ 297.928114] CPU: 1 PID: 13790 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 297.936024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.945412] Call Trace: [ 297.948002] dump_stack+0x1b2/0x283 [ 297.951631] should_fail.cold+0x10a/0x154 [ 297.955783] should_failslab+0xd6/0x130 [ 297.959757] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 297.964427] ceph_parse_options+0xfe/0xe50 [ 297.968659] ? pcpu_alloc+0x37d/0xf70 [ 297.972460] ? ceph_sync_fs+0xf0/0xf0 [ 297.976260] ? ceph_destroy_options+0x100/0x100 [ 297.980961] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 297.986401] ? rcu_read_lock_sched_held+0x10a/0x130 [ 297.991407] ? __kmalloc_track_caller+0x39f/0x400 [ 297.996234] ? ceph_mount+0x1b2/0x181c [ 298.000106] ? memcpy+0x35/0x50 [ 298.003412] ceph_mount+0x44f/0x181c [ 298.007106] ? __lockdep_init_map+0x100/0x560 [ 298.011580] ? __lockdep_init_map+0x100/0x560 [ 298.016065] mount_fs+0x92/0x2a0 [ 298.019420] vfs_kern_mount.part.0+0x5b/0x3c0 [ 298.023898] do_mount+0x3c9/0x25e0 [ 298.027423] ? copy_mount_string+0x40/0x40 [ 298.031635] ? __might_fault+0x177/0x1b0 [ 298.035682] ? _copy_from_user+0x94/0x100 [ 298.038298] binder_alloc: 13793: binder_alloc_buf, no vma [ 298.039845] ? memdup_user+0x54/0xa0 [ 298.039855] ? copy_mount_options+0x1ec/0x2e0 [ 298.039865] ? copy_mnt_ns+0x8a0/0x8a0 [ 298.057408] SyS_mount+0xa8/0x120 [ 298.060864] ? copy_mnt_ns+0x8a0/0x8a0 [ 298.064757] do_syscall_64+0x1d5/0x640 [ 298.068651] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 298.073833] RIP: 0033:0x45cb29 [ 298.077003] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 298.084716] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 298.091975] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 298.099229] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:22 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 298.106492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 298.113752] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:22 executing program 2 (fault-call:1 fault-nth:10): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 298.149111] binder: 13800:13801 ioctl c0306201 0 returned -14 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 298.190058] binder: 13805:13806 ioctl c0306201 20000200 returned -14 [ 298.242473] FAULT_INJECTION: forcing a failure. [ 298.242473] name failslab, interval 1, probability 0, space 0, times 0 [ 298.257465] CPU: 0 PID: 13812 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 298.265367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.272165] binder: 13814:13815 ioctl c0306201 20000200 returned -14 [ 298.274715] Call Trace: [ 298.274735] dump_stack+0x1b2/0x283 [ 298.274752] should_fail.cold+0x10a/0x154 [ 298.274767] should_failslab+0xd6/0x130 [ 298.274778] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 298.300167] ceph_mount+0x498/0x181c [ 298.303872] ? __lockdep_init_map+0x100/0x560 [ 298.308345] ? __lockdep_init_map+0x100/0x560 [ 298.312823] mount_fs+0x92/0x2a0 [ 298.316195] vfs_kern_mount.part.0+0x5b/0x3c0 [ 298.320674] do_mount+0x3c9/0x25e0 [ 298.324204] ? copy_mount_string+0x40/0x40 [ 298.328420] ? __might_fault+0x177/0x1b0 [ 298.332464] ? _copy_from_user+0x94/0x100 [ 298.336646] ? memdup_user+0x54/0xa0 [ 298.340345] ? copy_mount_options+0x1ec/0x2e0 [ 298.344833] ? copy_mnt_ns+0x8a0/0x8a0 [ 298.348709] SyS_mount+0xa8/0x120 [ 298.352142] ? copy_mnt_ns+0x8a0/0x8a0 [ 298.356010] do_syscall_64+0x1d5/0x640 [ 298.359883] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 298.365056] RIP: 0033:0x45cb29 [ 298.368319] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 298.376020] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 298.383276] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:22 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:22 executing program 2 (fault-call:1 fault-nth:11): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 298.390659] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 298.397906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 298.405193] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 298.427068] binder: 13817:13818 ioctl c0306201 20000200 returned -14 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 298.490949] binder: 13821:13825 ioctl c0306201 20000200 returned -14 [ 298.504337] FAULT_INJECTION: forcing a failure. [ 298.504337] name failslab, interval 1, probability 0, space 0, times 0 [ 298.519599] CPU: 0 PID: 13827 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 298.527492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.536850] Call Trace: [ 298.539447] dump_stack+0x1b2/0x283 [ 298.543083] should_fail.cold+0x10a/0x154 [ 298.547237] should_failslab+0xd6/0x130 [ 298.551212] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 298.555883] ? ceph_mount+0x498/0x181c [ 298.559773] ceph_create_client+0x5c/0x340 [ 298.564010] ceph_mount+0x4b9/0x181c [ 298.567723] ? __lockdep_init_map+0x100/0x560 [ 298.572222] ? __lockdep_init_map+0x100/0x560 [ 298.574764] binder_alloc: 13822: binder_alloc_buf, no vma [ 298.576714] mount_fs+0x92/0x2a0 [ 298.576730] vfs_kern_mount.part.0+0x5b/0x3c0 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 298.576744] do_mount+0x3c9/0x25e0 [ 298.576759] ? copy_mount_string+0x40/0x40 [ 298.576767] ? __might_fault+0x177/0x1b0 [ 298.576779] ? _copy_from_user+0x94/0x100 [ 298.595135] binder: 13828:13832 ioctl c0306201 20000200 returned -14 [ 298.597880] ? memdup_user+0x54/0xa0 [ 298.597892] ? copy_mount_options+0x1ec/0x2e0 [ 298.597901] ? copy_mnt_ns+0x8a0/0x8a0 [ 298.597913] SyS_mount+0xa8/0x120 [ 298.597922] ? copy_mnt_ns+0x8a0/0x8a0 [ 298.597934] do_syscall_64+0x1d5/0x640 [ 298.597949] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 298.640977] RIP: 0033:0x45cb29 [ 298.644187] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 298.647276] binder: 13835:13837 ioctl c0306201 20000200 returned -14 [ 298.651890] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 298.651896] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 298.651902] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 298.651908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 298.651914] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:22 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:22 executing program 2 (fault-call:1 fault-nth:12): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 298.963931] binder: 13850:13851 ioctl c0306201 0 returned -14 [ 298.999924] FAULT_INJECTION: forcing a failure. [ 298.999924] name failslab, interval 1, probability 0, space 0, times 0 [ 299.002766] binder: 13856:13859 ioctl c0306201 20000200 returned -14 [ 299.013428] CPU: 1 PID: 13857 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 299.026083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.035441] Call Trace: [ 299.038033] dump_stack+0x1b2/0x283 [ 299.041668] should_fail.cold+0x10a/0x154 [ 299.045815] should_failslab+0xd6/0x130 [ 299.049781] __kmalloc+0x2c1/0x400 [ 299.053353] ? ceph_monc_init+0x117/0xc30 [ 299.057484] ceph_monc_init+0x117/0xc30 [ 299.061440] ? memcpy+0x35/0x50 [ 299.064703] ceph_create_client+0x24f/0x340 [ 299.069002] ceph_mount+0x4b9/0x181c [ 299.072698] ? __lockdep_init_map+0x100/0x560 [ 299.077192] ? __lockdep_init_map+0x100/0x560 [ 299.081683] mount_fs+0x92/0x2a0 [ 299.085086] vfs_kern_mount.part.0+0x5b/0x3c0 [ 299.089623] do_mount+0x3c9/0x25e0 [ 299.093143] ? copy_mount_string+0x40/0x40 [ 299.097363] ? __might_fault+0x177/0x1b0 [ 299.101421] ? _copy_from_user+0x94/0x100 [ 299.105563] ? memdup_user+0x54/0xa0 [ 299.109268] ? copy_mount_options+0x1ec/0x2e0 [ 299.113753] ? copy_mnt_ns+0x8a0/0x8a0 [ 299.117636] SyS_mount+0xa8/0x120 [ 299.121342] ? copy_mnt_ns+0x8a0/0x8a0 [ 299.125231] do_syscall_64+0x1d5/0x640 [ 299.129099] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 299.134275] RIP: 0033:0x45cb29 [ 299.137453] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 299.145147] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 299.152394] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 299.159640] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 299.166888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 299.174140] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 299.198949] binder: 13863:13864 ioctl c0306201 20000200 returned -14 19:14:23 executing program 2 (fault-call:1 fault-nth:13): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:23 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 299.231617] binder: 13865:13866 ioctl c0306201 20000200 returned -14 [ 299.278245] FAULT_INJECTION: forcing a failure. [ 299.278245] name failslab, interval 1, probability 0, space 0, times 0 [ 299.303169] binder: 13872:13874 ioctl c0306201 20000200 returned -14 [ 299.304719] CPU: 0 PID: 13870 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 299.317565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 299.319482] binder: 13872:13874 ioctl c0306201 0 returned -14 [ 299.326925] Call Trace: [ 299.326945] dump_stack+0x1b2/0x283 [ 299.326961] should_fail.cold+0x10a/0x154 [ 299.326975] should_failslab+0xd6/0x130 [ 299.326987] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 299.351809] ? rcu_read_lock_sched_held+0x10a/0x130 [ 299.356886] ceph_auth_init+0x44/0x130 [ 299.361739] ceph_monc_init+0x465/0xc30 [ 299.365725] ceph_create_client+0x24f/0x340 [ 299.370052] ceph_mount+0x4b9/0x181c [ 299.373763] ? __lockdep_init_map+0x100/0x560 [ 299.378256] ? __lockdep_init_map+0x100/0x560 [ 299.382754] mount_fs+0x92/0x2a0 [ 299.386118] vfs_kern_mount.part.0+0x5b/0x3c0 [ 299.387272] binder: 13877:13878 ioctl c0306201 20000200 returned -14 [ 299.390612] do_mount+0x3c9/0x25e0 [ 299.390627] ? copy_mount_string+0x40/0x40 [ 299.390640] ? __might_fault+0x177/0x1b0 [ 299.408899] ? _copy_from_user+0x94/0x100 [ 299.413050] ? memdup_user+0x54/0xa0 [ 299.413079] binder: 13877:13878 ioctl c0306201 0 returned -14 [ 299.416753] ? copy_mount_options+0x1ec/0x2e0 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 299.416762] ? copy_mnt_ns+0x8a0/0x8a0 [ 299.416773] SyS_mount+0xa8/0x120 [ 299.416780] ? copy_mnt_ns+0x8a0/0x8a0 [ 299.416793] do_syscall_64+0x1d5/0x640 [ 299.416811] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 299.448425] RIP: 0033:0x45cb29 [ 299.451606] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 299.459313] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 299.466580] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 299.467850] binder: 13880:13881 ioctl c0306201 20000200 returned -14 [ 299.473839] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 299.473845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 299.473851] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 299.507717] binder: 13880:13881 ioctl c0306201 0 returned -14 19:14:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:23 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:23 executing program 2 (fault-call:1 fault-nth:14): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 299.782624] binder: 13897:13898 ioctl c0306201 0 returned -14 [ 299.818703] binder: 13901:13904 ioctl c0306201 20000200 returned -14 [ 299.826214] FAULT_INJECTION: forcing a failure. [ 299.826214] name failslab, interval 1, probability 0, space 0, times 0 [ 299.851026] binder: 13907:13909 ioctl c0306201 20000200 returned -14 [ 299.853688] CPU: 0 PID: 13906 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 299.865464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.874816] Call Trace: [ 299.877404] dump_stack+0x1b2/0x283 [ 299.881042] should_fail.cold+0x10a/0x154 [ 299.885197] should_failslab+0xd6/0x130 [ 299.889173] kmem_cache_alloc+0x28e/0x3c0 [ 299.893322] ceph_msg_new+0x31/0x370 [ 299.897028] ceph_monc_init+0x4e8/0xc30 [ 299.900993] ceph_create_client+0x24f/0x340 [ 299.905296] ceph_mount+0x4b9/0x181c [ 299.908996] ? __lockdep_init_map+0x100/0x560 [ 299.913478] ? __lockdep_init_map+0x100/0x560 [ 299.917956] mount_fs+0x92/0x2a0 [ 299.921303] vfs_kern_mount.part.0+0x5b/0x3c0 [ 299.925779] do_mount+0x3c9/0x25e0 [ 299.929307] ? copy_mount_string+0x40/0x40 [ 299.933519] ? __might_fault+0x177/0x1b0 [ 299.937568] ? _copy_from_user+0x94/0x100 [ 299.941693] ? memdup_user+0x54/0xa0 [ 299.945400] ? copy_mount_options+0x1ec/0x2e0 [ 299.949887] ? copy_mnt_ns+0x8a0/0x8a0 [ 299.953769] SyS_mount+0xa8/0x120 [ 299.957215] ? copy_mnt_ns+0x8a0/0x8a0 [ 299.961093] do_syscall_64+0x1d5/0x640 [ 299.964971] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 299.970143] RIP: 0033:0x45cb29 [ 299.973368] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 299.981055] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 299.988332] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 299.995595] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 300.002851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 300.010102] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 300.040634] binder: 13914:13915 ioctl c0306201 20000200 returned -14 19:14:24 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:24 executing program 2 (fault-call:1 fault-nth:15): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 300.089991] binder: 13918:13919 ioctl c0306201 20000200 returned -14 [ 300.138101] binder: 13923:13926 ioctl c0306201 20000200 returned -14 [ 300.146068] FAULT_INJECTION: forcing a failure. [ 300.146068] name failslab, interval 1, probability 0, space 0, times 0 [ 300.163150] CPU: 1 PID: 13925 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 300.171048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.180392] Call Trace: [ 300.182964] dump_stack+0x1b2/0x283 [ 300.186593] should_fail.cold+0x10a/0x154 [ 300.190769] should_failslab+0xd6/0x130 [ 300.194730] __kmalloc+0x2c1/0x400 [ 300.198254] ? ceph_kvmalloc+0x2f/0x70 [ 300.202135] ceph_kvmalloc+0x2f/0x70 [ 300.205836] ceph_msg_new+0x293/0x370 [ 300.209723] ceph_monc_init+0x4e8/0xc30 [ 300.213705] ceph_create_client+0x24f/0x340 [ 300.218024] ceph_mount+0x4b9/0x181c [ 300.221723] ? __lockdep_init_map+0x100/0x560 [ 300.226207] ? __lockdep_init_map+0x100/0x560 [ 300.230697] mount_fs+0x92/0x2a0 [ 300.234065] vfs_kern_mount.part.0+0x5b/0x3c0 [ 300.238550] do_mount+0x3c9/0x25e0 [ 300.242078] ? copy_mount_string+0x40/0x40 [ 300.246298] ? __might_fault+0x177/0x1b0 [ 300.250355] ? _copy_from_user+0x94/0x100 [ 300.254513] ? memdup_user+0x54/0xa0 [ 300.258206] ? copy_mount_options+0x1ec/0x2e0 [ 300.262678] ? copy_mnt_ns+0x8a0/0x8a0 [ 300.266557] SyS_mount+0xa8/0x120 [ 300.270001] ? copy_mnt_ns+0x8a0/0x8a0 [ 300.273878] do_syscall_64+0x1d5/0x640 [ 300.277758] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 300.282922] RIP: 0033:0x45cb29 19:14:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 300.286091] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 300.293790] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 300.301044] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 300.308308] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 300.315553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 300.322802] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 300.360735] binder: 13931:13933 ioctl c0306201 20000200 returned -14 [ 300.368843] ceph: No mds server is up or the cluster is laggy [ 300.375212] libceph: connect [d::]:6789 error -101 [ 300.380222] libceph: mon0 [d::]:6789 connect error 19:14:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 300.476326] binder: 13944:13945 ioctl c0306201 20000200 returned -14 19:14:24 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:24 executing program 2 (fault-call:1 fault-nth:16): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 300.601694] binder: 13949:13950 ioctl c0306201 0 returned -14 [ 300.638167] FAULT_INJECTION: forcing a failure. [ 300.638167] name failslab, interval 1, probability 0, space 0, times 0 [ 300.649852] CPU: 1 PID: 13955 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 300.657730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.667075] Call Trace: [ 300.669647] dump_stack+0x1b2/0x283 [ 300.673260] should_fail.cold+0x10a/0x154 [ 300.677400] should_failslab+0xd6/0x130 [ 300.681370] kmem_cache_alloc+0x28e/0x3c0 [ 300.685602] ceph_msg_new+0x31/0x370 [ 300.689313] ceph_monc_init+0x538/0xc30 [ 300.693282] ceph_create_client+0x24f/0x340 [ 300.697597] ceph_mount+0x4b9/0x181c [ 300.701301] ? __lockdep_init_map+0x100/0x560 [ 300.705784] ? __lockdep_init_map+0x100/0x560 [ 300.710279] mount_fs+0x92/0x2a0 [ 300.713637] vfs_kern_mount.part.0+0x5b/0x3c0 [ 300.718169] do_mount+0x3c9/0x25e0 [ 300.721699] ? copy_mount_string+0x40/0x40 [ 300.725964] ? __might_fault+0x177/0x1b0 [ 300.731050] ? _copy_from_user+0x94/0x100 [ 300.735189] ? memdup_user+0x54/0xa0 [ 300.738888] ? copy_mount_options+0x1ec/0x2e0 [ 300.743359] ? copy_mnt_ns+0x8a0/0x8a0 [ 300.747231] SyS_mount+0xa8/0x120 [ 300.750668] ? copy_mnt_ns+0x8a0/0x8a0 [ 300.754553] do_syscall_64+0x1d5/0x640 [ 300.758443] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 300.763642] RIP: 0033:0x45cb29 [ 300.766823] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 300.774516] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 300.781775] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 300.789021] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:24 executing program 2 (fault-call:1 fault-nth:17): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 300.796447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 300.803701] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 300.891175] FAULT_INJECTION: forcing a failure. [ 300.891175] name failslab, interval 1, probability 0, space 0, times 0 [ 300.902668] CPU: 1 PID: 13966 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 300.910543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.919879] Call Trace: [ 300.922449] dump_stack+0x1b2/0x283 [ 300.926062] should_fail.cold+0x10a/0x154 [ 300.930191] should_failslab+0xd6/0x130 [ 300.934158] __kmalloc+0x2c1/0x400 [ 300.937687] ? ceph_kvmalloc+0x2f/0x70 [ 300.941555] ceph_kvmalloc+0x2f/0x70 [ 300.945249] ceph_msg_new+0x293/0x370 [ 300.949027] ceph_monc_init+0x538/0xc30 [ 300.952983] ceph_create_client+0x24f/0x340 [ 300.957283] ceph_mount+0x4b9/0x181c [ 300.960977] ? __lockdep_init_map+0x100/0x560 [ 300.965450] ? __lockdep_init_map+0x100/0x560 [ 300.969930] mount_fs+0x92/0x2a0 [ 300.973297] vfs_kern_mount.part.0+0x5b/0x3c0 [ 300.977783] do_mount+0x3c9/0x25e0 [ 300.981309] ? copy_mount_string+0x40/0x40 [ 300.985529] ? __might_fault+0x177/0x1b0 [ 300.989568] ? _copy_from_user+0x94/0x100 [ 300.993693] ? memdup_user+0x54/0xa0 [ 300.997384] ? copy_mount_options+0x1ec/0x2e0 [ 301.001854] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.005718] SyS_mount+0xa8/0x120 [ 301.009148] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.013014] do_syscall_64+0x1d5/0x640 [ 301.016883] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 301.022052] RIP: 0033:0x45cb29 [ 301.025235] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 301.032929] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:24 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 301.040176] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 301.047436] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 301.054686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 301.061933] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:25 executing program 2 (fault-call:1 fault-nth:18): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 301.094576] libceph: connect [d::]:6789 error -101 [ 301.099684] libceph: mon0 [d::]:6789 connect error [ 301.111910] ceph: No mds server is up or the cluster is laggy [ 301.174729] FAULT_INJECTION: forcing a failure. [ 301.174729] name failslab, interval 1, probability 0, space 0, times 0 [ 301.186389] CPU: 0 PID: 13979 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 301.194284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.203641] Call Trace: [ 301.206216] dump_stack+0x1b2/0x283 [ 301.209840] should_fail.cold+0x10a/0x154 [ 301.213976] should_failslab+0xd6/0x130 [ 301.217929] kmem_cache_alloc+0x28e/0x3c0 [ 301.222079] ceph_msg_new+0x31/0x370 [ 301.225860] ceph_monc_init+0x538/0xc30 [ 301.229817] ceph_create_client+0x24f/0x340 [ 301.234126] ceph_mount+0x4b9/0x181c [ 301.237818] ? __lockdep_init_map+0x100/0x560 [ 301.242290] ? __lockdep_init_map+0x100/0x560 [ 301.246764] mount_fs+0x92/0x2a0 [ 301.250122] vfs_kern_mount.part.0+0x5b/0x3c0 [ 301.254645] do_mount+0x3c9/0x25e0 [ 301.258165] ? copy_mount_string+0x40/0x40 [ 301.262378] ? __might_fault+0x177/0x1b0 [ 301.266420] ? _copy_from_user+0x94/0x100 [ 301.270561] ? memdup_user+0x54/0xa0 [ 301.274256] ? copy_mount_options+0x1ec/0x2e0 [ 301.278727] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.282602] SyS_mount+0xa8/0x120 [ 301.286042] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.289908] do_syscall_64+0x1d5/0x640 [ 301.293777] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 301.298942] RIP: 0033:0x45cb29 [ 301.302108] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 301.309836] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 301.317082] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:25 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 301.324329] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 301.331582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 301.338830] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:25 executing program 2 (fault-call:1 fault-nth:19): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:25 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 301.374716] binder: 13982:13983 ioctl c0306201 20000200 returned -14 [ 301.422745] binder: 13987:13988 ioctl c0306201 0 returned -14 [ 301.433395] FAULT_INJECTION: forcing a failure. [ 301.433395] name failslab, interval 1, probability 0, space 0, times 0 [ 301.446265] CPU: 1 PID: 13989 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 301.454154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.463502] Call Trace: [ 301.466093] dump_stack+0x1b2/0x283 [ 301.469727] should_fail.cold+0x10a/0x154 [ 301.473883] should_failslab+0xd6/0x130 [ 301.477855] kmem_cache_alloc+0x28e/0x3c0 [ 301.482007] ceph_msg_new+0x31/0x370 [ 301.485713] ceph_monc_init+0x5d1/0xc30 [ 301.489671] ceph_create_client+0x24f/0x340 [ 301.493975] ceph_mount+0x4b9/0x181c [ 301.497667] ? __lockdep_init_map+0x100/0x560 [ 301.502140] ? __lockdep_init_map+0x100/0x560 [ 301.506615] mount_fs+0x92/0x2a0 [ 301.509964] vfs_kern_mount.part.0+0x5b/0x3c0 [ 301.514441] do_mount+0x3c9/0x25e0 [ 301.517961] ? copy_mount_string+0x40/0x40 [ 301.522172] ? __might_fault+0x177/0x1b0 [ 301.526212] ? _copy_from_user+0x94/0x100 [ 301.530338] ? memdup_user+0x54/0xa0 [ 301.534027] ? copy_mount_options+0x1ec/0x2e0 [ 301.538496] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.542360] SyS_mount+0xa8/0x120 [ 301.545789] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.549657] do_syscall_64+0x1d5/0x640 [ 301.553527] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 301.558693] RIP: 0033:0x45cb29 [ 301.561873] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 301.569556] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 301.576804] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 301.584049] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 301.591295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 301.598540] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:25 executing program 2 (fault-call:1 fault-nth:20): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 301.699524] FAULT_INJECTION: forcing a failure. [ 301.699524] name failslab, interval 1, probability 0, space 0, times 0 [ 301.711911] CPU: 1 PID: 14004 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 301.719798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.729135] Call Trace: [ 301.731718] dump_stack+0x1b2/0x283 [ 301.735338] should_fail.cold+0x10a/0x154 [ 301.739478] should_failslab+0xd6/0x130 [ 301.743445] kmem_cache_alloc+0x28e/0x3c0 [ 301.747585] ceph_msg_new+0x31/0x370 [ 301.751284] ceph_monc_init+0x5d1/0xc30 [ 301.755241] ceph_create_client+0x24f/0x340 [ 301.759561] ceph_mount+0x4b9/0x181c [ 301.763253] ? __lockdep_init_map+0x100/0x560 [ 301.767726] ? __lockdep_init_map+0x100/0x560 [ 301.772202] mount_fs+0x92/0x2a0 [ 301.775550] vfs_kern_mount.part.0+0x5b/0x3c0 [ 301.780022] do_mount+0x3c9/0x25e0 [ 301.783545] ? copy_mount_string+0x40/0x40 [ 301.787773] ? __might_fault+0x177/0x1b0 [ 301.791814] ? _copy_from_user+0x94/0x100 [ 301.795943] ? memdup_user+0x54/0xa0 [ 301.799633] ? copy_mount_options+0x1ec/0x2e0 [ 301.804104] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.807981] SyS_mount+0xa8/0x120 [ 301.811410] ? copy_mnt_ns+0x8a0/0x8a0 [ 301.815279] do_syscall_64+0x1d5/0x640 [ 301.819151] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 301.824318] RIP: 0033:0x45cb29 [ 301.827482] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 301.835170] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 301.842425] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:25 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 301.849675] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 301.856926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 301.864175] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:25 executing program 2 (fault-call:1 fault-nth:21): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:25 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 301.956170] FAULT_INJECTION: forcing a failure. [ 301.956170] name failslab, interval 1, probability 0, space 0, times 0 [ 301.972170] CPU: 0 PID: 14012 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 301.980067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.989406] Call Trace: [ 301.991981] dump_stack+0x1b2/0x283 [ 301.995594] should_fail.cold+0x10a/0x154 [ 301.999724] should_failslab+0xd6/0x130 [ 302.003685] __kmalloc+0x2c1/0x400 [ 302.007223] ? ceph_kvmalloc+0x2f/0x70 [ 302.011088] ceph_kvmalloc+0x2f/0x70 [ 302.014780] ceph_msg_new+0x293/0x370 [ 302.018563] ceph_monc_init+0x588/0xc30 [ 302.022644] ceph_create_client+0x24f/0x340 [ 302.026967] ceph_mount+0x4b9/0x181c [ 302.030661] ? __lockdep_init_map+0x100/0x560 [ 302.035137] ? __lockdep_init_map+0x100/0x560 [ 302.039619] mount_fs+0x92/0x2a0 [ 302.042970] vfs_kern_mount.part.0+0x5b/0x3c0 [ 302.047451] do_mount+0x3c9/0x25e0 [ 302.050987] ? copy_mount_string+0x40/0x40 [ 302.055209] ? __might_fault+0x177/0x1b0 [ 302.059365] ? _copy_from_user+0x94/0x100 [ 302.063517] ? memdup_user+0x54/0xa0 [ 302.067206] ? copy_mount_options+0x1ec/0x2e0 [ 302.071678] ? copy_mnt_ns+0x8a0/0x8a0 [ 302.075543] SyS_mount+0xa8/0x120 [ 302.078975] ? copy_mnt_ns+0x8a0/0x8a0 [ 302.082853] do_syscall_64+0x1d5/0x640 [ 302.086722] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 302.091890] RIP: 0033:0x45cb29 [ 302.095058] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:26 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:26 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 302.102744] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 302.109990] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 302.117236] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 302.124501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 302.131747] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:26 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:26 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:26 executing program 2 (fault-call:1 fault-nth:22): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 302.180448] libceph: connect [d::]:6789 error -101 [ 302.190437] libceph: mon0 [d::]:6789 connect error [ 302.200986] ceph: No mds server is up or the cluster is laggy 19:14:26 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 302.245729] binder: 14029:14030 ioctl c0306201 0 returned -14 [ 302.258958] binder: 14024:14028 ioctl c0306201 20000200 returned -14 [ 302.263927] FAULT_INJECTION: forcing a failure. [ 302.263927] name failslab, interval 1, probability 0, space 0, times 0 [ 302.285327] CPU: 1 PID: 14033 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 302.293242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.302596] Call Trace: [ 302.305188] dump_stack+0x1b2/0x283 [ 302.308822] should_fail.cold+0x10a/0x154 [ 302.312973] should_failslab+0xd6/0x130 [ 302.316950] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 302.321624] ceph_osdmap_alloc+0x3c/0x1c0 [ 302.325770] ceph_osdc_init+0x6b3/0xc30 [ 302.329748] ceph_create_client+0x26a/0x340 [ 302.334079] ceph_mount+0x4b9/0x181c [ 302.337791] ? __lockdep_init_map+0x100/0x560 [ 302.342283] ? __lockdep_init_map+0x100/0x560 [ 302.346778] mount_fs+0x92/0x2a0 [ 302.350146] vfs_kern_mount.part.0+0x5b/0x3c0 [ 302.354645] do_mount+0x3c9/0x25e0 [ 302.358188] ? copy_mount_string+0x40/0x40 [ 302.362418] ? __might_fault+0x177/0x1b0 [ 302.366589] ? _copy_from_user+0x94/0x100 [ 302.370729] ? memdup_user+0x54/0xa0 [ 302.374423] ? copy_mount_options+0x1ec/0x2e0 [ 302.378902] ? copy_mnt_ns+0x8a0/0x8a0 [ 302.382766] SyS_mount+0xa8/0x120 [ 302.386197] ? copy_mnt_ns+0x8a0/0x8a0 [ 302.390064] do_syscall_64+0x1d5/0x640 [ 302.393936] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 302.399102] RIP: 0033:0x45cb29 [ 302.402287] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 302.409974] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 302.417223] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 302.424471] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 302.431718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 302.438963] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:26 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:26 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:14:26 executing program 2 (fault-call:1 fault-nth:23): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 302.506600] binder: 14043:14045 ioctl c0306201 20000200 returned -14 [ 302.518970] binder: BINDER_SET_CONTEXT_MGR already set [ 302.519317] binder: BINDER_SET_CONTEXT_MGR already set [ 302.542883] binder: 14044:14049 ioctl 40046207 0 returned -16 [ 302.546990] binder: BINDER_SET_CONTEXT_MGR already set [ 302.558362] binder: 14047:14051 ioctl 40046207 0 returned -16 [ 302.565513] binder: 14048:14052 ioctl 40046207 0 returned -16 [ 302.581177] FAULT_INJECTION: forcing a failure. [ 302.581177] name failslab, interval 1, probability 0, space 0, times 0 [ 302.595053] CPU: 1 PID: 14057 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 19:14:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) [ 302.602945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.612293] Call Trace: [ 302.614885] dump_stack+0x1b2/0x283 [ 302.618524] should_fail.cold+0x10a/0x154 [ 302.622667] should_failslab+0xd6/0x130 [ 302.626627] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 302.631278] ceph_osdmap_alloc+0x3c/0x1c0 [ 302.635423] ceph_osdc_init+0x6b3/0xc30 [ 302.639407] ceph_create_client+0x26a/0x340 [ 302.643731] ceph_mount+0x4b9/0x181c [ 302.647442] ? __lockdep_init_map+0x100/0x560 [ 302.651937] ? __lockdep_init_map+0x100/0x560 [ 302.656435] mount_fs+0x92/0x2a0 [ 302.659803] vfs_kern_mount.part.0+0x5b/0x3c0 [ 302.664300] do_mount+0x3c9/0x25e0 [ 302.667835] ? copy_mount_string+0x40/0x40 [ 302.672048] ? __might_fault+0x177/0x1b0 [ 302.676103] ? _copy_from_user+0x94/0x100 [ 302.680236] ? memdup_user+0x54/0xa0 [ 302.683927] ? copy_mount_options+0x1ec/0x2e0 [ 302.688398] ? copy_mnt_ns+0x8a0/0x8a0 [ 302.692262] SyS_mount+0xa8/0x120 [ 302.695699] ? copy_mnt_ns+0x8a0/0x8a0 [ 302.699572] do_syscall_64+0x1d5/0x640 [ 302.703442] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 302.708614] RIP: 0033:0x45cb29 [ 302.710123] binder: 14061:14063 ioctl c0306201 0 returned -14 [ 302.711787] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 302.711799] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 302.711805] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 302.711810] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 302.711816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 19:14:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:26 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x2, 0x0, &(0x7f0000000100)="4fa7"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:26 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 302.711821] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 302.811400] binder: 14070:14073 ioctl c0306201 20000200 returned -14 19:14:26 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:26 executing program 2 (fault-call:1 fault-nth:24): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:26 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:26 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 303.077091] FAULT_INJECTION: forcing a failure. [ 303.077091] name failslab, interval 1, probability 0, space 0, times 0 [ 303.084477] binder: 14083:14088 ioctl c0306201 0 returned -14 [ 303.101452] binder: 14084:14087 ioctl c0306201 20000200 returned -14 [ 303.114834] CPU: 1 PID: 14086 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.122742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.132093] Call Trace: [ 303.134685] dump_stack+0x1b2/0x283 [ 303.138319] should_fail.cold+0x10a/0x154 [ 303.142469] should_failslab+0xd6/0x130 [ 303.146424] kmem_cache_alloc_node_trace+0x25a/0x400 [ 303.151564] ? mempool_free+0x1d0/0x1d0 [ 303.155518] __kmalloc_node+0x38/0x70 [ 303.159296] mempool_create_node+0x9e/0x3d0 [ 303.163596] ? mempool_kmalloc+0x20/0x20 [ 303.167638] ceph_osdc_init+0x706/0xc30 [ 303.171595] ceph_create_client+0x26a/0x340 [ 303.175897] ceph_mount+0x4b9/0x181c [ 303.179590] ? __lockdep_init_map+0x100/0x560 [ 303.184062] ? __lockdep_init_map+0x100/0x560 [ 303.188534] mount_fs+0x92/0x2a0 [ 303.191881] vfs_kern_mount.part.0+0x5b/0x3c0 [ 303.196371] do_mount+0x3c9/0x25e0 [ 303.199892] ? copy_mount_string+0x40/0x40 [ 303.204103] ? __might_fault+0x177/0x1b0 [ 303.208144] ? _copy_from_user+0x94/0x100 [ 303.212270] ? memdup_user+0x54/0xa0 [ 303.215961] ? copy_mount_options+0x1ec/0x2e0 [ 303.220431] ? copy_mnt_ns+0x8a0/0x8a0 [ 303.224297] SyS_mount+0xa8/0x120 [ 303.227729] ? copy_mnt_ns+0x8a0/0x8a0 [ 303.231627] do_syscall_64+0x1d5/0x640 [ 303.235509] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 303.240693] RIP: 0033:0x45cb29 [ 303.243863] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 303.251550] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 303.258818] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 303.266080] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:27 executing program 2 (fault-call:1 fault-nth:25): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 303.273330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 303.280583] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 303.355081] FAULT_INJECTION: forcing a failure. [ 303.355081] name failslab, interval 1, probability 0, space 0, times 0 [ 303.370598] CPU: 1 PID: 14100 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.378491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.387826] Call Trace: [ 303.390395] dump_stack+0x1b2/0x283 [ 303.394004] should_fail.cold+0x10a/0x154 [ 303.398140] should_failslab+0xd6/0x130 [ 303.402103] kmem_cache_alloc_node_trace+0x25a/0x400 [ 303.407185] ? mempool_free+0x1d0/0x1d0 [ 303.411138] mempool_create_node+0x76/0x3d0 [ 303.415436] ? mempool_kmalloc+0x20/0x20 [ 303.419479] ceph_osdc_init+0x706/0xc30 [ 303.423434] ceph_create_client+0x26a/0x340 [ 303.427737] ceph_mount+0x4b9/0x181c [ 303.431429] ? __lockdep_init_map+0x100/0x560 [ 303.435901] ? __lockdep_init_map+0x100/0x560 [ 303.440384] mount_fs+0x92/0x2a0 [ 303.443732] vfs_kern_mount.part.0+0x5b/0x3c0 [ 303.448206] do_mount+0x3c9/0x25e0 [ 303.451740] ? copy_mount_string+0x40/0x40 [ 303.455951] ? __might_fault+0x177/0x1b0 [ 303.459989] ? _copy_from_user+0x94/0x100 [ 303.464116] ? memdup_user+0x54/0xa0 [ 303.467814] ? copy_mount_options+0x1ec/0x2e0 [ 303.472286] ? copy_mnt_ns+0x8a0/0x8a0 [ 303.476153] SyS_mount+0xa8/0x120 [ 303.479584] ? copy_mnt_ns+0x8a0/0x8a0 [ 303.483466] do_syscall_64+0x1d5/0x640 [ 303.487338] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 303.492504] RIP: 0033:0x45cb29 [ 303.495670] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:27 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) [ 303.503357] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 303.510606] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 303.517852] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 303.525098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 303.532343] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:27 executing program 2 (fault-call:1 fault-nth:26): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 303.625171] binder: 14105:14111 ioctl c0306201 0 returned -14 [ 303.642274] FAULT_INJECTION: forcing a failure. [ 303.642274] name failslab, interval 1, probability 0, space 0, times 0 [ 303.662082] CPU: 1 PID: 14113 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.669979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.679327] Call Trace: [ 303.681897] dump_stack+0x1b2/0x283 [ 303.685510] should_fail.cold+0x10a/0x154 [ 303.689644] should_failslab+0xd6/0x130 [ 303.693600] kmem_cache_alloc+0x28e/0x3c0 [ 303.697728] ? mempool_free+0x1d0/0x1d0 [ 303.701679] mempool_create_node+0x2bb/0x3d0 [ 303.706071] ceph_osdc_init+0x706/0xc30 [ 303.710026] ceph_create_client+0x26a/0x340 [ 303.714327] ceph_mount+0x4b9/0x181c [ 303.718032] ? __lockdep_init_map+0x100/0x560 [ 303.722510] ? __lockdep_init_map+0x100/0x560 [ 303.726989] mount_fs+0x92/0x2a0 [ 303.730345] vfs_kern_mount.part.0+0x5b/0x3c0 [ 303.734819] do_mount+0x3c9/0x25e0 [ 303.738337] ? copy_mount_string+0x40/0x40 [ 303.742554] ? __might_fault+0x177/0x1b0 [ 303.746592] ? _copy_from_user+0x94/0x100 [ 303.750719] ? memdup_user+0x54/0xa0 [ 303.754408] ? copy_mount_options+0x1ec/0x2e0 [ 303.758890] ? copy_mnt_ns+0x8a0/0x8a0 [ 303.762765] SyS_mount+0xa8/0x120 [ 303.766197] ? copy_mnt_ns+0x8a0/0x8a0 [ 303.770065] do_syscall_64+0x1d5/0x640 [ 303.773936] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 303.779099] RIP: 0033:0x45cb29 [ 303.782265] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 303.789955] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 303.797202] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 303.804449] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 303.811703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 303.818951] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:27 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:27 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 303.834391] binder: 14112:14119 ioctl c0306201 0 returned -14 19:14:27 executing program 2 (fault-call:1 fault-nth:27): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 303.922343] binder: 14122:14124 ioctl c0306201 0 returned -14 [ 303.926230] binder: 14121:14127 ioctl c0306201 20000200 returned -14 [ 303.950192] FAULT_INJECTION: forcing a failure. [ 303.950192] name failslab, interval 1, probability 0, space 0, times 0 [ 303.979076] CPU: 0 PID: 14129 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 303.986977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.996317] Call Trace: [ 303.998909] dump_stack+0x1b2/0x283 [ 304.002534] should_fail.cold+0x10a/0x154 [ 304.006686] should_failslab+0xd6/0x130 [ 304.010644] kmem_cache_alloc+0x28e/0x3c0 [ 304.014775] ? mempool_free+0x1d0/0x1d0 [ 304.018725] mempool_create_node+0x2bb/0x3d0 [ 304.023115] ceph_osdc_init+0x706/0xc30 [ 304.027072] ceph_create_client+0x26a/0x340 [ 304.031376] ceph_mount+0x4b9/0x181c [ 304.035069] ? __lockdep_init_map+0x100/0x560 [ 304.039540] ? __lockdep_init_map+0x100/0x560 [ 304.044014] mount_fs+0x92/0x2a0 [ 304.047375] vfs_kern_mount.part.0+0x5b/0x3c0 [ 304.051849] do_mount+0x3c9/0x25e0 [ 304.055391] ? copy_mount_string+0x40/0x40 [ 304.059620] ? __might_fault+0x177/0x1b0 [ 304.063675] ? _copy_from_user+0x94/0x100 [ 304.067806] ? memdup_user+0x54/0xa0 [ 304.071503] ? copy_mount_options+0x1ec/0x2e0 [ 304.075985] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.079859] SyS_mount+0xa8/0x120 [ 304.083297] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.087186] do_syscall_64+0x1d5/0x640 [ 304.091066] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 304.096236] RIP: 0033:0x45cb29 [ 304.099405] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 304.107097] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 304.114348] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 304.121595] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:28 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 304.128842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 304.136088] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:28 executing program 2 (fault-call:1 fault-nth:28): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 304.217164] binder_alloc: 14137: binder_alloc_buf, no vma [ 304.228961] FAULT_INJECTION: forcing a failure. [ 304.228961] name failslab, interval 1, probability 0, space 0, times 0 [ 304.240643] CPU: 1 PID: 14143 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 304.248525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.257863] Call Trace: [ 304.260435] dump_stack+0x1b2/0x283 [ 304.264067] should_fail.cold+0x10a/0x154 [ 304.268201] should_failslab+0xd6/0x130 [ 304.272164] kmem_cache_alloc_node_trace+0x25a/0x400 [ 304.277252] ? mempool_free+0x1d0/0x1d0 [ 304.281214] __kmalloc_node+0x38/0x70 [ 304.284993] mempool_create_node+0x9e/0x3d0 [ 304.289294] ? mempool_kmalloc+0x20/0x20 [ 304.293335] ceph_osdc_init+0x706/0xc30 [ 304.297293] ceph_create_client+0x26a/0x340 [ 304.301613] ceph_mount+0x4b9/0x181c [ 304.305306] ? __lockdep_init_map+0x100/0x560 [ 304.309778] ? __lockdep_init_map+0x100/0x560 [ 304.314254] mount_fs+0x92/0x2a0 [ 304.317604] vfs_kern_mount.part.0+0x5b/0x3c0 [ 304.322081] do_mount+0x3c9/0x25e0 [ 304.325601] ? copy_mount_string+0x40/0x40 [ 304.329812] ? __might_fault+0x177/0x1b0 [ 304.333858] ? _copy_from_user+0x94/0x100 [ 304.337985] ? memdup_user+0x54/0xa0 [ 304.341676] ? copy_mount_options+0x1ec/0x2e0 [ 304.346148] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.350020] SyS_mount+0xa8/0x120 [ 304.353467] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.357336] do_syscall_64+0x1d5/0x640 [ 304.361208] entry_SYSCALL_64_after_hwframe+0x46/0xbb 19:14:28 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 304.366389] RIP: 0033:0x45cb29 [ 304.369557] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 304.377245] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 304.384493] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 304.391739] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 304.399000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 304.406247] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:28 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:28 executing program 2 (fault-call:1 fault-nth:29): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 304.489733] FAULT_INJECTION: forcing a failure. [ 304.489733] name failslab, interval 1, probability 0, space 0, times 0 [ 304.501832] CPU: 1 PID: 14154 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 304.509718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.519070] Call Trace: [ 304.521662] dump_stack+0x1b2/0x283 [ 304.525301] should_fail.cold+0x10a/0x154 [ 304.529453] should_failslab+0xd6/0x130 [ 304.533429] kmem_cache_alloc+0x28e/0x3c0 [ 304.537571] ? mempool_free+0x1d0/0x1d0 [ 304.541541] mempool_create_node+0x2bb/0x3d0 [ 304.545933] ceph_osdc_init+0x706/0xc30 [ 304.549888] ceph_create_client+0x26a/0x340 [ 304.554201] ceph_mount+0x4b9/0x181c [ 304.557913] ? __lockdep_init_map+0x100/0x560 [ 304.562393] ? __lockdep_init_map+0x100/0x560 [ 304.566868] mount_fs+0x92/0x2a0 [ 304.570219] vfs_kern_mount.part.0+0x5b/0x3c0 [ 304.574808] do_mount+0x3c9/0x25e0 [ 304.578334] ? copy_mount_string+0x40/0x40 [ 304.582540] ? __might_fault+0x177/0x1b0 [ 304.586592] ? _copy_from_user+0x94/0x100 [ 304.590723] ? memdup_user+0x54/0xa0 [ 304.594419] ? copy_mount_options+0x1ec/0x2e0 [ 304.598917] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.602794] SyS_mount+0xa8/0x120 [ 304.606247] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.610159] do_syscall_64+0x1d5/0x640 [ 304.614042] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 304.619216] RIP: 0033:0x45cb29 [ 304.622382] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 304.630067] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:28 executing program 2 (fault-call:1 fault-nth:30): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 304.637312] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 304.644564] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 304.651818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 304.659089] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 304.667505] binder: 14147:14157 ioctl c0306201 20000280 returned -14 [ 304.677444] binder: 14149:14158 ioctl c0306201 0 returned -14 19:14:28 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:28 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 304.734787] FAULT_INJECTION: forcing a failure. [ 304.734787] name failslab, interval 1, probability 0, space 0, times 0 [ 304.749989] CPU: 0 PID: 14161 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 304.757897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.767252] Call Trace: [ 304.769845] dump_stack+0x1b2/0x283 [ 304.773478] should_fail.cold+0x10a/0x154 [ 304.777634] should_failslab+0xd6/0x130 [ 304.781612] kmem_cache_alloc+0x28e/0x3c0 [ 304.785760] ? mempool_free+0x1d0/0x1d0 [ 304.789734] mempool_create_node+0x2bb/0x3d0 [ 304.794150] ceph_osdc_init+0x706/0xc30 [ 304.798133] ceph_create_client+0x26a/0x340 [ 304.802456] ceph_mount+0x4b9/0x181c [ 304.806171] ? __lockdep_init_map+0x100/0x560 [ 304.810666] ? __lockdep_init_map+0x100/0x560 [ 304.815165] mount_fs+0x92/0x2a0 [ 304.818536] vfs_kern_mount.part.0+0x5b/0x3c0 [ 304.823034] do_mount+0x3c9/0x25e0 [ 304.826580] ? copy_mount_string+0x40/0x40 [ 304.830812] ? __might_fault+0x177/0x1b0 [ 304.834872] ? _copy_from_user+0x94/0x100 [ 304.839022] ? memdup_user+0x54/0xa0 [ 304.842734] ? copy_mount_options+0x1ec/0x2e0 [ 304.847217] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.849599] binder: 14162:14163 ioctl c0306201 0 returned -14 [ 304.851091] SyS_mount+0xa8/0x120 [ 304.851101] ? copy_mnt_ns+0x8a0/0x8a0 [ 304.851120] do_syscall_64+0x1d5/0x640 [ 304.851138] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 304.851145] RIP: 0033:0x45cb29 [ 304.851153] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 19:14:28 executing program 2 (fault-call:1 fault-nth:31): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 304.868628] binder: 14164:14171 ioctl c0306201 20000200 returned -14 [ 304.871487] ORIG_RAX: 00000000000000a5 [ 304.871494] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 304.871500] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 304.871506] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 304.871512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 304.871518] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:28 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 304.952457] FAULT_INJECTION: forcing a failure. [ 304.952457] name failslab, interval 1, probability 0, space 0, times 0 [ 304.974859] CPU: 1 PID: 14176 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 304.982763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.992112] Call Trace: [ 304.994707] dump_stack+0x1b2/0x283 [ 304.998348] should_fail.cold+0x10a/0x154 [ 305.002502] should_failslab+0xd6/0x130 [ 305.006466] kmem_cache_alloc+0x28e/0x3c0 [ 305.010608] ? mempool_free+0x1d0/0x1d0 [ 305.014559] mempool_create_node+0x2bb/0x3d0 [ 305.018990] ceph_osdc_init+0x706/0xc30 [ 305.022950] ceph_create_client+0x26a/0x340 [ 305.027262] ceph_mount+0x4b9/0x181c [ 305.030957] ? __lockdep_init_map+0x100/0x560 [ 305.035430] ? __lockdep_init_map+0x100/0x560 [ 305.039904] mount_fs+0x92/0x2a0 [ 305.043260] vfs_kern_mount.part.0+0x5b/0x3c0 [ 305.047752] do_mount+0x3c9/0x25e0 [ 305.048144] binder_alloc: 14179: binder_alloc_buf, no vma [ 305.051289] ? copy_mount_string+0x40/0x40 [ 305.051301] ? __might_fault+0x177/0x1b0 [ 305.051313] ? _copy_from_user+0x94/0x100 [ 305.051326] ? memdup_user+0x54/0xa0 [ 305.051333] ? copy_mount_options+0x1ec/0x2e0 [ 305.051343] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.082612] SyS_mount+0xa8/0x120 [ 305.086055] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.089936] do_syscall_64+0x1d5/0x640 [ 305.093811] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 305.098985] RIP: 0033:0x45cb29 [ 305.102168] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 305.109869] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 305.117120] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 305.124374] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.131643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 305.138902] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:29 executing program 2 (fault-call:1 fault-nth:32): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 305.209968] FAULT_INJECTION: forcing a failure. [ 305.209968] name failslab, interval 1, probability 0, space 0, times 0 [ 305.221684] CPU: 0 PID: 14184 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 305.229572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.238911] Call Trace: [ 305.241493] dump_stack+0x1b2/0x283 [ 305.245109] should_fail.cold+0x10a/0x154 [ 305.249259] should_failslab+0xd6/0x130 [ 305.253228] kmem_cache_alloc+0x28e/0x3c0 19:14:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 305.257357] ? mempool_free+0x1d0/0x1d0 [ 305.261312] mempool_create_node+0x2bb/0x3d0 [ 305.265707] ceph_osdc_init+0x706/0xc30 [ 305.269676] ceph_create_client+0x26a/0x340 [ 305.274002] ceph_mount+0x4b9/0x181c [ 305.277708] ? __lockdep_init_map+0x100/0x560 [ 305.282206] ? __lockdep_init_map+0x100/0x560 [ 305.286708] mount_fs+0x92/0x2a0 [ 305.290080] vfs_kern_mount.part.0+0x5b/0x3c0 [ 305.294580] do_mount+0x3c9/0x25e0 [ 305.298137] ? copy_mount_string+0x40/0x40 [ 305.302370] ? __might_fault+0x177/0x1b0 [ 305.306447] ? _copy_from_user+0x94/0x100 [ 305.310597] ? memdup_user+0x54/0xa0 [ 305.314309] ? copy_mount_options+0x1ec/0x2e0 [ 305.318805] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.322687] SyS_mount+0xa8/0x120 [ 305.326131] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.330006] do_syscall_64+0x1d5/0x640 [ 305.333889] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 305.339067] RIP: 0033:0x45cb29 [ 305.342238] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 305.349924] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:29 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:14:29 executing program 2 (fault-call:1 fault-nth:33): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 305.357179] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 305.364432] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.366119] binder: 14187:14191 ioctl c0306201 0 returned -14 [ 305.371683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 305.371689] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 305.456897] FAULT_INJECTION: forcing a failure. [ 305.456897] name failslab, interval 1, probability 0, space 0, times 0 [ 305.472649] CPU: 0 PID: 14196 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 305.480642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.482937] binder: 14193:14198 ioctl c0306201 20000280 returned -14 [ 305.489994] Call Trace: [ 305.490014] dump_stack+0x1b2/0x283 [ 305.490031] should_fail.cold+0x10a/0x154 [ 305.490049] should_failslab+0xd6/0x130 [ 305.490058] kmem_cache_alloc+0x28e/0x3c0 [ 305.490071] ? mempool_free+0x1d0/0x1d0 [ 305.518859] mempool_create_node+0x2bb/0x3d0 [ 305.523256] ceph_osdc_init+0x706/0xc30 [ 305.527234] ceph_create_client+0x26a/0x340 [ 305.531539] ceph_mount+0x4b9/0x181c [ 305.535233] ? __lockdep_init_map+0x100/0x560 [ 305.539708] ? __lockdep_init_map+0x100/0x560 [ 305.544186] mount_fs+0x92/0x2a0 [ 305.547535] vfs_kern_mount.part.0+0x5b/0x3c0 [ 305.552445] do_mount+0x3c9/0x25e0 [ 305.555968] ? copy_mount_string+0x40/0x40 [ 305.560188] ? __might_fault+0x177/0x1b0 [ 305.564230] ? _copy_from_user+0x94/0x100 [ 305.568360] ? memdup_user+0x54/0xa0 [ 305.572054] ? copy_mount_options+0x1ec/0x2e0 [ 305.576533] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.580399] SyS_mount+0xa8/0x120 [ 305.583832] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.587700] do_syscall_64+0x1d5/0x640 [ 305.591571] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 305.596741] RIP: 0033:0x45cb29 [ 305.599910] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:29 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:29 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 305.607597] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 305.614846] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 305.622096] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.629347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 305.636594] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:29 executing program 2 (fault-call:1 fault-nth:34): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 305.698300] binder: 14203:14204 ioctl c0306201 20000200 returned -14 [ 305.708000] binder: 14201:14202 ioctl c0306201 0 returned -14 [ 305.721770] FAULT_INJECTION: forcing a failure. [ 305.721770] name failslab, interval 1, probability 0, space 0, times 0 [ 305.741068] CPU: 1 PID: 14208 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 305.748980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.758335] Call Trace: [ 305.760934] dump_stack+0x1b2/0x283 [ 305.764576] should_fail.cold+0x10a/0x154 [ 305.768734] should_failslab+0xd6/0x130 [ 305.772713] kmem_cache_alloc+0x28e/0x3c0 [ 305.776862] ? mempool_free+0x1d0/0x1d0 [ 305.780836] mempool_create_node+0x2bb/0x3d0 [ 305.785251] ceph_osdc_init+0x706/0xc30 [ 305.789220] ceph_create_client+0x26a/0x340 [ 305.793535] ceph_mount+0x4b9/0x181c 19:14:29 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:29 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 305.797229] ? __lockdep_init_map+0x100/0x560 [ 305.801717] ? __lockdep_init_map+0x100/0x560 [ 305.806211] mount_fs+0x92/0x2a0 [ 305.809571] vfs_kern_mount.part.0+0x5b/0x3c0 [ 305.814067] do_mount+0x3c9/0x25e0 [ 305.817611] ? copy_mount_string+0x40/0x40 [ 305.821847] ? __might_fault+0x177/0x1b0 [ 305.825909] ? _copy_from_user+0x94/0x100 [ 305.830061] ? memdup_user+0x54/0xa0 [ 305.833774] ? copy_mount_options+0x1ec/0x2e0 [ 305.838260] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.842148] SyS_mount+0xa8/0x120 [ 305.845597] ? copy_mnt_ns+0x8a0/0x8a0 [ 305.849485] do_syscall_64+0x1d5/0x640 [ 305.850580] binder: 14216:14217 ioctl c0306201 20000200 returned -14 [ 305.853372] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 305.853381] RIP: 0033:0x45cb29 [ 305.853386] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 305.853397] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 305.853403] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 305.853408] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:29 executing program 2 (fault-call:1 fault-nth:35): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:29 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 305.853413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 305.853418] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 305.917529] binder_alloc: 14215: binder_alloc_buf, no vma [ 305.957379] FAULT_INJECTION: forcing a failure. [ 305.957379] name failslab, interval 1, probability 0, space 0, times 0 [ 305.969317] CPU: 1 PID: 14223 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 305.977210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.986563] Call Trace: [ 305.989160] dump_stack+0x1b2/0x283 [ 305.989479] binder: 14226:14227 ioctl c0306201 20000200 returned -14 [ 305.992791] should_fail.cold+0x10a/0x154 [ 305.992809] should_failslab+0xd6/0x130 [ 306.007816] kmem_cache_alloc+0x28e/0x3c0 [ 306.011964] ? mempool_free+0x1d0/0x1d0 [ 306.015932] mempool_create_node+0x2bb/0x3d0 [ 306.020934] ceph_osdc_init+0x706/0xc30 [ 306.024894] ceph_create_client+0x26a/0x340 [ 306.029636] ceph_mount+0x4b9/0x181c [ 306.033330] ? __lockdep_init_map+0x100/0x560 [ 306.037869] ? __lockdep_init_map+0x100/0x560 [ 306.042353] mount_fs+0x92/0x2a0 [ 306.045711] vfs_kern_mount.part.0+0x5b/0x3c0 [ 306.050189] do_mount+0x3c9/0x25e0 [ 306.053731] ? copy_mount_string+0x40/0x40 [ 306.057946] ? __might_fault+0x177/0x1b0 [ 306.062015] ? _copy_from_user+0x94/0x100 [ 306.066144] ? memdup_user+0x54/0xa0 [ 306.069843] ? copy_mount_options+0x1ec/0x2e0 [ 306.074322] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.078188] SyS_mount+0xa8/0x120 [ 306.081621] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.085488] do_syscall_64+0x1d5/0x640 [ 306.089361] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 306.094528] RIP: 0033:0x45cb29 [ 306.097695] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:30 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 306.105380] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 306.112629] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 306.119882] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 306.127130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 306.134380] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:30 executing program 2 (fault-call:1 fault-nth:36): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:30 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 306.173315] binder: 14231:14233 ioctl c0306201 20000200 returned -14 [ 306.236226] binder: 14232:14243 ioctl c0306201 20000280 returned -14 [ 306.256401] FAULT_INJECTION: forcing a failure. [ 306.256401] name failslab, interval 1, probability 0, space 0, times 0 [ 306.270563] CPU: 0 PID: 14245 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 306.278456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.287796] Call Trace: [ 306.288834] binder: 14241:14246 ioctl c0306201 20000280 returned -14 [ 306.290377] dump_stack+0x1b2/0x283 [ 306.290394] should_fail.cold+0x10a/0x154 [ 306.290410] should_failslab+0xd6/0x130 [ 306.290422] kmem_cache_alloc_node_trace+0x25a/0x400 [ 306.290435] ? msgpool_free+0x50/0x50 [ 306.290446] __kmalloc_node+0x38/0x70 [ 306.321254] mempool_create_node+0x9e/0x3d0 [ 306.325559] ? add_element+0xd2/0x230 [ 306.329385] ? ceph_con_workfn.cold+0x256/0x256 [ 306.334738] ceph_msgpool_init+0x8e/0x120 [ 306.338877] ceph_osdc_init+0x765/0xc30 [ 306.342840] ceph_create_client+0x26a/0x340 [ 306.347163] ceph_mount+0x4b9/0x181c [ 306.350868] ? __lockdep_init_map+0x100/0x560 [ 306.355352] ? __lockdep_init_map+0x100/0x560 [ 306.359837] mount_fs+0x92/0x2a0 [ 306.363199] vfs_kern_mount.part.0+0x5b/0x3c0 [ 306.367687] do_mount+0x3c9/0x25e0 [ 306.371212] ? copy_mount_string+0x40/0x40 [ 306.375429] ? __might_fault+0x177/0x1b0 [ 306.379471] ? _copy_from_user+0x94/0x100 [ 306.383614] ? memdup_user+0x54/0xa0 [ 306.387320] ? copy_mount_options+0x1ec/0x2e0 [ 306.391798] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.395676] SyS_mount+0xa8/0x120 [ 306.399124] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.403001] do_syscall_64+0x1d5/0x640 [ 306.406882] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 306.412065] RIP: 0033:0x45cb29 [ 306.415233] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 306.422920] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:30 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 306.430168] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 306.437414] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 306.444661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 306.451913] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:30 executing program 2 (fault-call:1 fault-nth:37): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 306.499610] binder: 14248:14249 ioctl c0306201 0 returned -14 [ 306.539515] FAULT_INJECTION: forcing a failure. [ 306.539515] name failslab, interval 1, probability 0, space 0, times 0 [ 306.551453] CPU: 1 PID: 14253 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 306.559350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.568698] Call Trace: [ 306.571281] dump_stack+0x1b2/0x283 [ 306.574897] should_fail.cold+0x10a/0x154 [ 306.579031] should_failslab+0xd6/0x130 [ 306.582990] kmem_cache_alloc_node_trace+0x25a/0x400 [ 306.588080] ? msgpool_free+0x50/0x50 [ 306.591864] mempool_create_node+0x76/0x3d0 [ 306.596166] ? add_element+0xd2/0x230 [ 306.599946] ? ceph_con_workfn.cold+0x256/0x256 [ 306.604599] ceph_msgpool_init+0x8e/0x120 [ 306.608730] ceph_osdc_init+0x765/0xc30 [ 306.612688] ceph_create_client+0x26a/0x340 [ 306.616993] ceph_mount+0x4b9/0x181c [ 306.620691] ? __lockdep_init_map+0x100/0x560 [ 306.625188] ? __lockdep_init_map+0x100/0x560 [ 306.629666] mount_fs+0x92/0x2a0 [ 306.633016] vfs_kern_mount.part.0+0x5b/0x3c0 [ 306.637494] do_mount+0x3c9/0x25e0 [ 306.641016] ? copy_mount_string+0x40/0x40 [ 306.645232] ? __might_fault+0x177/0x1b0 [ 306.649286] ? _copy_from_user+0x94/0x100 [ 306.653417] ? memdup_user+0x54/0xa0 [ 306.657110] ? copy_mount_options+0x1ec/0x2e0 [ 306.661584] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.665451] SyS_mount+0xa8/0x120 [ 306.668889] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.672757] do_syscall_64+0x1d5/0x640 [ 306.676630] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 306.681796] RIP: 0033:0x45cb29 [ 306.684970] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 306.692661] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:30 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 306.699925] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 306.707176] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 306.714447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 306.721699] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:30 executing program 2 (fault-call:1 fault-nth:38): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 306.817720] FAULT_INJECTION: forcing a failure. [ 306.817720] name failslab, interval 1, probability 0, space 0, times 0 [ 306.829334] CPU: 0 PID: 14262 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 306.837223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.846571] Call Trace: [ 306.849149] dump_stack+0x1b2/0x283 [ 306.852773] should_fail.cold+0x10a/0x154 [ 306.856967] should_failslab+0xd6/0x130 [ 306.860924] __kmalloc+0x2c1/0x400 [ 306.864453] ? ceph_kvmalloc+0x2f/0x70 [ 306.868326] ceph_kvmalloc+0x2f/0x70 [ 306.872025] ceph_msg_new+0x293/0x370 [ 306.875808] msgpool_alloc+0x74/0xe0 [ 306.879501] ? msgpool_free+0x50/0x50 [ 306.883280] ? msgpool_free+0x50/0x50 [ 306.887060] mempool_create_node+0x2bb/0x3d0 [ 306.891464] ceph_msgpool_init+0x8e/0x120 [ 306.895593] ceph_osdc_init+0x765/0xc30 [ 306.899548] ceph_create_client+0x26a/0x340 [ 306.903851] ceph_mount+0x4b9/0x181c [ 306.907561] ? __lockdep_init_map+0x100/0x560 [ 306.912036] ? __lockdep_init_map+0x100/0x560 [ 306.916513] mount_fs+0x92/0x2a0 [ 306.919864] vfs_kern_mount.part.0+0x5b/0x3c0 [ 306.924343] do_mount+0x3c9/0x25e0 [ 306.927865] ? copy_mount_string+0x40/0x40 [ 306.932098] ? __might_fault+0x177/0x1b0 [ 306.936139] ? _copy_from_user+0x94/0x100 [ 306.940269] ? memdup_user+0x54/0xa0 [ 306.943960] ? copy_mount_options+0x1ec/0x2e0 [ 306.948435] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.952303] SyS_mount+0xa8/0x120 [ 306.955734] ? copy_mnt_ns+0x8a0/0x8a0 [ 306.959602] do_syscall_64+0x1d5/0x640 19:14:30 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 306.963476] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 306.968644] RIP: 0033:0x45cb29 [ 306.971812] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 306.979498] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 306.986747] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 306.993997] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 307.001245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 307.008494] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:30 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) [ 307.040731] binder: 14267:14268 ioctl c0306201 20000200 returned -14 [ 307.065384] libceph: connect [d::]:6789 error -101 [ 307.070411] libceph: mon0 [d::]:6789 connect error [ 307.070729] ceph: No mds server is up or the cluster is laggy 19:14:31 executing program 2 (fault-call:1 fault-nth:39): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 307.149479] binder: 14270:14283 unknown command 0 [ 307.156152] binder: 14272:14284 ioctl c0306201 20000280 returned -14 [ 307.168351] binder: 14270:14283 ioctl c0306201 20000280 returned -22 [ 307.173973] FAULT_INJECTION: forcing a failure. [ 307.173973] name failslab, interval 1, probability 0, space 0, times 0 [ 307.186371] CPU: 0 PID: 14286 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 307.194599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.203949] Call Trace: [ 307.206528] dump_stack+0x1b2/0x283 [ 307.210148] should_fail.cold+0x10a/0x154 [ 307.214289] should_failslab+0xd6/0x130 [ 307.218250] kmem_cache_alloc+0x28e/0x3c0 [ 307.222420] ceph_msg_new+0x31/0x370 [ 307.226118] msgpool_alloc+0x74/0xe0 [ 307.229811] ? msgpool_free+0x50/0x50 [ 307.233588] ? msgpool_free+0x50/0x50 [ 307.237369] mempool_create_node+0x2bb/0x3d0 [ 307.241761] ceph_msgpool_init+0x8e/0x120 [ 307.245899] ceph_osdc_init+0x765/0xc30 [ 307.249875] ceph_create_client+0x26a/0x340 [ 307.254214] ceph_mount+0x4b9/0x181c [ 307.257921] ? __lockdep_init_map+0x100/0x560 [ 307.262445] ? __lockdep_init_map+0x100/0x560 [ 307.266961] mount_fs+0x92/0x2a0 [ 307.270313] vfs_kern_mount.part.0+0x5b/0x3c0 [ 307.274789] do_mount+0x3c9/0x25e0 [ 307.278312] ? copy_mount_string+0x40/0x40 [ 307.282526] ? __might_fault+0x177/0x1b0 [ 307.286569] ? _copy_from_user+0x94/0x100 [ 307.290709] ? memdup_user+0x54/0xa0 [ 307.294411] ? copy_mount_options+0x1ec/0x2e0 [ 307.298916] ? copy_mnt_ns+0x8a0/0x8a0 [ 307.302825] SyS_mount+0xa8/0x120 [ 307.306278] ? copy_mnt_ns+0x8a0/0x8a0 [ 307.310150] do_syscall_64+0x1d5/0x640 [ 307.314037] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 307.319205] RIP: 0033:0x45cb29 [ 307.322377] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 307.330204] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 307.337457] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:31 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 307.344724] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 307.351976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 307.359321] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:31 executing program 2 (fault-call:1 fault-nth:40): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 307.402604] binder: 14288:14289 ioctl c0306201 0 returned -14 [ 307.442741] FAULT_INJECTION: forcing a failure. [ 307.442741] name failslab, interval 1, probability 0, space 0, times 0 [ 307.454390] CPU: 0 PID: 14293 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 307.462292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.471633] Call Trace: [ 307.474222] dump_stack+0x1b2/0x283 [ 307.477838] should_fail.cold+0x10a/0x154 [ 307.481984] should_failslab+0xd6/0x130 [ 307.485940] kmem_cache_alloc+0x28e/0x3c0 [ 307.490076] ceph_msg_new+0x31/0x370 [ 307.493777] msgpool_alloc+0x74/0xe0 [ 307.497472] ? msgpool_free+0x50/0x50 [ 307.501258] ? msgpool_free+0x50/0x50 [ 307.505040] mempool_create_node+0x2bb/0x3d0 [ 307.509431] ceph_msgpool_init+0x8e/0x120 [ 307.513563] ceph_osdc_init+0x765/0xc30 [ 307.517556] ceph_create_client+0x26a/0x340 [ 307.521891] ceph_mount+0x4b9/0x181c [ 307.525585] ? __lockdep_init_map+0x100/0x560 [ 307.530079] ? __lockdep_init_map+0x100/0x560 [ 307.534573] mount_fs+0x92/0x2a0 [ 307.537921] vfs_kern_mount.part.0+0x5b/0x3c0 [ 307.542397] do_mount+0x3c9/0x25e0 [ 307.545925] ? copy_mount_string+0x40/0x40 [ 307.550138] ? __might_fault+0x177/0x1b0 [ 307.554182] ? _copy_from_user+0x94/0x100 [ 307.558310] ? memdup_user+0x54/0xa0 [ 307.562004] ? copy_mount_options+0x1ec/0x2e0 [ 307.566476] ? copy_mnt_ns+0x8a0/0x8a0 [ 307.570343] SyS_mount+0xa8/0x120 [ 307.573774] ? copy_mnt_ns+0x8a0/0x8a0 [ 307.577644] do_syscall_64+0x1d5/0x640 [ 307.581538] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 307.586706] RIP: 0033:0x45cb29 [ 307.589890] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:31 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:31 executing program 2 (fault-call:1 fault-nth:41): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 307.597578] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 307.604827] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 307.612097] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 307.619344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 307.626599] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 307.693831] FAULT_INJECTION: forcing a failure. [ 307.693831] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 307.705660] CPU: 0 PID: 14301 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 307.713628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.722978] Call Trace: [ 307.725563] dump_stack+0x1b2/0x283 [ 307.729188] should_fail.cold+0x10a/0x154 [ 307.733326] __alloc_pages_nodemask+0x22b/0x2730 [ 307.738084] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 307.742568] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 307.747045] ? kmem_cache_alloc+0x124/0x3c0 [ 307.751349] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 307.756175] ? trace_hardirqs_on+0x10/0x10 [ 307.760404] ? SyS_mount+0xa8/0x120 [ 307.764016] ? finish_task_switch+0x178/0x610 [ 307.768490] ? finish_task_switch+0x14d/0x610 [ 307.772968] ? switch_mm_irqs_off+0x5f6/0xec0 [ 307.777529] ? __schedule+0x8ae/0x1d70 [ 307.781399] cache_grow_begin+0x91/0x410 [ 307.785443] cache_alloc_refill+0x28c/0x360 [ 307.789746] __kmalloc+0x378/0x400 [ 307.793285] ? ceph_kvmalloc+0x2f/0x70 [ 307.797167] ceph_kvmalloc+0x2f/0x70 [ 307.800863] ceph_msg_new+0x293/0x370 [ 307.804647] msgpool_alloc+0x74/0xe0 [ 307.808340] ? msgpool_free+0x50/0x50 [ 307.812144] ? msgpool_free+0x50/0x50 [ 307.815925] mempool_create_node+0x2bb/0x3d0 [ 307.820316] ceph_msgpool_init+0x8e/0x120 [ 307.824446] ceph_osdc_init+0x765/0xc30 [ 307.828403] ceph_create_client+0x26a/0x340 [ 307.832706] ceph_mount+0x4b9/0x181c [ 307.836415] ? __lockdep_init_map+0x100/0x560 [ 307.840891] ? __lockdep_init_map+0x100/0x560 [ 307.845369] mount_fs+0x92/0x2a0 [ 307.848717] vfs_kern_mount.part.0+0x5b/0x3c0 [ 307.853193] do_mount+0x3c9/0x25e0 [ 307.856717] ? copy_mount_string+0x40/0x40 [ 307.860932] ? __might_fault+0x177/0x1b0 [ 307.864975] ? _copy_from_user+0x94/0x100 [ 307.869104] ? memdup_user+0x54/0xa0 [ 307.872797] ? copy_mount_options+0x1ec/0x2e0 [ 307.877288] ? copy_mnt_ns+0x8a0/0x8a0 [ 307.881158] SyS_mount+0xa8/0x120 [ 307.884590] ? copy_mnt_ns+0x8a0/0x8a0 [ 307.888460] do_syscall_64+0x1d5/0x640 19:14:31 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:14:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:31 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 307.892330] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 307.897497] RIP: 0033:0x45cb29 [ 307.900666] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 307.908351] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 307.915599] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 307.922850] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 307.930115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 307.937363] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 307.999134] binder: 14307:14309 ioctl c0306201 20000200 returned -14 [ 308.021320] ceph: No mds server is up or the cluster is laggy [ 308.027696] libceph: connect [d::]:6789 error -101 [ 308.032717] libceph: mon0 [d::]:6789 connect error 19:14:31 executing program 2 (fault-call:1 fault-nth:42): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 308.060411] binder: 14306:14321 unknown command 0 [ 308.069809] binder: 14306:14321 ioctl c0306201 20000280 returned -22 [ 308.074058] binder: 14308:14322 ioctl c0306201 20000280 returned -14 [ 308.097888] FAULT_INJECTION: forcing a failure. [ 308.097888] name failslab, interval 1, probability 0, space 0, times 0 [ 308.115796] CPU: 1 PID: 14325 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 308.123694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.133043] Call Trace: [ 308.135626] dump_stack+0x1b2/0x283 [ 308.139242] should_fail.cold+0x10a/0x154 [ 308.143382] should_failslab+0xd6/0x130 [ 308.147345] __kmalloc+0x2c1/0x400 [ 308.150869] ? ceph_kvmalloc+0x2f/0x70 [ 308.154826] ceph_kvmalloc+0x2f/0x70 [ 308.158522] ceph_msg_new+0x293/0x370 [ 308.162407] msgpool_alloc+0x74/0xe0 [ 308.166109] ? msgpool_free+0x50/0x50 [ 308.169890] mempool_create_node+0x2bb/0x3d0 [ 308.174283] ceph_msgpool_init+0x8e/0x120 [ 308.178479] ceph_osdc_init+0x765/0xc30 [ 308.182449] ceph_create_client+0x26a/0x340 [ 308.186797] ceph_mount+0x4b9/0x181c [ 308.190507] ? __lockdep_init_map+0x100/0x560 [ 308.194986] ? __lockdep_init_map+0x100/0x560 [ 308.199463] mount_fs+0x92/0x2a0 [ 308.202815] vfs_kern_mount.part.0+0x5b/0x3c0 [ 308.207315] do_mount+0x3c9/0x25e0 [ 308.210841] ? copy_mount_string+0x40/0x40 [ 308.215083] ? __might_fault+0x177/0x1b0 [ 308.219137] ? _copy_from_user+0x94/0x100 [ 308.223276] ? memdup_user+0x54/0xa0 [ 308.226971] ? copy_mount_options+0x1ec/0x2e0 [ 308.231446] ? copy_mnt_ns+0x8a0/0x8a0 [ 308.235314] SyS_mount+0xa8/0x120 [ 308.238756] ? copy_mnt_ns+0x8a0/0x8a0 [ 308.242633] do_syscall_64+0x1d5/0x640 [ 308.246513] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 308.251689] RIP: 0033:0x45cb29 [ 308.254865] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:32 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 308.262617] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 308.269876] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 308.277127] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 308.284427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 308.291677] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:32 executing program 2 (fault-call:1 fault-nth:43): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 308.321479] libceph: connect [d::]:6789 error -101 [ 308.330751] ceph: No mds server is up or the cluster is laggy [ 308.337273] libceph: mon0 [d::]:6789 connect error [ 308.354128] binder: 14330:14335 ioctl c0306201 0 returned -14 [ 308.391391] FAULT_INJECTION: forcing a failure. [ 308.391391] name failslab, interval 1, probability 0, space 0, times 0 [ 308.410712] CPU: 0 PID: 14339 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 308.418612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.427955] Call Trace: [ 308.430544] dump_stack+0x1b2/0x283 [ 308.434231] should_fail.cold+0x10a/0x154 19:14:32 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 308.438363] should_failslab+0xd6/0x130 [ 308.442317] kmem_cache_alloc+0x28e/0x3c0 [ 308.446447] ceph_msg_new+0x31/0x370 [ 308.450148] msgpool_alloc+0x74/0xe0 [ 308.453851] ? msgpool_free+0x50/0x50 [ 308.457639] mempool_create_node+0x2bb/0x3d0 [ 308.462046] ceph_msgpool_init+0x8e/0x120 [ 308.466201] ceph_osdc_init+0x765/0xc30 [ 308.470176] ceph_create_client+0x26a/0x340 [ 308.474499] ceph_mount+0x4b9/0x181c [ 308.478213] ? __lockdep_init_map+0x100/0x560 [ 308.482713] ? __lockdep_init_map+0x100/0x560 [ 308.487216] mount_fs+0x92/0x2a0 [ 308.490572] vfs_kern_mount.part.0+0x5b/0x3c0 [ 308.495048] do_mount+0x3c9/0x25e0 [ 308.498569] ? copy_mount_string+0x40/0x40 [ 308.502784] ? __might_fault+0x177/0x1b0 [ 308.506833] ? _copy_from_user+0x94/0x100 [ 308.510961] ? memdup_user+0x54/0xa0 [ 308.514659] ? copy_mount_options+0x1ec/0x2e0 [ 308.519143] ? copy_mnt_ns+0x8a0/0x8a0 [ 308.523011] SyS_mount+0xa8/0x120 [ 308.526502] ? copy_mnt_ns+0x8a0/0x8a0 [ 308.530371] do_syscall_64+0x1d5/0x640 [ 308.534259] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 308.540218] RIP: 0033:0x45cb29 [ 308.543400] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 308.551102] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 308.558358] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 308.565615] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 308.572873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 308.580121] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:32 executing program 2 (fault-call:1 fault-nth:44): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 308.670638] FAULT_INJECTION: forcing a failure. [ 308.670638] name failslab, interval 1, probability 0, space 0, times 0 [ 308.686136] CPU: 1 PID: 14350 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 308.694069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.703421] Call Trace: [ 308.706013] dump_stack+0x1b2/0x283 [ 308.709635] should_fail.cold+0x10a/0x154 [ 308.713775] should_failslab+0xd6/0x130 [ 308.717747] __kmalloc+0x2c1/0x400 [ 308.721277] ? ceph_kvmalloc+0x2f/0x70 [ 308.725155] ceph_kvmalloc+0x2f/0x70 [ 308.728858] ceph_msg_new+0x293/0x370 [ 308.732641] msgpool_alloc+0x74/0xe0 [ 308.736348] ? msgpool_free+0x50/0x50 [ 308.740136] mempool_create_node+0x2bb/0x3d0 [ 308.744539] ceph_msgpool_init+0x8e/0x120 [ 308.748678] ceph_osdc_init+0x765/0xc30 [ 308.752640] ceph_create_client+0x26a/0x340 [ 308.756973] ceph_mount+0x4b9/0x181c [ 308.760670] ? __lockdep_init_map+0x100/0x560 [ 308.765154] ? __lockdep_init_map+0x100/0x560 [ 308.769646] mount_fs+0x92/0x2a0 [ 308.773018] vfs_kern_mount.part.0+0x5b/0x3c0 [ 308.777504] do_mount+0x3c9/0x25e0 [ 308.781027] ? copy_mount_string+0x40/0x40 [ 308.785273] ? __might_fault+0x177/0x1b0 [ 308.789324] ? _copy_from_user+0x94/0x100 [ 308.793468] ? memdup_user+0x54/0xa0 [ 308.797181] ? copy_mount_options+0x1ec/0x2e0 [ 308.801675] ? copy_mnt_ns+0x8a0/0x8a0 [ 308.805565] SyS_mount+0xa8/0x120 [ 308.809014] ? copy_mnt_ns+0x8a0/0x8a0 [ 308.812903] do_syscall_64+0x1d5/0x640 19:14:32 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:14:32 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:32 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 308.816802] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 308.821986] RIP: 0033:0x45cb29 [ 308.825171] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 308.832879] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 308.840153] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 308.847423] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 308.855354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 308.862625] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 308.891993] libceph: connect [d::]:6789 error -101 [ 308.897073] libceph: mon0 [d::]:6789 connect error [ 308.902053] ceph: No mds server is up or the cluster is laggy [ 308.915010] binder: 14354:14361 unknown command 0 [ 308.921043] binder: 14353:14365 unknown command 0 [ 308.931111] binder: 14354:14361 ioctl c0306201 20000280 returned -22 19:14:32 executing program 2 (fault-call:1 fault-nth:45): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 308.933354] binder: 14360:14363 ioctl c0306201 20000200 returned -14 [ 308.953320] binder: 14353:14365 ioctl c0306201 20000280 returned -22 [ 308.974014] FAULT_INJECTION: forcing a failure. [ 308.974014] name failslab, interval 1, probability 0, space 0, times 0 [ 308.992247] CPU: 1 PID: 14370 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 309.000146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.009514] Call Trace: [ 309.012096] dump_stack+0x1b2/0x283 [ 309.015710] should_fail.cold+0x10a/0x154 [ 309.019842] should_failslab+0xd6/0x130 [ 309.023798] __kmalloc+0x2c1/0x400 [ 309.027319] ? ceph_kvmalloc+0x2f/0x70 [ 309.031188] ceph_kvmalloc+0x2f/0x70 [ 309.034897] ceph_msg_new+0x293/0x370 [ 309.038676] msgpool_alloc+0x74/0xe0 [ 309.042380] ? msgpool_free+0x50/0x50 [ 309.046162] mempool_create_node+0x2bb/0x3d0 [ 309.050562] ceph_msgpool_init+0x8e/0x120 [ 309.054691] ceph_osdc_init+0x765/0xc30 [ 309.058646] ceph_create_client+0x26a/0x340 [ 309.062955] ceph_mount+0x4b9/0x181c [ 309.066657] ? __lockdep_init_map+0x100/0x560 [ 309.071135] ? __lockdep_init_map+0x100/0x560 [ 309.075623] mount_fs+0x92/0x2a0 [ 309.079930] vfs_kern_mount.part.0+0x5b/0x3c0 [ 309.084407] do_mount+0x3c9/0x25e0 [ 309.087936] ? copy_mount_string+0x40/0x40 [ 309.092238] ? __might_fault+0x177/0x1b0 [ 309.096310] ? _copy_from_user+0x94/0x100 [ 309.100440] ? memdup_user+0x54/0xa0 [ 309.104140] ? copy_mount_options+0x1ec/0x2e0 [ 309.108630] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.112513] SyS_mount+0xa8/0x120 [ 309.115944] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.119816] do_syscall_64+0x1d5/0x640 [ 309.123686] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 309.128854] RIP: 0033:0x45cb29 [ 309.132022] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:33 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 309.139707] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 309.146957] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 309.154226] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.161476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 309.168726] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:33 executing program 2 (fault-call:1 fault-nth:46): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 309.209679] libceph: connect [d::]:6789 error -101 [ 309.211201] binder: 14375:14377 ioctl c0306201 0 returned -14 [ 309.214885] libceph: mon0 [d::]:6789 connect error [ 309.235306] ceph: No mds server is up or the cluster is laggy 19:14:33 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 309.275582] FAULT_INJECTION: forcing a failure. [ 309.275582] name failslab, interval 1, probability 0, space 0, times 0 [ 309.301007] CPU: 0 PID: 14384 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 309.308924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.318275] Call Trace: [ 309.320854] dump_stack+0x1b2/0x283 [ 309.324479] should_fail.cold+0x10a/0x154 [ 309.328612] should_failslab+0xd6/0x130 [ 309.332571] kmem_cache_alloc+0x28e/0x3c0 [ 309.336703] ceph_msg_new+0x31/0x370 [ 309.340401] msgpool_alloc+0x74/0xe0 [ 309.344112] ? msgpool_free+0x50/0x50 [ 309.347918] mempool_create_node+0x2bb/0x3d0 [ 309.352318] ceph_msgpool_init+0x8e/0x120 [ 309.356462] ceph_osdc_init+0x765/0xc30 [ 309.360425] ceph_create_client+0x26a/0x340 [ 309.364740] ceph_mount+0x4b9/0x181c [ 309.368453] ? __lockdep_init_map+0x100/0x560 [ 309.373049] ? __lockdep_init_map+0x100/0x560 [ 309.377526] mount_fs+0x92/0x2a0 [ 309.380876] vfs_kern_mount.part.0+0x5b/0x3c0 [ 309.385352] do_mount+0x3c9/0x25e0 [ 309.388875] ? copy_mount_string+0x40/0x40 [ 309.393090] ? __might_fault+0x177/0x1b0 [ 309.397131] ? _copy_from_user+0x94/0x100 [ 309.401259] ? memdup_user+0x54/0xa0 [ 309.404952] ? copy_mount_options+0x1ec/0x2e0 [ 309.409476] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.413344] SyS_mount+0xa8/0x120 [ 309.416776] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.420645] do_syscall_64+0x1d5/0x640 [ 309.424536] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 309.429706] RIP: 0033:0x45cb29 [ 309.432881] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 309.440583] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 309.447831] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 309.455081] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.462353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 309.469601] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:33 executing program 2 (fault-call:1 fault-nth:47): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 309.544189] FAULT_INJECTION: forcing a failure. [ 309.544189] name failslab, interval 1, probability 0, space 0, times 0 [ 309.555596] CPU: 0 PID: 14392 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 309.563470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.572807] Call Trace: [ 309.575389] dump_stack+0x1b2/0x283 [ 309.579029] should_fail.cold+0x10a/0x154 [ 309.583185] should_failslab+0xd6/0x130 [ 309.587157] __kmalloc+0x2c1/0x400 [ 309.590684] ? ceph_kvmalloc+0x2f/0x70 [ 309.594552] ceph_kvmalloc+0x2f/0x70 [ 309.598254] ceph_msg_new+0x293/0x370 [ 309.602045] msgpool_alloc+0x74/0xe0 [ 309.605742] ? msgpool_free+0x50/0x50 [ 309.609545] mempool_create_node+0x2bb/0x3d0 [ 309.613937] ceph_msgpool_init+0x8e/0x120 [ 309.618064] ceph_osdc_init+0x765/0xc30 [ 309.622017] ceph_create_client+0x26a/0x340 [ 309.626318] ceph_mount+0x4b9/0x181c [ 309.630012] ? __lockdep_init_map+0x100/0x560 [ 309.634486] ? __lockdep_init_map+0x100/0x560 [ 309.638989] mount_fs+0x92/0x2a0 19:14:33 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 309.642338] vfs_kern_mount.part.0+0x5b/0x3c0 [ 309.646821] do_mount+0x3c9/0x25e0 [ 309.650347] ? copy_mount_string+0x40/0x40 [ 309.654566] ? __might_fault+0x177/0x1b0 [ 309.658621] ? _copy_from_user+0x94/0x100 [ 309.662755] ? memdup_user+0x54/0xa0 [ 309.666568] ? copy_mount_options+0x1ec/0x2e0 [ 309.671172] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.675067] SyS_mount+0xa8/0x120 [ 309.678518] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.682411] do_syscall_64+0x1d5/0x640 [ 309.686307] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 309.691487] RIP: 0033:0x45cb29 19:14:33 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:33 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 309.694658] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 309.702466] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 309.709895] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 309.717149] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.724412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 309.732205] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:33 executing program 2 (fault-call:1 fault-nth:48): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 309.767119] ceph: No mds server is up or the cluster is laggy [ 309.768879] binder: 14395:14397 unknown command 0 [ 309.773423] libceph: connect [d::]:6789 error -101 [ 309.790373] libceph: mon0 [d::]:6789 connect error [ 309.790532] binder: 14398:14402 ioctl c0306201 20000200 returned -14 [ 309.802241] binder: 14395:14397 ioctl c0306201 20000280 returned -22 [ 309.848847] binder: 14404:14413 unknown command 0 [ 309.859837] binder: 14404:14413 ioctl c0306201 20000280 returned -22 [ 309.866353] FAULT_INJECTION: forcing a failure. [ 309.866353] name failslab, interval 1, probability 0, space 0, times 0 [ 309.866365] CPU: 1 PID: 14414 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 309.866371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.866375] Call Trace: [ 309.866391] dump_stack+0x1b2/0x283 [ 309.866406] should_fail.cold+0x10a/0x154 [ 309.866421] should_failslab+0xd6/0x130 [ 309.866432] kmem_cache_alloc+0x28e/0x3c0 [ 309.866445] ceph_msg_new+0x31/0x370 [ 309.866459] msgpool_alloc+0x74/0xe0 [ 309.866469] ? msgpool_free+0x50/0x50 [ 309.866477] mempool_create_node+0x2bb/0x3d0 [ 309.866491] ceph_msgpool_init+0x8e/0x120 [ 309.866505] ceph_osdc_init+0x765/0xc30 [ 309.866522] ceph_create_client+0x26a/0x340 [ 309.941340] ceph_mount+0x4b9/0x181c [ 309.945044] ? __lockdep_init_map+0x100/0x560 [ 309.949530] ? __lockdep_init_map+0x100/0x560 [ 309.954007] mount_fs+0x92/0x2a0 [ 309.957358] vfs_kern_mount.part.0+0x5b/0x3c0 [ 309.961834] do_mount+0x3c9/0x25e0 [ 309.965368] ? copy_mount_string+0x40/0x40 [ 309.969589] ? __might_fault+0x177/0x1b0 [ 309.973634] ? _copy_from_user+0x94/0x100 [ 309.977761] ? memdup_user+0x54/0xa0 [ 309.981452] ? copy_mount_options+0x1ec/0x2e0 [ 309.985933] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.989807] SyS_mount+0xa8/0x120 [ 309.993249] ? copy_mnt_ns+0x8a0/0x8a0 [ 309.997119] do_syscall_64+0x1d5/0x640 [ 310.000996] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 310.006172] RIP: 0033:0x45cb29 [ 310.009348] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 310.017034] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 310.024386] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 310.031642] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 310.038894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 19:14:33 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 310.046158] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:34 executing program 2 (fault-call:1 fault-nth:49): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:34 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 310.101196] binder: 14419:14422 ioctl c0306201 0 returned -14 [ 310.131795] FAULT_INJECTION: forcing a failure. [ 310.131795] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 310.143627] CPU: 1 PID: 14424 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 310.151508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.160864] Call Trace: [ 310.163458] dump_stack+0x1b2/0x283 [ 310.167085] should_fail.cold+0x10a/0x154 [ 310.171218] __alloc_pages_nodemask+0x22b/0x2730 [ 310.175965] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 310.180446] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 310.184931] ? kmem_cache_alloc+0x124/0x3c0 [ 310.189246] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 310.194076] ? trace_hardirqs_on+0x10/0x10 [ 310.198354] ? SyS_mount+0xa8/0x120 [ 310.201962] ? ceph_osdc_init+0x765/0xc30 [ 310.206151] ? cache_alloc_refill+0x310/0x360 [ 310.210631] cache_grow_begin+0x91/0x410 [ 310.214698] cache_alloc_refill+0x28c/0x360 [ 310.219027] __kmalloc+0x378/0x400 [ 310.222560] ? ceph_kvmalloc+0x2f/0x70 [ 310.226431] ceph_kvmalloc+0x2f/0x70 [ 310.230128] ceph_msg_new+0x293/0x370 [ 310.233922] msgpool_alloc+0x74/0xe0 [ 310.237634] ? msgpool_free+0x50/0x50 [ 310.241425] mempool_create_node+0x2bb/0x3d0 [ 310.245838] ceph_msgpool_init+0x8e/0x120 [ 310.249971] ceph_osdc_init+0x765/0xc30 [ 310.253938] ceph_create_client+0x26a/0x340 [ 310.258354] ceph_mount+0x4b9/0x181c [ 310.262054] ? __lockdep_init_map+0x100/0x560 [ 310.266537] ? __lockdep_init_map+0x100/0x560 [ 310.271014] mount_fs+0x92/0x2a0 [ 310.274375] vfs_kern_mount.part.0+0x5b/0x3c0 [ 310.278861] do_mount+0x3c9/0x25e0 [ 310.282440] ? copy_mount_string+0x40/0x40 [ 310.286681] ? __might_fault+0x177/0x1b0 [ 310.290729] ? _copy_from_user+0x94/0x100 [ 310.294949] ? memdup_user+0x54/0xa0 [ 310.298656] ? copy_mount_options+0x1ec/0x2e0 [ 310.303148] ? copy_mnt_ns+0x8a0/0x8a0 [ 310.307024] SyS_mount+0xa8/0x120 [ 310.310461] ? copy_mnt_ns+0x8a0/0x8a0 [ 310.314339] do_syscall_64+0x1d5/0x640 [ 310.318220] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 310.323394] RIP: 0033:0x45cb29 [ 310.326568] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 310.334259] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 310.341515] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 310.348763] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 310.356012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 310.363267] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:34 executing program 2 (fault-call:1 fault-nth:50): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 310.404937] ceph: No mds server is up or the cluster is laggy [ 310.411211] libceph: connect [d::]:6789 error -101 [ 310.418329] libceph: mon0 [d::]:6789 connect error 19:14:34 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 310.464281] FAULT_INJECTION: forcing a failure. [ 310.464281] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 310.476109] CPU: 0 PID: 14439 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 310.483990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.493342] Call Trace: [ 310.495933] dump_stack+0x1b2/0x283 [ 310.499568] should_fail.cold+0x10a/0x154 [ 310.503726] __alloc_pages_nodemask+0x22b/0x2730 [ 310.508495] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 310.512985] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 310.517460] ? kmem_cache_alloc+0x124/0x3c0 [ 310.521762] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 310.526587] ? trace_hardirqs_on+0x10/0x10 [ 310.530799] ? SyS_mount+0xa8/0x120 [ 310.534408] ? ceph_osdc_init+0x765/0xc30 [ 310.538537] ? cache_alloc_refill+0x310/0x360 [ 310.543016] cache_grow_begin+0x91/0x410 [ 310.547065] cache_alloc_refill+0x28c/0x360 [ 310.551371] __kmalloc+0x378/0x400 [ 310.554916] ? ceph_kvmalloc+0x2f/0x70 [ 310.558785] ceph_kvmalloc+0x2f/0x70 [ 310.562478] ceph_msg_new+0x293/0x370 [ 310.566259] msgpool_alloc+0x74/0xe0 [ 310.569951] ? msgpool_free+0x50/0x50 [ 310.573731] mempool_create_node+0x2bb/0x3d0 [ 310.578123] ceph_msgpool_init+0x8e/0x120 [ 310.582338] ceph_osdc_init+0x765/0xc30 [ 310.586294] ceph_create_client+0x26a/0x340 [ 310.590596] ceph_mount+0x4b9/0x181c [ 310.594292] ? __lockdep_init_map+0x100/0x560 [ 310.598765] ? __lockdep_init_map+0x100/0x560 [ 310.603242] mount_fs+0x92/0x2a0 [ 310.606589] vfs_kern_mount.part.0+0x5b/0x3c0 [ 310.611066] do_mount+0x3c9/0x25e0 [ 310.614589] ? copy_mount_string+0x40/0x40 [ 310.618802] ? __might_fault+0x177/0x1b0 [ 310.622844] ? _copy_from_user+0x94/0x100 [ 310.626972] ? memdup_user+0x54/0xa0 [ 310.630663] ? copy_mount_options+0x1ec/0x2e0 [ 310.635137] ? copy_mnt_ns+0x8a0/0x8a0 [ 310.639006] SyS_mount+0xa8/0x120 [ 310.642436] ? copy_mnt_ns+0x8a0/0x8a0 [ 310.646305] do_syscall_64+0x1d5/0x640 [ 310.650177] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 310.655345] RIP: 0033:0x45cb29 19:14:34 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:34 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 310.658516] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 310.666201] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 310.673449] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 310.680698] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 310.687946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 310.695196] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 310.749132] binder: 14446:14447 ioctl c0306201 20000200 returned -14 [ 310.757437] ceph: No mds server is up or the cluster is laggy [ 310.762424] binder: 14442:14451 unknown command 0 [ 310.764003] libceph: connect [d::]:6789 error -101 [ 310.770704] binder: 14442:14451 ioctl c0306201 20000280 returned -22 [ 310.777419] libceph: mon0 [d::]:6789 connect error 19:14:34 executing program 2 (fault-call:1 fault-nth:51): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 310.849990] binder: 14448:14462 unknown command 0 [ 310.857681] binder: 14448:14462 ioctl c0306201 20000280 returned -22 [ 310.857983] FAULT_INJECTION: forcing a failure. [ 310.857983] name failslab, interval 1, probability 0, space 0, times 0 [ 310.887605] CPU: 1 PID: 14461 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 310.895595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.905916] Call Trace: [ 310.908491] dump_stack+0x1b2/0x283 [ 310.912113] should_fail.cold+0x10a/0x154 [ 310.916259] should_failslab+0xd6/0x130 [ 310.920213] kmem_cache_alloc+0x28e/0x3c0 [ 310.924429] ceph_msg_new+0x31/0x370 [ 310.928124] msgpool_alloc+0x74/0xe0 [ 310.931818] ? msgpool_free+0x50/0x50 [ 310.935605] mempool_create_node+0x2bb/0x3d0 [ 310.939997] ceph_msgpool_init+0x8e/0x120 [ 310.944136] ceph_osdc_init+0x765/0xc30 [ 310.948098] ceph_create_client+0x26a/0x340 [ 310.952400] ceph_mount+0x4b9/0x181c [ 310.956098] ? __lockdep_init_map+0x100/0x560 [ 310.960576] ? __lockdep_init_map+0x100/0x560 [ 310.965054] mount_fs+0x92/0x2a0 [ 310.968403] vfs_kern_mount.part.0+0x5b/0x3c0 [ 310.972880] do_mount+0x3c9/0x25e0 [ 310.976505] ? copy_mount_string+0x40/0x40 [ 310.980726] ? __might_fault+0x177/0x1b0 [ 310.985464] ? _copy_from_user+0x94/0x100 [ 310.989595] ? memdup_user+0x54/0xa0 [ 310.993287] ? copy_mount_options+0x1ec/0x2e0 [ 310.997759] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.001626] SyS_mount+0xa8/0x120 [ 311.005059] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.008929] do_syscall_64+0x1d5/0x640 [ 311.012806] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 311.017975] RIP: 0033:0x45cb29 [ 311.021142] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 311.029184] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 311.036431] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:35 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:35 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 311.046996] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 311.054248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 311.061511] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:35 executing program 2 (fault-call:1 fault-nth:52): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 311.120391] binder: 14468:14469 ioctl c0306201 0 returned -14 [ 311.137273] FAULT_INJECTION: forcing a failure. [ 311.137273] name failslab, interval 1, probability 0, space 0, times 0 [ 311.149535] CPU: 1 PID: 14472 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 311.157518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.166872] Call Trace: [ 311.169464] dump_stack+0x1b2/0x283 [ 311.173102] should_fail.cold+0x10a/0x154 [ 311.177259] should_failslab+0xd6/0x130 [ 311.181237] __kmalloc+0x2c1/0x400 [ 311.184777] ? ceph_kvmalloc+0x2f/0x70 [ 311.188668] ceph_kvmalloc+0x2f/0x70 [ 311.192374] ceph_msg_new+0x293/0x370 [ 311.196159] msgpool_alloc+0x74/0xe0 [ 311.199854] ? msgpool_free+0x50/0x50 [ 311.203640] mempool_create_node+0x2bb/0x3d0 [ 311.208041] ceph_msgpool_init+0x8e/0x120 [ 311.212261] ceph_osdc_init+0x765/0xc30 [ 311.216799] ceph_create_client+0x26a/0x340 [ 311.221105] ceph_mount+0x4b9/0x181c [ 311.224807] ? __lockdep_init_map+0x100/0x560 [ 311.229305] ? __lockdep_init_map+0x100/0x560 [ 311.233791] mount_fs+0x92/0x2a0 [ 311.237147] vfs_kern_mount.part.0+0x5b/0x3c0 [ 311.241625] do_mount+0x3c9/0x25e0 [ 311.245159] ? copy_mount_string+0x40/0x40 [ 311.249379] ? __might_fault+0x177/0x1b0 [ 311.253435] ? _copy_from_user+0x94/0x100 [ 311.257582] ? memdup_user+0x54/0xa0 [ 311.261276] ? copy_mount_options+0x1ec/0x2e0 [ 311.265751] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.269618] SyS_mount+0xa8/0x120 [ 311.273058] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.276935] do_syscall_64+0x1d5/0x640 [ 311.280812] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 311.285980] RIP: 0033:0x45cb29 [ 311.289148] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 311.296839] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 311.304148] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 311.311398] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:35 executing program 2 (fault-call:1 fault-nth:53): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 311.318646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 311.325898] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 311.347558] libceph: connect [d::]:6789 error -101 [ 311.352579] libceph: mon0 [d::]:6789 connect error [ 311.358631] ceph: No mds server is up or the cluster is laggy [ 311.414112] FAULT_INJECTION: forcing a failure. [ 311.414112] name failslab, interval 1, probability 0, space 0, times 0 [ 311.425973] CPU: 1 PID: 14488 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 311.433863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.443211] Call Trace: [ 311.445794] dump_stack+0x1b2/0x283 [ 311.449415] should_fail.cold+0x10a/0x154 [ 311.453560] should_failslab+0xd6/0x130 [ 311.457529] kmem_cache_alloc+0x28e/0x3c0 [ 311.461681] ceph_msg_new+0x31/0x370 [ 311.465395] msgpool_alloc+0x74/0xe0 [ 311.469093] ? msgpool_free+0x50/0x50 [ 311.472885] mempool_create_node+0x2bb/0x3d0 [ 311.477302] ceph_msgpool_init+0x8e/0x120 [ 311.481453] ceph_osdc_init+0x765/0xc30 [ 311.485420] ceph_create_client+0x26a/0x340 [ 311.489801] ceph_mount+0x4b9/0x181c [ 311.493510] ? __lockdep_init_map+0x100/0x560 [ 311.497999] ? __lockdep_init_map+0x100/0x560 [ 311.502494] mount_fs+0x92/0x2a0 [ 311.505867] vfs_kern_mount.part.0+0x5b/0x3c0 [ 311.510351] do_mount+0x3c9/0x25e0 19:14:35 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 19:14:35 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 311.513888] ? copy_mount_string+0x40/0x40 [ 311.518116] ? __might_fault+0x177/0x1b0 [ 311.522173] ? _copy_from_user+0x94/0x100 [ 311.526322] ? memdup_user+0x54/0xa0 [ 311.530033] ? copy_mount_options+0x1ec/0x2e0 [ 311.534528] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.538415] SyS_mount+0xa8/0x120 [ 311.541854] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.545734] do_syscall_64+0x1d5/0x640 [ 311.549620] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 311.554801] RIP: 0033:0x45cb29 19:14:35 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 311.557982] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 311.565685] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 311.572950] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 311.580216] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 311.587481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 311.594748] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:35 executing program 2 (fault-call:1 fault-nth:54): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 311.616104] binder: 14491:14495 ioctl c0306201 20000200 returned -14 [ 311.637647] binder: 14489:14496 unknown command 0 [ 311.644949] binder: 14489:14496 ioctl c0306201 20000280 returned -22 [ 311.684852] FAULT_INJECTION: forcing a failure. [ 311.684852] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 311.696676] CPU: 1 PID: 14504 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 311.704555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.707998] binder: 14497:14506 unknown command 0 [ 311.713905] Call Trace: [ 311.713925] dump_stack+0x1b2/0x283 [ 311.713942] should_fail.cold+0x10a/0x154 [ 311.713957] __alloc_pages_nodemask+0x22b/0x2730 [ 311.713979] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 311.713989] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 311.713997] ? kmem_cache_alloc+0x124/0x3c0 [ 311.714007] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 311.714017] ? trace_hardirqs_on+0x10/0x10 [ 311.714030] ? SyS_mount+0xa8/0x120 [ 311.720795] binder: 14497:14506 ioctl c0306201 20000280 returned -22 [ 311.721431] ? ceph_osdc_init+0x765/0xc30 [ 311.770375] ? ceph_create_client+0x26a/0x340 [ 311.774850] ? ceph_mount+0x4b9/0x181c [ 311.778764] ? mount_fs+0x92/0x2a0 [ 311.782283] ? cache_alloc_refill+0x1e8/0x360 [ 311.786761] ? lock_acquire+0x170/0x3f0 [ 311.790713] cache_grow_begin+0x91/0x410 [ 311.794756] cache_alloc_refill+0x28c/0x360 [ 311.799059] __kmalloc+0x378/0x400 [ 311.802635] ? ceph_kvmalloc+0x2f/0x70 [ 311.806502] ceph_kvmalloc+0x2f/0x70 [ 311.810196] ceph_msg_new+0x293/0x370 [ 311.813984] msgpool_alloc+0x74/0xe0 [ 311.817681] ? msgpool_free+0x50/0x50 [ 311.821464] mempool_create_node+0x2bb/0x3d0 [ 311.825852] ceph_msgpool_init+0x8e/0x120 [ 311.829979] ceph_osdc_init+0x765/0xc30 [ 311.833945] ceph_create_client+0x26a/0x340 [ 311.838310] ceph_mount+0x4b9/0x181c [ 311.842008] ? __lockdep_init_map+0x100/0x560 [ 311.846483] ? __lockdep_init_map+0x100/0x560 [ 311.850957] mount_fs+0x92/0x2a0 [ 311.854315] vfs_kern_mount.part.0+0x5b/0x3c0 [ 311.858797] do_mount+0x3c9/0x25e0 [ 311.862320] ? copy_mount_string+0x40/0x40 [ 311.866534] ? __might_fault+0x177/0x1b0 [ 311.870583] ? _copy_from_user+0x94/0x100 [ 311.874719] ? memdup_user+0x54/0xa0 [ 311.878429] ? copy_mount_options+0x1ec/0x2e0 [ 311.883006] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.886880] SyS_mount+0xa8/0x120 [ 311.890310] ? copy_mnt_ns+0x8a0/0x8a0 [ 311.894185] do_syscall_64+0x1d5/0x640 [ 311.898067] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 311.903242] RIP: 0033:0x45cb29 [ 311.906423] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 311.914126] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 311.921380] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:35 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:14:35 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 311.928635] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 311.936318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 311.943574] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 311.969925] ceph: No mds server is up or the cluster is laggy [ 311.976430] libceph: connect [d::]:6789 error -101 [ 311.984542] libceph: mon0 [d::]:6789 connect error 19:14:35 executing program 2 (fault-call:1 fault-nth:55): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 312.014782] binder: 14513:14518 ioctl c0306201 0 returned -14 [ 312.045644] binder: 14510:14520 ioctl c0306201 0 returned -14 [ 312.054701] FAULT_INJECTION: forcing a failure. [ 312.054701] name failslab, interval 1, probability 0, space 0, times 0 [ 312.066706] CPU: 1 PID: 14521 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 312.074594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.083946] Call Trace: [ 312.086534] dump_stack+0x1b2/0x283 [ 312.090157] should_fail.cold+0x10a/0x154 [ 312.094291] should_failslab+0xd6/0x130 [ 312.098249] __kmalloc+0x2c1/0x400 [ 312.101771] ? ceph_kvmalloc+0x2f/0x70 [ 312.105655] ceph_kvmalloc+0x2f/0x70 [ 312.109416] ceph_msg_new+0x293/0x370 [ 312.113207] msgpool_alloc+0x74/0xe0 [ 312.116909] ? msgpool_free+0x50/0x50 [ 312.120688] mempool_create_node+0x2bb/0x3d0 [ 312.125090] ceph_msgpool_init+0x8e/0x120 [ 312.129237] ceph_osdc_init+0x765/0xc30 [ 312.133195] ceph_create_client+0x26a/0x340 [ 312.137505] ceph_mount+0x4b9/0x181c [ 312.141211] ? __lockdep_init_map+0x100/0x560 [ 312.145694] ? __lockdep_init_map+0x100/0x560 [ 312.150178] mount_fs+0x92/0x2a0 [ 312.153540] vfs_kern_mount.part.0+0x5b/0x3c0 [ 312.158018] do_mount+0x3c9/0x25e0 [ 312.161553] ? copy_mount_string+0x40/0x40 [ 312.165773] ? __might_fault+0x177/0x1b0 [ 312.169839] ? _copy_from_user+0x94/0x100 [ 312.173969] ? memdup_user+0x54/0xa0 [ 312.177681] ? copy_mount_options+0x1ec/0x2e0 [ 312.182160] ? copy_mnt_ns+0x8a0/0x8a0 [ 312.186040] SyS_mount+0xa8/0x120 [ 312.189486] ? copy_mnt_ns+0x8a0/0x8a0 [ 312.193363] do_syscall_64+0x1d5/0x640 [ 312.197243] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 312.202417] RIP: 0033:0x45cb29 [ 312.205596] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 312.213990] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 312.221245] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 312.228598] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 312.235848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 312.243108] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:36 executing program 2 (fault-call:1 fault-nth:56): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 312.264439] ceph: No mds server is up or the cluster is laggy [ 312.270707] libceph: connect [d::]:6789 error -101 [ 312.276039] libceph: mon0 [d::]:6789 connect error [ 312.325072] FAULT_INJECTION: forcing a failure. [ 312.325072] name failslab, interval 1, probability 0, space 0, times 0 [ 312.336612] CPU: 1 PID: 14533 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 312.344489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.353827] Call Trace: [ 312.356460] dump_stack+0x1b2/0x283 [ 312.360065] should_fail.cold+0x10a/0x154 [ 312.364240] should_failslab+0xd6/0x130 [ 312.368188] __kmalloc+0x2c1/0x400 [ 312.371712] ? ceph_kvmalloc+0x2f/0x70 [ 312.375586] ceph_kvmalloc+0x2f/0x70 [ 312.379283] ceph_msg_new+0x293/0x370 [ 312.383062] msgpool_alloc+0x74/0xe0 [ 312.386750] ? msgpool_free+0x50/0x50 [ 312.390527] mempool_create_node+0x2bb/0x3d0 [ 312.394924] ceph_msgpool_init+0x8e/0x120 [ 312.399057] ceph_osdc_init+0x765/0xc30 [ 312.403054] ceph_create_client+0x26a/0x340 [ 312.407370] ceph_mount+0x4b9/0x181c [ 312.411070] ? __lockdep_init_map+0x100/0x560 [ 312.415555] ? __lockdep_init_map+0x100/0x560 [ 312.420040] mount_fs+0x92/0x2a0 [ 312.423391] vfs_kern_mount.part.0+0x5b/0x3c0 [ 312.427865] do_mount+0x3c9/0x25e0 [ 312.431383] ? copy_mount_string+0x40/0x40 [ 312.435610] ? __might_fault+0x177/0x1b0 [ 312.439715] ? _copy_from_user+0x94/0x100 [ 312.443841] ? memdup_user+0x54/0xa0 [ 312.447528] ? copy_mount_options+0x1ec/0x2e0 [ 312.451995] ? copy_mnt_ns+0x8a0/0x8a0 [ 312.455867] SyS_mount+0xa8/0x120 [ 312.459317] ? copy_mnt_ns+0x8a0/0x8a0 [ 312.463184] do_syscall_64+0x1d5/0x640 [ 312.467052] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 312.472217] RIP: 0033:0x45cb29 19:14:36 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 312.475390] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 312.483087] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 312.490334] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 312.497613] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 312.504872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 312.512118] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:36 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 312.544251] binder: 14538:14539 ioctl c0306201 20000200 returned -14 [ 312.563663] libceph: connect [d::]:6789 error -101 [ 312.566004] ceph: No mds server is up or the cluster is laggy [ 312.579292] libceph: mon0 [d::]:6789 connect error 19:14:36 executing program 2 (fault-call:1 fault-nth:57): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 312.638539] binder: 14541:14552 unknown command 0 [ 312.648058] binder: 14541:14552 ioctl c0306201 20000280 returned -22 [ 312.667125] FAULT_INJECTION: forcing a failure. [ 312.667125] name failslab, interval 1, probability 0, space 0, times 0 [ 312.680414] binder: 14542:14555 unknown command 0 [ 312.682929] CPU: 0 PID: 14554 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 312.689095] binder: 14542:14555 ioctl c0306201 20000280 returned -22 [ 312.693140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.693145] Call Trace: [ 312.693164] dump_stack+0x1b2/0x283 [ 312.693181] should_fail.cold+0x10a/0x154 [ 312.693198] should_failslab+0xd6/0x130 [ 312.693211] kmem_cache_alloc+0x28e/0x3c0 [ 312.693226] ceph_msg_new+0x31/0x370 [ 312.693239] msgpool_alloc+0x74/0xe0 [ 312.693251] ? msgpool_free+0x50/0x50 [ 312.738640] mempool_create_node+0x2bb/0x3d0 [ 312.743046] ceph_msgpool_init+0x8e/0x120 [ 312.747196] ceph_osdc_init+0x765/0xc30 [ 312.751168] ceph_create_client+0x26a/0x340 [ 312.755476] ceph_mount+0x4b9/0x181c [ 312.759170] ? __lockdep_init_map+0x100/0x560 [ 312.763642] ? __lockdep_init_map+0x100/0x560 [ 312.768131] mount_fs+0x92/0x2a0 [ 312.771486] vfs_kern_mount.part.0+0x5b/0x3c0 [ 312.775974] do_mount+0x3c9/0x25e0 [ 312.779507] ? copy_mount_string+0x40/0x40 [ 312.783739] ? __might_fault+0x177/0x1b0 [ 312.787795] ? _copy_from_user+0x94/0x100 [ 312.791937] ? memdup_user+0x54/0xa0 [ 312.795631] ? copy_mount_options+0x1ec/0x2e0 [ 312.800106] ? copy_mnt_ns+0x8a0/0x8a0 [ 312.803975] SyS_mount+0xa8/0x120 [ 312.807415] ? copy_mnt_ns+0x8a0/0x8a0 [ 312.811300] do_syscall_64+0x1d5/0x640 [ 312.815198] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 312.820391] RIP: 0033:0x45cb29 [ 312.823575] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 312.831281] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:36 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:14:36 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 312.838554] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 312.845819] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 312.853085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 312.860348] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:36 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 312.885044] binder: 14563:14564 ioctl c0306201 0 returned -14 19:14:36 executing program 2 (fault-call:1 fault-nth:58): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:36 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 312.916987] binder: 14565:14566 ioctl c0306201 0 returned -14 [ 312.930877] binder: 14560:14567 ioctl c0306201 0 returned -14 [ 312.953284] FAULT_INJECTION: forcing a failure. [ 312.953284] name failslab, interval 1, probability 0, space 0, times 0 [ 312.964770] CPU: 1 PID: 14572 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 312.972652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.982002] Call Trace: [ 312.984593] dump_stack+0x1b2/0x283 [ 312.988227] should_fail.cold+0x10a/0x154 [ 312.992388] should_failslab+0xd6/0x130 [ 312.996366] kmem_cache_alloc+0x28e/0x3c0 [ 313.000516] ceph_msg_new+0x31/0x370 [ 313.004233] msgpool_alloc+0x74/0xe0 [ 313.007946] ? msgpool_free+0x50/0x50 [ 313.011739] mempool_create_node+0x2bb/0x3d0 [ 313.013679] binder: 14571:14573 ioctl c0306201 0 returned -14 [ 313.016141] ceph_msgpool_init+0x8e/0x120 [ 313.016156] ceph_osdc_init+0x765/0xc30 [ 313.016172] ceph_create_client+0x26a/0x340 [ 313.016185] ceph_mount+0x4b9/0x181c [ 313.016196] ? __lockdep_init_map+0x100/0x560 [ 313.042631] ? __lockdep_init_map+0x100/0x560 [ 313.047117] mount_fs+0x92/0x2a0 [ 313.050470] vfs_kern_mount.part.0+0x5b/0x3c0 [ 313.054946] do_mount+0x3c9/0x25e0 [ 313.058481] ? copy_mount_string+0x40/0x40 [ 313.062707] ? __might_fault+0x177/0x1b0 [ 313.066762] ? _copy_from_user+0x94/0x100 [ 313.070896] ? memdup_user+0x54/0xa0 [ 313.074631] ? copy_mount_options+0x1ec/0x2e0 [ 313.079103] ? copy_mnt_ns+0x8a0/0x8a0 [ 313.082982] SyS_mount+0xa8/0x120 [ 313.086426] ? copy_mnt_ns+0x8a0/0x8a0 [ 313.090301] do_syscall_64+0x1d5/0x640 [ 313.094173] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 313.099340] RIP: 0033:0x45cb29 [ 313.102564] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 313.110250] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:37 executing program 1: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 313.117495] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 313.124834] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 313.132144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 313.139397] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:37 executing program 2 (fault-call:1 fault-nth:59): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:37 executing program 1: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 313.173934] binder: 14577:14578 ioctl c0306201 0 returned -14 [ 313.221898] binder: 14582:14583 ioctl c0306201 0 returned -14 [ 313.239865] FAULT_INJECTION: forcing a failure. [ 313.239865] name failslab, interval 1, probability 0, space 0, times 0 [ 313.263158] CPU: 1 PID: 14584 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 313.271065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.280416] Call Trace: [ 313.282994] dump_stack+0x1b2/0x283 [ 313.286606] should_fail.cold+0x10a/0x154 [ 313.290755] should_failslab+0xd6/0x130 [ 313.294714] kmem_cache_alloc+0x28e/0x3c0 [ 313.298843] ceph_msg_new+0x31/0x370 [ 313.302537] msgpool_alloc+0x74/0xe0 [ 313.306230] ? msgpool_free+0x50/0x50 [ 313.310009] mempool_create_node+0x2bb/0x3d0 [ 313.314399] ceph_msgpool_init+0x8e/0x120 [ 313.318530] ceph_osdc_init+0x765/0xc30 [ 313.322483] ceph_create_client+0x26a/0x340 [ 313.326797] ceph_mount+0x4b9/0x181c [ 313.330488] ? __lockdep_init_map+0x100/0x560 [ 313.334963] ? __lockdep_init_map+0x100/0x560 [ 313.339439] mount_fs+0x92/0x2a0 [ 313.342790] vfs_kern_mount.part.0+0x5b/0x3c0 [ 313.347264] do_mount+0x3c9/0x25e0 [ 313.350783] ? copy_mount_string+0x40/0x40 [ 313.354995] ? __might_fault+0x177/0x1b0 [ 313.359034] ? _copy_from_user+0x94/0x100 [ 313.363161] ? memdup_user+0x54/0xa0 [ 313.366854] ? copy_mount_options+0x1ec/0x2e0 [ 313.371326] ? copy_mnt_ns+0x8a0/0x8a0 [ 313.375191] SyS_mount+0xa8/0x120 [ 313.378620] ? copy_mnt_ns+0x8a0/0x8a0 [ 313.382485] do_syscall_64+0x1d5/0x640 [ 313.386355] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 313.391523] RIP: 0033:0x45cb29 [ 313.394689] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 313.402375] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 313.409622] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:37 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 19:14:37 executing program 1: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:37 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:37 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 313.416870] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 313.424115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 313.431882] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 313.504629] binder: 14590:14595 ioctl c0306201 0 returned -14 [ 313.510966] binder: 14593:14597 ioctl c0306201 20000200 returned -14 [ 313.568137] binder: 14591:14602 unknown command 0 [ 313.573409] binder: 14594:14603 unknown command 0 [ 313.574426] binder: 14591:14602 ioctl c0306201 20000280 returned -22 [ 313.593976] binder: 14594:14603 ioctl c0306201 20000280 returned -22 19:14:37 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) 19:14:37 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:37 executing program 2 (fault-call:1 fault-nth:60): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 313.693435] FAULT_INJECTION: forcing a failure. [ 313.693435] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 313.695759] binder: 14609:14611 ioctl c0306201 0 returned -14 [ 313.705255] CPU: 0 PID: 14607 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 313.705262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.705265] Call Trace: [ 313.705285] dump_stack+0x1b2/0x283 [ 313.705298] should_fail.cold+0x10a/0x154 [ 313.705313] __alloc_pages_nodemask+0x22b/0x2730 [ 313.705336] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 313.705347] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 313.705355] ? kmem_cache_alloc+0x124/0x3c0 [ 313.705365] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 313.705377] ? trace_hardirqs_on+0x10/0x10 [ 313.705384] ? SyS_mount+0xa8/0x120 [ 313.769339] ? ceph_osdc_init+0x765/0xc30 [ 313.773468] ? cache_alloc_refill+0x310/0x360 [ 313.777947] cache_grow_begin+0x91/0x410 [ 313.781988] cache_alloc_refill+0x28c/0x360 [ 313.786290] __kmalloc+0x378/0x400 [ 313.789808] ? ceph_kvmalloc+0x2f/0x70 [ 313.793676] ceph_kvmalloc+0x2f/0x70 [ 313.797371] ceph_msg_new+0x293/0x370 [ 313.801155] msgpool_alloc+0x74/0xe0 [ 313.804846] ? msgpool_free+0x50/0x50 [ 313.808625] mempool_create_node+0x2bb/0x3d0 [ 313.813031] ceph_msgpool_init+0x8e/0x120 [ 313.817156] ceph_osdc_init+0x765/0xc30 [ 313.821109] ceph_create_client+0x26a/0x340 [ 313.825409] ceph_mount+0x4b9/0x181c [ 313.829102] ? __lockdep_init_map+0x100/0x560 [ 313.833574] ? __lockdep_init_map+0x100/0x560 [ 313.838050] mount_fs+0x92/0x2a0 [ 313.841402] vfs_kern_mount.part.0+0x5b/0x3c0 [ 313.845878] do_mount+0x3c9/0x25e0 [ 313.849401] ? copy_mount_string+0x40/0x40 [ 313.853616] ? __might_fault+0x177/0x1b0 [ 313.857654] ? _copy_from_user+0x94/0x100 [ 313.861779] ? memdup_user+0x54/0xa0 [ 313.865471] ? copy_mount_options+0x1ec/0x2e0 [ 313.869953] ? copy_mnt_ns+0x8a0/0x8a0 [ 313.873818] SyS_mount+0xa8/0x120 [ 313.877248] ? copy_mnt_ns+0x8a0/0x8a0 [ 313.881114] do_syscall_64+0x1d5/0x640 [ 313.884983] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 313.890150] RIP: 0033:0x45cb29 19:14:37 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 313.893316] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 313.901000] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 313.908245] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 313.915491] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 313.922739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 313.929988] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:37 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 313.954216] binder: 14608:14613 ioctl c0306201 0 returned -14 [ 313.956310] binder: 14614:14616 ioctl c0306201 0 returned -14 [ 313.973946] libceph: connect [d::]:6789 error -101 [ 313.979246] libceph: mon0 [d::]:6789 connect error [ 314.002390] ceph: No mds server is up or the cluster is laggy 19:14:37 executing program 2 (fault-call:1 fault-nth:61): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:37 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 314.042713] binder: 14621:14625 ioctl c0306201 0 returned -14 [ 314.069510] FAULT_INJECTION: forcing a failure. [ 314.069510] name failslab, interval 1, probability 0, space 0, times 0 [ 314.085229] CPU: 0 PID: 14627 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 314.093125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.102476] Call Trace: [ 314.105069] dump_stack+0x1b2/0x283 [ 314.108701] should_fail.cold+0x10a/0x154 [ 314.113814] should_failslab+0xd6/0x130 [ 314.117791] kmem_cache_alloc+0x28e/0x3c0 [ 314.121941] ceph_msg_new+0x31/0x370 [ 314.125659] msgpool_alloc+0x74/0xe0 [ 314.129372] ? msgpool_free+0x50/0x50 [ 314.133170] mempool_create_node+0x2bb/0x3d0 [ 314.137583] ceph_msgpool_init+0x8e/0x120 19:14:38 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 314.141730] ceph_osdc_init+0x765/0xc30 [ 314.145696] ceph_create_client+0x26a/0x340 [ 314.150016] ceph_mount+0x4b9/0x181c [ 314.153725] ? __lockdep_init_map+0x100/0x560 [ 314.158218] ? __lockdep_init_map+0x100/0x560 [ 314.162712] mount_fs+0x92/0x2a0 [ 314.166094] vfs_kern_mount.part.0+0x5b/0x3c0 [ 314.170595] do_mount+0x3c9/0x25e0 [ 314.174139] ? copy_mount_string+0x40/0x40 [ 314.178805] ? __might_fault+0x177/0x1b0 [ 314.182869] ? _copy_from_user+0x94/0x100 [ 314.187021] ? memdup_user+0x54/0xa0 [ 314.190733] ? copy_mount_options+0x1ec/0x2e0 [ 314.195218] ? copy_mnt_ns+0x8a0/0x8a0 [ 314.199097] SyS_mount+0xa8/0x120 [ 314.202367] binder: 14635:14638 ioctl c0306201 0 returned -14 [ 314.202544] ? copy_mnt_ns+0x8a0/0x8a0 [ 314.202559] do_syscall_64+0x1d5/0x640 [ 314.202576] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 314.202584] RIP: 0033:0x45cb29 [ 314.202590] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 314.202599] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:38 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) 19:14:38 executing program 2 (fault-call:1 fault-nth:62): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:38 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 314.202607] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 314.210162] binder: 14635:14638 ioctl c0306201 0 returned -14 [ 314.212363] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 314.212369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 314.212375] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:38 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 314.357179] FAULT_INJECTION: forcing a failure. [ 314.357179] name failslab, interval 1, probability 0, space 0, times 0 [ 314.372219] binder: 14644:14649 ioctl c0306201 0 returned -14 [ 314.374125] CPU: 1 PID: 14645 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 314.384153] binder: 14644:14649 ioctl c0306201 0 returned -14 [ 314.385995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.385999] Call Trace: [ 314.386017] dump_stack+0x1b2/0x283 [ 314.386032] should_fail.cold+0x10a/0x154 [ 314.411526] should_failslab+0xd6/0x130 [ 314.415483] __kmalloc+0x2c1/0x400 [ 314.419003] ? ceph_kvmalloc+0x2f/0x70 [ 314.422872] ceph_kvmalloc+0x2f/0x70 [ 314.426564] ceph_msg_new+0x293/0x370 [ 314.430366] msgpool_alloc+0x74/0xe0 [ 314.434058] ? msgpool_free+0x50/0x50 [ 314.437838] mempool_create_node+0x2bb/0x3d0 [ 314.442231] ceph_msgpool_init+0x8e/0x120 [ 314.446362] ceph_osdc_init+0x7a5/0xc30 [ 314.450316] ceph_create_client+0x26a/0x340 [ 314.454629] ceph_mount+0x4b9/0x181c [ 314.458320] ? __lockdep_init_map+0x100/0x560 [ 314.462797] ? __lockdep_init_map+0x100/0x560 [ 314.467269] mount_fs+0x92/0x2a0 [ 314.470615] vfs_kern_mount.part.0+0x5b/0x3c0 [ 314.475090] do_mount+0x3c9/0x25e0 [ 314.478621] ? copy_mount_string+0x40/0x40 [ 314.482845] ? __might_fault+0x177/0x1b0 [ 314.486884] ? _copy_from_user+0x94/0x100 [ 314.491020] ? memdup_user+0x54/0xa0 [ 314.494711] ? copy_mount_options+0x1ec/0x2e0 [ 314.499180] ? copy_mnt_ns+0x8a0/0x8a0 [ 314.503046] SyS_mount+0xa8/0x120 [ 314.506476] ? copy_mnt_ns+0x8a0/0x8a0 [ 314.510346] do_syscall_64+0x1d5/0x640 [ 314.514220] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 314.519386] RIP: 0033:0x45cb29 [ 314.522584] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 314.530279] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 314.537537] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 314.544783] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:38 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:14:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:38 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 314.552028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 314.559285] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 314.572695] binder: 14646:14651 ioctl c0306201 20000200 returned -14 [ 314.578270] binder: 14647:14654 unknown command 0 [ 314.597808] binder: 14647:14654 ioctl c0306201 20000280 returned -22 19:14:38 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 314.637715] binder: 14660:14662 ioctl c0306201 0 returned -14 [ 314.645569] binder: 14660:14662 ioctl c0306201 0 returned -14 [ 314.680876] binder: 14657:14666 unknown command 0 [ 314.689402] binder: 14657:14666 ioctl c0306201 20000280 returned -22 [ 314.700652] libceph: connect [d::]:6789 error -101 [ 314.706713] libceph: mon0 [d::]:6789 connect error [ 314.713671] binder: 14659:14672 ioctl c0306201 20000280 returned -14 [ 314.721840] binder: 14668:14674 ioctl c0306201 0 returned -14 19:14:38 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x4, 0x0, &(0x7f0000000100)="4fa72a9c"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 314.724005] ceph: No mds server is up or the cluster is laggy [ 314.729281] binder: 14668:14674 ioctl c0306201 0 returned -14 19:14:38 executing program 2 (fault-call:1 fault-nth:63): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 314.779685] binder: 14678:14679 ioctl c0306201 0 returned -14 [ 314.819113] FAULT_INJECTION: forcing a failure. [ 314.819113] name failslab, interval 1, probability 0, space 0, times 0 [ 314.834353] CPU: 1 PID: 14684 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 314.842247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.851593] Call Trace: [ 314.854180] dump_stack+0x1b2/0x283 [ 314.857802] should_fail.cold+0x10a/0x154 [ 314.861951] should_failslab+0xd6/0x130 [ 314.865907] kmem_cache_alloc_node_trace+0x25a/0x400 [ 314.870995] ? msgpool_free+0x50/0x50 [ 314.874777] mempool_create_node+0x76/0x3d0 [ 314.879078] ? ceph_con_workfn.cold+0x256/0x256 [ 314.883735] ceph_msgpool_init+0x8e/0x120 [ 314.887872] ceph_osdc_init+0x7a5/0xc30 [ 314.891834] ceph_create_client+0x26a/0x340 [ 314.896147] ceph_mount+0x4b9/0x181c [ 314.899847] ? __lockdep_init_map+0x100/0x560 [ 314.904333] ? __lockdep_init_map+0x100/0x560 [ 314.908902] mount_fs+0x92/0x2a0 [ 314.912249] vfs_kern_mount.part.0+0x5b/0x3c0 [ 314.917767] do_mount+0x3c9/0x25e0 [ 314.921297] ? copy_mount_string+0x40/0x40 [ 314.925518] ? __might_fault+0x177/0x1b0 [ 314.929568] ? _copy_from_user+0x94/0x100 [ 314.933705] ? memdup_user+0x54/0xa0 [ 314.937405] ? copy_mount_options+0x1ec/0x2e0 [ 314.941881] ? copy_mnt_ns+0x8a0/0x8a0 [ 314.945754] SyS_mount+0xa8/0x120 [ 314.949192] ? copy_mnt_ns+0x8a0/0x8a0 [ 314.953074] do_syscall_64+0x1d5/0x640 [ 314.956956] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 314.962133] RIP: 0033:0x45cb29 [ 314.965299] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 314.972991] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:38 executing program 2 (fault-call:1 fault-nth:64): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 314.980250] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 314.987516] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 314.994776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 315.002032] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 315.067057] FAULT_INJECTION: forcing a failure. [ 315.067057] name failslab, interval 1, probability 0, space 0, times 0 [ 315.078863] CPU: 1 PID: 14689 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 315.086740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.096075] Call Trace: [ 315.098649] dump_stack+0x1b2/0x283 [ 315.102259] should_fail.cold+0x10a/0x154 [ 315.106396] should_failslab+0xd6/0x130 [ 315.110415] __kmalloc+0x2c1/0x400 [ 315.113941] ? ceph_kvmalloc+0x2f/0x70 [ 315.117814] ceph_kvmalloc+0x2f/0x70 [ 315.121506] ceph_msg_new+0x293/0x370 [ 315.125285] msgpool_alloc+0x74/0xe0 [ 315.128980] ? msgpool_free+0x50/0x50 [ 315.132766] mempool_create_node+0x2bb/0x3d0 [ 315.137222] ceph_msgpool_init+0x8e/0x120 [ 315.141364] ceph_osdc_init+0x765/0xc30 [ 315.145327] ceph_create_client+0x26a/0x340 [ 315.149627] ceph_mount+0x4b9/0x181c [ 315.153585] ? __lockdep_init_map+0x100/0x560 [ 315.158068] ? __lockdep_init_map+0x100/0x560 [ 315.162802] mount_fs+0x92/0x2a0 [ 315.166165] vfs_kern_mount.part.0+0x5b/0x3c0 [ 315.170660] do_mount+0x3c9/0x25e0 [ 315.174197] ? copy_mount_string+0x40/0x40 [ 315.178416] ? __might_fault+0x177/0x1b0 [ 315.182453] ? _copy_from_user+0x94/0x100 [ 315.186580] ? memdup_user+0x54/0xa0 [ 315.190269] ? copy_mount_options+0x1ec/0x2e0 [ 315.194753] ? copy_mnt_ns+0x8a0/0x8a0 [ 315.198625] SyS_mount+0xa8/0x120 [ 315.202056] ? copy_mnt_ns+0x8a0/0x8a0 [ 315.205967] do_syscall_64+0x1d5/0x640 [ 315.209835] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 315.214999] RIP: 0033:0x45cb29 19:14:39 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 315.218163] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 315.225854] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 315.233110] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 315.240378] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 315.247628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 315.254879] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:39 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) [ 315.286791] libceph: connect [d::]:6789 error -101 [ 315.300099] libceph: mon0 [d::]:6789 connect error [ 315.300121] ceph: No mds server is up or the cluster is laggy 19:14:39 executing program 2 (fault-call:1 fault-nth:65): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 315.333921] binder: 14697:14700 ioctl c0306201 20000200 returned -14 [ 315.342035] binder: 14694:14703 unknown command 0 [ 315.359799] binder: 14694:14703 ioctl c0306201 20000280 returned -22 [ 315.371768] FAULT_INJECTION: forcing a failure. [ 315.371768] name failslab, interval 1, probability 0, space 0, times 0 [ 315.384962] CPU: 1 PID: 14706 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 315.392859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.402208] Call Trace: [ 315.404799] dump_stack+0x1b2/0x283 [ 315.408432] should_fail.cold+0x10a/0x154 [ 315.412586] should_failslab+0xd6/0x130 [ 315.416564] kmem_cache_alloc+0x28e/0x3c0 [ 315.420716] ceph_msg_new+0x31/0x370 [ 315.424438] msgpool_alloc+0x74/0xe0 [ 315.428148] ? msgpool_free+0x50/0x50 [ 315.431944] mempool_create_node+0x2bb/0x3d0 19:14:39 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) [ 315.436354] ceph_msgpool_init+0x8e/0x120 [ 315.440502] ceph_osdc_init+0x7a5/0xc30 [ 315.444477] ceph_create_client+0x26a/0x340 [ 315.448802] ceph_mount+0x4b9/0x181c [ 315.452517] ? __lockdep_init_map+0x100/0x560 [ 315.457011] ? __lockdep_init_map+0x100/0x560 [ 315.461495] mount_fs+0x92/0x2a0 [ 315.464858] vfs_kern_mount.part.0+0x5b/0x3c0 [ 315.469350] do_mount+0x3c9/0x25e0 [ 315.472875] ? copy_mount_string+0x40/0x40 [ 315.477085] ? __might_fault+0x177/0x1b0 [ 315.481128] ? _copy_from_user+0x94/0x100 [ 315.485260] ? memdup_user+0x54/0xa0 [ 315.488958] ? copy_mount_options+0x1ec/0x2e0 [ 315.493430] ? copy_mnt_ns+0x8a0/0x8a0 [ 315.497295] SyS_mount+0xa8/0x120 [ 315.500723] ? copy_mnt_ns+0x8a0/0x8a0 [ 315.504595] do_syscall_64+0x1d5/0x640 [ 315.507582] binder: 14713:14715 unknown command 25344 [ 315.508481] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 315.508490] RIP: 0033:0x45cb29 [ 315.508498] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 [ 315.513806] binder: 14713:14715 ioctl c0306201 20000280 returned -22 19:14:39 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:14:39 executing program 1 (fault-call:8 fault-nth:0): r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:39 executing program 2 (fault-call:1 fault-nth:66): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 315.518836] ORIG_RAX: 00000000000000a5 [ 315.518842] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 315.518847] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 315.518853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 315.518858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 315.518864] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 315.606398] binder: 14719:14720 ioctl c0306201 0 returned -14 [ 315.614798] binder: 14719:14720 ioctl c0306201 0 returned -14 [ 315.621288] binder: 14717:14722 ioctl c0306201 20000280 returned -14 [ 315.629858] FAULT_INJECTION: forcing a failure. [ 315.629858] name failslab, interval 1, probability 0, space 0, times 0 [ 315.643477] CPU: 1 PID: 14720 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 315.651374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.660726] Call Trace: [ 315.663318] dump_stack+0x1b2/0x283 [ 315.666958] should_fail.cold+0x10a/0x154 [ 315.671115] should_failslab+0xd6/0x130 [ 315.675093] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 315.679856] binder_new_node+0x4e/0x6d0 [ 315.683895] binder_ioctl+0x8c8/0xeeb [ 315.687703] ? binder_ioctl_write_read.isra.0+0x710/0x710 [ 315.691317] FAULT_INJECTION: forcing a failure. [ 315.691317] name failslab, interval 1, probability 0, space 0, times 0 [ 315.693291] ? fsnotify+0x897/0x1110 [ 315.693312] ? binder_ioctl_write_read.isra.0+0x710/0x710 [ 315.693322] do_vfs_ioctl+0x75a/0xfe0 [ 315.693367] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 315.723127] ? ioctl_preallocate+0x1a0/0x1a0 [ 315.727584] ? security_file_ioctl+0x76/0xb0 [ 315.731977] ? security_file_ioctl+0x83/0xb0 [ 315.736366] SyS_ioctl+0x7f/0xb0 [ 315.739715] ? do_vfs_ioctl+0xfe0/0xfe0 [ 315.743677] do_syscall_64+0x1d5/0x640 [ 315.747557] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 315.752728] RIP: 0033:0x45cb29 [ 315.755900] RSP: 002b:00007fde9a552c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.763690] RAX: ffffffffffffffda RBX: 00000000004e1d20 RCX: 000000000045cb29 [ 315.770945] RDX: 0000000000000000 RSI: 0000000040046207 RDI: 0000000000000003 [ 315.778202] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 315.785463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 315.792734] R13: 000000000000021b R14: 00000000004c4719 R15: 00007fde9a5536d4 [ 315.800001] CPU: 0 PID: 14724 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 315.801619] binder: 14719:14720 ioctl 40046207 0 returned -12 [ 315.807879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.807883] Call Trace: [ 315.807902] dump_stack+0x1b2/0x283 [ 315.807919] should_fail.cold+0x10a/0x154 [ 315.807934] should_failslab+0xd6/0x130 [ 315.807944] __kmalloc+0x2c1/0x400 [ 315.807955] ? ceph_kvmalloc+0x2f/0x70 [ 315.844817] ceph_kvmalloc+0x2f/0x70 [ 315.848534] ceph_msg_new+0x293/0x370 [ 315.852339] msgpool_alloc+0x74/0xe0 19:14:39 executing program 1 (fault-call:8 fault-nth:1): r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 315.856050] ? msgpool_free+0x50/0x50 [ 315.859845] mempool_create_node+0x2bb/0x3d0 [ 315.864252] ceph_msgpool_init+0x8e/0x120 [ 315.868399] ceph_osdc_init+0x765/0xc30 [ 315.868845] binder: 14733:14734 ioctl c0306201 0 returned -14 [ 315.872373] ceph_create_client+0x26a/0x340 [ 315.872386] ceph_mount+0x4b9/0x181c [ 315.872398] ? __lockdep_init_map+0x100/0x560 [ 315.880322] binder: 14733:14734 ioctl c0306201 0 returned -14 [ 315.882571] ? __lockdep_init_map+0x100/0x560 [ 315.882585] mount_fs+0x92/0x2a0 19:14:39 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, 0x0, 0x0) write(r4, &(0x7f0000000040)="f5ba01d90bd47123bf24dd4f5d41c4682ab6206f3670892ab8b34e3faf1c4b95ce898bd18275fdd9caf632eb52d5e55901238f902ff1c7e3f881c6960a45be3e6292bf7f36e8b872402f2ff2da21f2ca15ba91464be08b195256cde3b9b66bae131438931a5055fba566596f3c94ebd5f77bc21bf041746eeddf819e3c37e31fb99a38554e4d1493c6efea93cf6d9e77ac7c740285c06fca16427b227b0d7ca664866c7d689f4c4658a07035fc8db9ada6aacd699028c209d6700b4a5603e207567368d03ce9ef381e313f9cd4155a17edf7a0d81c8ab57ef875b2b91ff3cce322b9201e", 0xe4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r1, r6) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x218500, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) [ 315.882599] vfs_kern_mount.part.0+0x5b/0x3c0 [ 315.882610] do_mount+0x3c9/0x25e0 [ 315.882623] ? copy_mount_string+0x40/0x40 [ 315.916694] ? __might_fault+0x177/0x1b0 [ 315.920757] ? _copy_from_user+0x94/0x100 [ 315.924908] ? memdup_user+0x54/0xa0 [ 315.928620] ? copy_mount_options+0x1ec/0x2e0 [ 315.933116] ? copy_mnt_ns+0x8a0/0x8a0 [ 315.936724] binder: 14735:14737 ioctl c0306201 0 returned -14 [ 315.937001] SyS_mount+0xa8/0x120 [ 315.937011] ? copy_mnt_ns+0x8a0/0x8a0 [ 315.950199] do_syscall_64+0x1d5/0x640 [ 315.954092] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 315.959276] RIP: 0033:0x45cb29 [ 315.962460] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 315.970157] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 315.977408] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 315.984655] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 315.991904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 315.999154] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:39 executing program 2 (fault-call:1 fault-nth:67): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 316.007762] binder: 14735:14739 ioctl c0306201 0 returned -14 [ 316.026266] ceph: No mds server is up or the cluster is laggy [ 316.032653] libceph: connect [d::]:6789 error -101 [ 316.037667] libceph: mon0 [d::]:6789 connect error [ 316.120436] FAULT_INJECTION: forcing a failure. [ 316.120436] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 316.134175] CPU: 1 PID: 14750 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 316.142061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.151424] Call Trace: [ 316.154026] dump_stack+0x1b2/0x283 [ 316.157660] should_fail.cold+0x10a/0x154 [ 316.161800] __alloc_pages_nodemask+0x22b/0x2730 [ 316.166543] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 316.171016] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 316.175490] ? kmem_cache_alloc+0x124/0x3c0 [ 316.179789] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 316.184611] ? trace_hardirqs_on+0x10/0x10 [ 316.188843] ? SyS_mount+0xa8/0x120 [ 316.193412] ? ceph_osdc_init+0x765/0xc30 [ 316.197540] ? cache_alloc_refill+0x310/0x360 [ 316.202016] cache_grow_begin+0x91/0x410 [ 316.206074] cache_alloc_refill+0x28c/0x360 [ 316.210379] __kmalloc+0x378/0x400 [ 316.213902] ? ceph_kvmalloc+0x2f/0x70 [ 316.217864] ceph_kvmalloc+0x2f/0x70 [ 316.221563] ceph_msg_new+0x293/0x370 [ 316.225349] msgpool_alloc+0x74/0xe0 [ 316.232789] ? msgpool_free+0x50/0x50 [ 316.236565] mempool_create_node+0x2bb/0x3d0 [ 316.240958] ceph_msgpool_init+0x8e/0x120 [ 316.245086] ceph_osdc_init+0x765/0xc30 [ 316.249059] ceph_create_client+0x26a/0x340 [ 316.253377] ceph_mount+0x4b9/0x181c [ 316.257077] ? __lockdep_init_map+0x100/0x560 [ 316.261552] ? __lockdep_init_map+0x100/0x560 [ 316.266031] mount_fs+0x92/0x2a0 [ 316.269381] vfs_kern_mount.part.0+0x5b/0x3c0 [ 316.273856] do_mount+0x3c9/0x25e0 [ 316.277375] ? copy_mount_string+0x40/0x40 [ 316.281586] ? __might_fault+0x177/0x1b0 [ 316.285646] ? _copy_from_user+0x94/0x100 [ 316.289772] ? memdup_user+0x54/0xa0 [ 316.293464] ? copy_mount_options+0x1ec/0x2e0 [ 316.297934] ? copy_mnt_ns+0x8a0/0x8a0 [ 316.301813] SyS_mount+0xa8/0x120 [ 316.305257] ? copy_mnt_ns+0x8a0/0x8a0 [ 316.309137] do_syscall_64+0x1d5/0x640 [ 316.313009] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 316.318192] RIP: 0033:0x45cb29 19:14:40 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) 19:14:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:14:40 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 316.321358] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 316.329042] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 316.336287] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 316.343533] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 316.350789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 316.358036] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:40 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) futex$FUTEX_WAIT_MULTIPLE(&(0x7f0000001e00)=[{&(0x7f00000000c0), 0x1}, {&(0x7f0000000100)=0x2, 0x2}, {&(0x7f0000000140)=0x2, 0x2}, {&(0x7f00000001c0)}, {&(0x7f0000000200)=0x2, 0x2}, {&(0x7f0000000240)=0x2, 0x2}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=0x1}, {&(0x7f0000000300), 0x2}, {&(0x7f0000000340)}, {&(0x7f0000000380), 0x2}, {&(0x7f00000003c0)}, {&(0x7f0000000400)=0x1, 0x2}, {&(0x7f0000000440)=0x2}, {&(0x7f0000000480)=0x2, 0x2}, {&(0x7f00000004c0)=0x1, 0x2}, {&(0x7f0000000500)=0x2}, {&(0x7f0000000540)}, {0xfffffffffffffffd, 0x2}, {&(0x7f0000000580)=0x2, 0x2}, {&(0x7f00000005c0)=0x1, 0x1}, {&(0x7f0000000600)=0x44e, 0x2}, {&(0x7f0000000640)=0x2}, {&(0x7f0000000680), 0x2}, {&(0x7f00000006c0)=0x2, 0x1}, {&(0x7f0000000700)}, {&(0x7f0000000740)=0x1, 0x2}, {&(0x7f0000000780)=0x2, 0x2}, {&(0x7f00000007c0)=0x2}, {&(0x7f0000000800)}, {&(0x7f0000000840)=0x1, 0x2}, {&(0x7f0000000880)=0x1, 0x1}, {&(0x7f00000008c0)=0x1}, {&(0x7f0000000900)=0x1}, {&(0x7f0000000940)=0x1, 0x1}, {&(0x7f0000000980)=0x2}, {&(0x7f00000009c0), 0x1}, {&(0x7f0000000a00)=0x1}, {&(0x7f0000000a40)=0x2, 0x2}, {&(0x7f0000000a80)=0x1}, {&(0x7f0000000ac0)}, {&(0x7f0000000b00)=0x1, 0x1}, {&(0x7f0000000b40)=0x1}, {&(0x7f0000000b80)=0x2, 0x2}, {&(0x7f0000000bc0)=0x1, 0x2}, {&(0x7f0000000c00)=0x1}, {&(0x7f0000000c40)=0x2, 0x2}, {&(0x7f0000000c80)=0x1, 0x1}, {&(0x7f0000000cc0)=0x2, 0x2}, {&(0x7f0000000d00)=0x1, 0x2}, {&(0x7f0000000d40)=0x2, 0x1}, {&(0x7f0000000d80)=0x1, 0x1}, {&(0x7f0000000dc0), 0x2}, {&(0x7f0000000e00)}, {&(0x7f0000000e40)=0x2, 0x1}, {&(0x7f0000000e80)=0x8000, 0x2}, {&(0x7f0000000ec0)=0x2, 0x2}, {&(0x7f0000000f00)=0x2}, {&(0x7f0000000f40), 0x2}, {&(0x7f0000000f80)=0x2, 0x2}, {&(0x7f0000000fc0)=0x2, 0x1}, {&(0x7f0000001000)=0x2, 0x2}, {&(0x7f0000001040)}, {&(0x7f0000001080)=0x2, 0x2}, {&(0x7f00000010c0), 0x1}, {&(0x7f0000001100)=0x1}, {&(0x7f0000001140)}, {&(0x7f0000001180)=0x1, 0x1}, {&(0x7f00000011c0), 0x1}, {&(0x7f0000001200), 0x1}, {&(0x7f0000001240)=0x1, 0x2}, {&(0x7f0000001280)=0x1}, {&(0x7f00000012c0)}, {&(0x7f0000001300)=0x1}, {&(0x7f0000001340)}, {&(0x7f0000001380), 0x1}, {&(0x7f00000013c0)=0x2}, {&(0x7f0000001400)=0x2, 0x2}, {&(0x7f0000001440)}, {&(0x7f0000001480)=0x2, 0x1}, {&(0x7f00000014c0), 0x2}, {&(0x7f0000001500)=0x1}, {&(0x7f0000001540)=0x2}, {&(0x7f0000001580), 0x2}, {&(0x7f00000015c0)=0x2, 0x1}, {&(0x7f0000001600)=0x1, 0x1}, {&(0x7f0000001640)}, {&(0x7f0000001680)}, {&(0x7f00000016c0)}, {&(0x7f0000001700)}, {&(0x7f0000001740)=0x1, 0x2}, {&(0x7f0000001780)=0x2, 0x2}, {&(0x7f00000017c0)=0x1, 0x1}, {&(0x7f0000001800)=0x1, 0x2}, {&(0x7f0000001840)=0x2}, {&(0x7f0000001880), 0x1}, {&(0x7f00000018c0)=0x1, 0x1}, {&(0x7f0000001900)=0x1, 0x1}, {&(0x7f0000001940)=0x2, 0x2}, {&(0x7f0000001980)=0x2, 0x1}, {&(0x7f00000019c0)=0x1, 0x1}, {&(0x7f0000001a00), 0x1}, {&(0x7f0000001a40), 0x1}, {&(0x7f0000001a80), 0x2}, {&(0x7f0000001ac0)=0x1, 0x2}, {&(0x7f0000001b00)=0x1}, {&(0x7f0000001b40)}, {&(0x7f0000001b80)}, {&(0x7f0000001bc0)=0x1, 0x1}, {&(0x7f0000001c00)}, {&(0x7f0000001c40), 0x2}, {&(0x7f0000001c80)=0x1, 0x2}, {&(0x7f0000001cc0)=0x1}, {&(0x7f0000001d00)}, {&(0x7f0000001d40)=0x2, 0x2}, {&(0x7f0000001d80), 0x2}, {&(0x7f0000001dc0)=0x2, 0x1}], 0xd, 0x75, &(0x7f0000002580)={0x0, 0x989680}, 0x0, 0x0) r3 = syz_open_dev$mouse(&(0x7f00000025c0)='/dev/input/mouse#\x00', 0x6, 0x440802) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000640)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r4, &(0x7f00000031c0)={0x0, 0x0, &(0x7f0000003180)={&(0x7f0000000080)={0x68, r5, 0x5, 0x0, 0x0, {{}, {0x0, 0x4107}, {0x4c, 0x18, {0x0, @media='udp\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f00000026c0)={&(0x7f0000002600)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000002680)={&(0x7f0000002640)={0x1c, r5, 0x1, 0x70bd26, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44884}, 0xc4) write(0xffffffffffffffff, &(0x7f0000000040)="e8e1653dabab8545da9a14eb7a75f667cd2e5553ee00d9a4b922fe45a6c936bde20baf6ad0db5566103eee9bba33f5fb96323839c6eb654b28c97fe8d92a544347e0e5cb3730", 0x46) r6 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) [ 316.393024] binder: 14749:14755 unknown command 0 [ 316.409071] binder: 14756:14759 ioctl c0306201 20000200 returned -14 [ 316.423752] binder: 14749:14755 ioctl c0306201 20000280 returned -22 19:14:40 executing program 1: r0 = syz_open_dev$binderN(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e20, @multicast1}], 0x10) r4 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$invalidate(0x15, r4) keyctl$invalidate(0x15, r4) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, r4) r5 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) [ 316.456614] libceph: connect [d::]:6789 error -101 [ 316.460866] binder: 14763:14768 ioctl c0306201 0 returned -14 [ 316.461769] libceph: mon0 [d::]:6789 connect error [ 316.480390] binder: 14757:14770 unknown command 25344 [ 316.488358] binder: 14763:14768 ioctl c0306201 0 returned -14 [ 316.490502] binder: 14757:14770 ioctl c0306201 20000280 returned -22 19:14:40 executing program 2 (fault-call:1 fault-nth:68): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:40 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$BINDER_SET_MAX_THREADS(r6, 0x40046205, &(0x7f00000000c0)=0x7fffffff) connect$caif(r3, &(0x7f0000000040)=@util={0x25, "3241e1f9298cf36c21634ace00"}, 0x9) r7 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 316.515728] ceph: No mds server is up or the cluster is laggy [ 316.521721] binder: 14762:14772 ioctl c0306201 20000280 returned -14 [ 316.539973] binder: 14773:14776 ioctl c0306201 0 returned -14 [ 316.553445] binder: 14773:14776 ioctl c0306201 0 returned -14 [ 316.597187] binder: 14780:14782 ioctl c0306201 0 returned -14 [ 316.608498] FAULT_INJECTION: forcing a failure. [ 316.608498] name failslab, interval 1, probability 0, space 0, times 0 [ 316.621089] CPU: 1 PID: 14783 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 316.628977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.638331] Call Trace: [ 316.640928] dump_stack+0x1b2/0x283 [ 316.644564] should_fail.cold+0x10a/0x154 [ 316.648721] should_failslab+0xd6/0x130 [ 316.652694] __kmalloc+0x2c1/0x400 [ 316.653959] binder: 14780:14782 ioctl c0306201 0 returned -14 [ 316.656223] ? ceph_kvmalloc+0x2f/0x70 [ 316.656236] ceph_kvmalloc+0x2f/0x70 [ 316.656249] ceph_msg_new+0x293/0x370 [ 316.673477] msgpool_alloc+0x74/0xe0 [ 316.677185] ? msgpool_free+0x50/0x50 [ 316.680969] ? msgpool_free+0x50/0x50 [ 316.684750] mempool_create_node+0x2bb/0x3d0 [ 316.689151] ceph_msgpool_init+0x8e/0x120 [ 316.693284] ceph_osdc_init+0x7a5/0xc30 [ 316.697238] ceph_create_client+0x26a/0x340 [ 316.701539] ceph_mount+0x4b9/0x181c [ 316.705230] ? __lockdep_init_map+0x100/0x560 [ 316.709700] ? __lockdep_init_map+0x100/0x560 [ 316.714174] mount_fs+0x92/0x2a0 [ 316.717519] vfs_kern_mount.part.0+0x5b/0x3c0 [ 316.721992] do_mount+0x3c9/0x25e0 [ 316.725523] ? copy_mount_string+0x40/0x40 [ 316.729736] ? __might_fault+0x177/0x1b0 [ 316.733774] ? _copy_from_user+0x94/0x100 [ 316.737900] ? memdup_user+0x54/0xa0 [ 316.741590] ? copy_mount_options+0x1ec/0x2e0 [ 316.746062] ? copy_mnt_ns+0x8a0/0x8a0 [ 316.749927] SyS_mount+0xa8/0x120 [ 316.753412] ? copy_mnt_ns+0x8a0/0x8a0 [ 316.757282] do_syscall_64+0x1d5/0x640 [ 316.761151] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 316.766318] RIP: 0033:0x45cb29 [ 316.769488] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 316.777189] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 316.784444] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:40 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000040)) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 316.791691] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 316.798938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 316.806182] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 316.819328] libceph: connect [d::]:6789 error -101 [ 316.824550] libceph: mon0 [d::]:6789 connect error 19:14:40 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f00000000c0)) ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000040)={0x3, 0x1, 0x4, 0x0, 0x6, {0x0, 0x2710}, {0x1, 0xc, 0xff, 0x97, 0x9, 0x18}, 0xffff, 0x3, @fd=r3, 0x3, 0x0, r3}) open_by_handle_at(r4, &(0x7f00000001c0)={0xdb, 0x40, "3a3c9ed0683b4238cfe7c66dc61f35c0b57a872d00e716ba9ca46611f8dd56e8d3ad2047b9791e1837b008687d96b031f366aa993be7b9aacd4cf153127ad3a2ca2f0b45f91ecaecf67a077d37cdb286d485d74cd7707bbe1a90820da707a159f351f5d8462c3f61c04844ecd70ed7e80460d791000a15d75884911c9ea599a93f60e771207ff7d0eeb7530ef9f7c931aa63a59d14191a1f763a8e6345cf593999aaf52695bdf3a287d311c591caae130db26c9b572351c51dc4a5c586946d95d433fd2f5a80151d71c4d74df6e5fb399a4c1a"}, 0x460242) r5 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r6 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = dup2(r6, r5) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r9, 0x40046207, 0x0) 19:14:40 executing program 2 (fault-call:1 fault-nth:69): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 316.843930] binder: 14791:14792 ioctl c0306201 0 returned -14 [ 316.850739] ceph: No mds server is up or the cluster is laggy [ 316.859815] binder: 14791:14792 ioctl c0306201 0 returned -14 [ 316.867699] binder: 14791:14792 ioctl 81009431 20000040 returned -22 19:14:40 executing program 1: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) lsetxattr$trusted_overlay_origin(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$dsp(r4, &(0x7f00000001c0)="960431749cd7b914211135ca1b997c5d0b19db117a7e4e23f835de8acfdac8f61bc7475ae2552232fe3e6ed8007d77e67130135631ef09f83efed10d44acea619628c4dcfac8840078f5f964e68ed3f105f13de6326fe422260046ba025e0ece42c5bd7ea3e67d0e001444cf9b4f36d75ff5b759f5640ccbc2639a9091a290ff", 0x80) r5 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = dup2(0xffffffffffffffff, r3) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x400000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 316.976320] FAULT_INJECTION: forcing a failure. [ 316.976320] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 316.988592] CPU: 1 PID: 14807 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 316.996474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.005827] Call Trace: [ 317.008420] dump_stack+0x1b2/0x283 [ 317.012053] should_fail.cold+0x10a/0x154 [ 317.016209] __alloc_pages_nodemask+0x22b/0x2730 [ 317.020979] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 317.025480] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 317.029982] ? kmem_cache_alloc+0x124/0x3c0 [ 317.034310] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 317.039153] ? trace_hardirqs_on+0x10/0x10 [ 317.043399] ? SyS_mount+0xa8/0x120 [ 317.047028] ? ceph_osdc_init+0x7a5/0xc30 [ 317.051175] ? ceph_create_client+0x26a/0x340 [ 317.055671] ? ceph_mount+0x4b9/0x181c [ 317.059552] ? mount_fs+0x92/0x2a0 [ 317.063081] ? vfs_kern_mount.part.0+0x5b/0x3c0 [ 317.067735] ? do_mount+0x3c9/0x25e0 [ 317.071431] ? SyS_mount+0xa8/0x120 [ 317.075048] ? do_syscall_64+0x1d5/0x640 [ 317.079096] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 317.084557] cache_grow_begin+0x91/0x410 [ 317.088615] cache_alloc_refill+0x28c/0x360 [ 317.090330] binder: 14803:14814 unknown command 25344 [ 317.092935] __kmalloc+0x378/0x400 [ 317.092945] ? ceph_kvmalloc+0x2f/0x70 [ 317.092956] ceph_kvmalloc+0x2f/0x70 [ 317.092967] ceph_msg_new+0x293/0x370 [ 317.092978] msgpool_alloc+0x74/0xe0 [ 317.092987] ? msgpool_free+0x50/0x50 [ 317.092995] ? msgpool_free+0x50/0x50 [ 317.093005] mempool_create_node+0x2bb/0x3d0 [ 317.093019] ceph_msgpool_init+0x8e/0x120 [ 317.093031] ceph_osdc_init+0x7a5/0xc30 [ 317.093044] ceph_create_client+0x26a/0x340 [ 317.101757] binder: 14803:14814 ioctl c0306201 20000280 returned -22 [ 317.105636] ceph_mount+0x4b9/0x181c [ 317.105646] ? __lockdep_init_map+0x100/0x560 [ 317.105654] ? __lockdep_init_map+0x100/0x560 [ 317.105667] mount_fs+0x92/0x2a0 [ 317.105681] vfs_kern_mount.part.0+0x5b/0x3c0 [ 317.105692] do_mount+0x3c9/0x25e0 [ 317.105707] ? copy_mount_string+0x40/0x40 [ 317.175834] ? __might_fault+0x177/0x1b0 [ 317.179877] ? _copy_from_user+0x94/0x100 [ 317.184013] ? memdup_user+0x54/0xa0 [ 317.187723] ? copy_mount_options+0x1ec/0x2e0 [ 317.192195] ? copy_mnt_ns+0x8a0/0x8a0 [ 317.196079] SyS_mount+0xa8/0x120 [ 317.199518] ? copy_mnt_ns+0x8a0/0x8a0 [ 317.203403] do_syscall_64+0x1d5/0x640 [ 317.207307] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 317.212486] RIP: 0033:0x45cb29 [ 317.215651] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:41 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:14:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:14:41 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:14:41 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x280182, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x2000, 0x0) write$P9_RREAD(r3, &(0x7f0000000440)={0xfd, 0x75, 0x1, {0xf2, "d5437c8d783ea6f148900134e024b0ba68e8132df05f9a88dcd54815a4f4eac02d5a4886a4c6c8f430de54602c026802214ee298c5db302ac2651a8ef44362a38328d0d704732b19a4266ee7465e566f0d107270d9f9e5ad549a12f9becde04ff6d0a65c9620b6389004b29df9c437e08a1c379780751b61d34643dec319ae15298f0b7fb3973902dddf8b74dd1c1cb394e84b6c7df978915b0b3bada8fc24ff4e8aee438bf94db44eb71d5f0bba42fc0e0a94d1801c0f818958d422a4f2215a0e2d19e7617a8da561629a4565d7eb48dfa475bb07a9b90000a2e32235518d46290960405548145e6eeb43d7d8491c1df26e"}}, 0xfd) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) sendmsg$IPSET_CMD_TYPE(r8, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="740000000d0601d6cb288ff0fdf5e200030000010593201230ad615fe2000300686173683a6e65742c706f727400000005000500050000003200010007000000050005000c0000001400030068612fe90573683a69702c706f72742c6970000d000300686173683a6d61630000000005000100070000004e8bce82ebb5b25e07366aa188cc4077849c3c8603b03fdf5d48721cde0b713db3b9331be85b1a456fd852de2afd6f68c4993038160a0bad42a304c0bee6b3cbba7dfcfec412a133fba4968e0bb7896b9d9ed1d3419914002217032682bfbc7c0a4643e9cd2e68b2d5aa0953618b3037356f6173a493027a8cab19c896825cae2db2c56b6c47ecacae721fc342c9eb7540e29a621285b06611bcc46cd4c871ea49569f1333611e83cc1453ec712067e9b759c4b1b2e470bbfe3806bbcd77a3"], 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x0) r9 = dup2(r4, r0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, 0x0) [ 317.223341] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 317.230594] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 317.237852] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 317.245121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 317.252381] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:41 executing program 2 (fault-call:1 fault-nth:70): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 317.313456] libceph: connect [d::]:6789 error -101 [ 317.318649] libceph: mon0 [d::]:6789 connect error [ 317.335312] ceph: No mds server is up or the cluster is laggy [ 317.341958] binder: 14818:14825 ioctl c0306201 20000200 returned -14 19:14:41 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r2, 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, 0x0, 0x0) syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x1, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4001ff) accept$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @default}, [@netrom, @remote, @bcast, @default, @null, @null]}, &(0x7f0000000140)=0x48) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) r6 = dup2(r5, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) [ 317.400407] binder: 14820:14834 unknown command 25344 [ 317.403875] binder: 14822:14833 unknown command 0 [ 317.415871] binder: 14820:14834 ioctl c0306201 20000280 returned -22 [ 317.424976] binder: 14822:14833 ioctl c0306201 20000280 returned -22 [ 317.439399] FAULT_INJECTION: forcing a failure. [ 317.439399] name failslab, interval 1, probability 0, space 0, times 0 [ 317.443324] binder: 14837:14840 ioctl c0306201 0 returned -14 [ 317.450909] CPU: 1 PID: 14838 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 317.464406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.473756] Call Trace: [ 317.476338] dump_stack+0x1b2/0x283 [ 317.479950] should_fail.cold+0x10a/0x154 [ 317.484082] should_failslab+0xd6/0x130 [ 317.488036] __kmalloc+0x2c1/0x400 [ 317.491555] ? ceph_kvmalloc+0x2f/0x70 [ 317.495423] ceph_kvmalloc+0x2f/0x70 [ 317.499117] ceph_msg_new+0x293/0x370 [ 317.502895] msgpool_alloc+0x74/0xe0 [ 317.506587] ? msgpool_free+0x50/0x50 [ 317.510371] mempool_create_node+0x2bb/0x3d0 [ 317.514776] ceph_msgpool_init+0x8e/0x120 [ 317.518905] ceph_osdc_init+0x7a5/0xc30 [ 317.523866] ceph_create_client+0x26a/0x340 [ 317.528166] ceph_mount+0x4b9/0x181c [ 317.531857] ? __lockdep_init_map+0x100/0x560 [ 317.536330] ? __lockdep_init_map+0x100/0x560 [ 317.541240] mount_fs+0x92/0x2a0 [ 317.544586] vfs_kern_mount.part.0+0x5b/0x3c0 [ 317.549109] do_mount+0x3c9/0x25e0 [ 317.552627] ? copy_mount_string+0x40/0x40 [ 317.556884] ? __might_fault+0x177/0x1b0 [ 317.560934] ? _copy_from_user+0x94/0x100 [ 317.565096] ? memdup_user+0x54/0xa0 [ 317.568785] ? copy_mount_options+0x1ec/0x2e0 [ 317.573258] ? copy_mnt_ns+0x8a0/0x8a0 [ 317.577121] SyS_mount+0xa8/0x120 [ 317.580551] ? copy_mnt_ns+0x8a0/0x8a0 [ 317.584415] do_syscall_64+0x1d5/0x640 [ 317.588283] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 317.593448] RIP: 0033:0x45cb29 [ 317.596613] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 317.604298] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 317.611549] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 317.618804] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 317.626052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 317.633300] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:41 executing program 2 (fault-call:1 fault-nth:71): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 317.656828] libceph: connect [d::]:6789 error -101 [ 317.662038] libceph: mon0 [d::]:6789 connect error [ 317.667517] ceph: No mds server is up or the cluster is laggy 19:14:41 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r4, 0x40184150, &(0x7f0000000100)={0x0, &(0x7f0000000040)="b26c343735b80106aa7f0dc85dee70458d69050563d03dbf108626396241a1ba23aae906198d0531e350d0f19e536f2d8f360996dca52564f127035c3f053707b86dc746698f5531d350afe379f5998be95b7a42f50e9a3af09b5a5b15c6ebf46215fbd8900756c29e3dde331759b53f53ecdcf0b23436297ca83249b3e84a3875d9bb26a3572c65fca9bbd001a2d2d24bf41123afbd623d0316ec3a4c5e2aeff230a98768dd5025c7b8df8da8cdaf4b7a69b7f3107dd9", 0xb7}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000000140)={0x87, @private=0xa010101, 0x4e22, 0x3, 'lblc\x00', 0x0, 0x1f, 0x20}, 0x2c) [ 317.720916] FAULT_INJECTION: forcing a failure. [ 317.720916] name failslab, interval 1, probability 0, space 0, times 0 [ 317.739933] CPU: 0 PID: 14852 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 317.749744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.759366] Call Trace: [ 317.761963] dump_stack+0x1b2/0x283 [ 317.765607] should_fail.cold+0x10a/0x154 [ 317.769766] should_failslab+0xd6/0x130 [ 317.773748] kmem_cache_alloc+0x28e/0x3c0 [ 317.776242] binder: 14853:14855 ioctl c0306201 0 returned -14 [ 317.777898] ceph_msg_new+0x31/0x370 [ 317.777914] msgpool_alloc+0x74/0xe0 [ 317.777925] ? msgpool_free+0x50/0x50 [ 317.777935] mempool_create_node+0x2bb/0x3d0 [ 317.777949] ceph_msgpool_init+0x8e/0x120 [ 317.777962] ceph_osdc_init+0x7a5/0xc30 [ 317.802034] binder: 14853:14855 ioctl c0306201 0 returned -14 [ 317.803548] ceph_create_client+0x26a/0x340 [ 317.803562] ceph_mount+0x4b9/0x181c 19:14:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r0) io_setup(0x20, &(0x7f00000001c0)=0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1}]) r2 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'ip6_vti0\x00', 0x100}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'lo\x00', 0x1}) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r7 = dup2(r6, r6) chmod(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r5, r2) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0) [ 317.803573] ? __lockdep_init_map+0x100/0x560 [ 317.803583] ? __lockdep_init_map+0x100/0x560 [ 317.803597] mount_fs+0x92/0x2a0 [ 317.803612] vfs_kern_mount.part.0+0x5b/0x3c0 [ 317.803624] do_mount+0x3c9/0x25e0 [ 317.809186] binder: 14853:14855 ioctl 40184150 20000100 returned -22 [ 317.813460] ? copy_mount_string+0x40/0x40 [ 317.813470] ? __might_fault+0x177/0x1b0 [ 317.813483] ? _copy_from_user+0x94/0x100 [ 317.813496] ? memdup_user+0x54/0xa0 [ 317.813504] ? copy_mount_options+0x1ec/0x2e0 19:14:41 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 317.813511] ? copy_mnt_ns+0x8a0/0x8a0 [ 317.813521] SyS_mount+0xa8/0x120 [ 317.813528] ? copy_mnt_ns+0x8a0/0x8a0 [ 317.813540] do_syscall_64+0x1d5/0x640 [ 317.813555] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 317.889141] RIP: 0033:0x45cb29 [ 317.892325] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 317.900030] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 317.907299] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 317.914565] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:41 executing program 2 (fault-call:1 fault-nth:72): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 317.921831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 317.929096] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 317.939249] device ip6_vti0 entered promiscuous mode [ 317.953876] binder: 14857:14859 ioctl c0306201 0 returned -14 [ 317.961485] binder: 14857:14859 ioctl c0306201 0 returned -14 [ 318.006938] binder: 14861:14869 unknown command 25344 [ 318.015738] FAULT_INJECTION: forcing a failure. [ 318.015738] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 318.027557] CPU: 0 PID: 14870 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 318.028736] binder: 14861:14869 ioctl c0306201 20000280 returned -22 [ 318.035428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.035433] Call Trace: [ 318.035459] dump_stack+0x1b2/0x283 [ 318.035477] should_fail.cold+0x10a/0x154 [ 318.035492] __alloc_pages_nodemask+0x22b/0x2730 [ 318.035514] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 318.070823] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 318.075295] ? kmem_cache_alloc+0x124/0x3c0 [ 318.079641] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 318.084474] ? trace_hardirqs_on+0x10/0x10 [ 318.088695] ? SyS_mount+0xa8/0x120 [ 318.092316] ? ceph_osdc_init+0x7a5/0xc30 [ 318.096452] ? cache_alloc_refill+0x310/0x360 [ 318.100933] ? lock_acquire+0x170/0x3f0 19:14:42 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 318.104891] cache_grow_begin+0x91/0x410 [ 318.108933] cache_alloc_refill+0x28c/0x360 [ 318.113249] __kmalloc+0x378/0x400 [ 318.116782] ? ceph_kvmalloc+0x2f/0x70 [ 318.120667] ceph_kvmalloc+0x2f/0x70 [ 318.124382] ceph_msg_new+0x293/0x370 [ 318.128187] msgpool_alloc+0x74/0xe0 [ 318.131898] ? msgpool_free+0x50/0x50 [ 318.135695] mempool_create_node+0x2bb/0x3d0 [ 318.140108] ceph_msgpool_init+0x8e/0x120 [ 318.144257] ceph_osdc_init+0x7a5/0xc30 [ 318.148236] ceph_create_client+0x26a/0x340 [ 318.152558] ceph_mount+0x4b9/0x181c 19:14:42 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) [ 318.156267] ? __lockdep_init_map+0x100/0x560 [ 318.160760] ? __lockdep_init_map+0x100/0x560 [ 318.165253] mount_fs+0x92/0x2a0 [ 318.168623] vfs_kern_mount.part.0+0x5b/0x3c0 [ 318.173120] do_mount+0x3c9/0x25e0 [ 318.176668] ? copy_mount_string+0x40/0x40 [ 318.180897] ? __might_fault+0x177/0x1b0 [ 318.184944] ? _copy_from_user+0x94/0x100 [ 318.189076] ? memdup_user+0x54/0xa0 [ 318.192774] ? copy_mount_options+0x1ec/0x2e0 [ 318.197246] ? copy_mnt_ns+0x8a0/0x8a0 [ 318.201124] SyS_mount+0xa8/0x120 [ 318.204557] ? copy_mnt_ns+0x8a0/0x8a0 [ 318.208432] do_syscall_64+0x1d5/0x640 [ 318.212322] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 318.217495] RIP: 0033:0x45cb29 [ 318.220671] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 318.222320] binder: 14876:14878 unknown command 0 [ 318.228361] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 318.228367] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 318.228372] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) 19:14:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r2, 0x0, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, 0x0, 0x0) sendto$phonet(r3, &(0x7f00000021c0)="25de3a77d958048cd11b7212121e241ef807ae9950e379d2128f099b250fa2bb8654d5040c2b5c61e13367edb799a9554d7bf4607e82510e108aacb40b5fa9877e1fef5bf65e9bae4a884e822b7317a3664b712272ce4638d5adc387b83725a78e2ac9d42e0cde5423ced3e2fae9eb4a724b52a2730f23ca7aa630ee497ed1c2a2aa89a619bf9c49acbbb35713a3556c4f730b4ee1637db5416e88d17b53fb89f047df38d49550a13b61c574e3c5ad3786d223bea894b30862fe85ce37ee5f232630a791f536481103f3fbac92fde34e263a7808d23e188eb48f27a81a9a8d3123c6ab87da297f16f6cb2d3f99cdeccdcf1e831e7e0fba3f60f3d211dbca6137e44ec0f58e318dfc3bed7d31e92c0be846e995c3342f9a98331bb45a4b08926af9e5ee8c0e9485618b8fcc7805d3a738e992d7c31dc9d89f75d1e1a4e0d3eda0fbb3fa0cb11d62a8a68432c3531d90c2c5155bacb656b61965a0c7175fcd1b8be6942324e7785757ea91f1ac3ce937a3c84ae43fa88c7aec35705369ad12ecd9672933e820c3bc9d0a7dbded373d412166968abb8c5e7146bb13ffe2f51a8b0943f56c2637ac9fb81aeb9e2eafbfb596dceecbef6befb435b98feafcd326f76b195a53cbf9ef593cbbc7121ec42096abc1847736d3154daa0e044376c9d1f3f4868568c4f84f0ec23293021688bd18996e61228b60d834fe8b721a4a7c34a5eed834f26f82a9cc12a8babf3abb2b8d17119dd2c6fb151de5178e83ea7f81060443b321ad371dc693d867c1cf2391b0480968108a77729d85258837e41e59ecdf1ec69800e8a7c0752a968e6d9925446ac45621ea3275daa1bb1d9536c1f290b6a1ff8c3405bbe28834d7b2d93584eb1492952e7307604b69e6f32c16bcdea4bef89e4ef16b04ee5c209c5e0a02566739555b89b26b71d1cc27b731c94de1c4c04055f2811a270dbcce09962a560cbef255b518dff47ee47566de725665d46644c1a6c2fafc4944d8038c72e4e5bf7169b76bfcc6db1cb9d3e3ebb55c9d95e338555e2a90f5705ffa65c15b571a1e3d436792d34a2775054f31ba647d6a834608e14d9af721b079705f51e6fd102a6b2cc0fcf39b0336b12f112e89f7281a4eb347b92fc7fc432620d9123b15e863d02d3ebcbcf3ec50ac7a23ff10db69b1c2d40eb5f0ebb4f788935053c7d0b10b27bcfda2e41710a2e72068fca76a38fb5c28b9844bb01bc072158e394e7f63ccdad69f36c3c1649f5316a3e831fde2c7efe5f981213d088dc2d6f8b36c31ea63178d50cf616bbb43a4642d01413eddf0f763ed4f683bcfcd1a77505a7a84e6dda489d59c02a9d7d10000000021f6f77197a58778d9ff574cd5cf06578aaf409c772f8ea5e56a867636794856f51ff7d298d993eb541c8997bac450a1d9ed99deb74acfe01ab6ef67b61a0d64a45171a6288038d4b80bf6c72e1f3ad0e9143c1f1923f7ac3d05e6d6e633ff4a4dba240796848714c7ed8a5c736df6234d4d17bec62337beef02dd4aee35251d8804e6db5757b2a780b443fa12de0d25169898824a3035314050c3e9f514056b9d430457f9fff0ef1167c0dcb590dbffff0000000000008b4a46c538a689a41224ce016ad01e8ac1e4fade2a332b7d64b7558f930ff84e0a0b98afa512e85e30988a8bd6433554e8d049137bb9cefabc6fdb63225abbb90e399bb1aa6ed695e6913c767794458962d10864ba59744a0f6f567ae3862a3ab5ece160a2b5bcc3326e478ee55a70cddd97506e75d35616a661f8765f0bed341d9dc08e5b63e27b816b26cff89fc16134defc238524a38ffa5d30987e3650b3ad8adb3c95fead274ee8a363dbc9b9a6394f2aaeeabf722f337996714def84daa20a44305758ac7feae3fbf71c81624ee4733c4454f78174a323241ebfe986f2a82a4849449972a3801cde8b2b7ecf2862003d595566ec69ae6e7084bafbe48b159e720cc6be65205f7ee3795a27f553478aec597f9bdf270c31d1980fda46b5d04a8aa5572b8d3f210652671ead3ef5c0903838633b26014996b29340d73800e1ecfb9c22caa226a8d6bf4a134004bf545b24bffd0fe365f408514e337c4c2335a8b8d0fd5d7c0c501e6ac87fac5bf2f46f2379ae702f6459aba573ab402e48529413d9005757e53ee96dc2f83c9d586d8da8d2b43cf606510473e67494a26a39061f6e7f1b4599876cf5d51ff610500bf960aa43ed895c67eb60d2f280af232daf85a3f741b5912605116f043844a16439c40880f8329919c99b45c6fd9b193d4c2a5652b99bd2e6494ba55793a292e870586884148287e0a0360282d7bbd50e39e770599fb3a68db604f40bcec3d1167211df02e90cb2371d4506b01916f8309178217f9c24e30ee888294ab75bfaf9ca5d69b37d4226d8a451839c4fee8eb9a9854c3eced96a06a18fb28330e9a0c0bda18b784a0106bb6de92d119f8b4b858d02ad630f33b2665fd970d8f560470260dce44d6115d29ce52e621689b7f4a299810bd8df08b9ef30eedac79410785cce4de1d4bcc733486143297c0776380a17fc7e679acd327dc998b970d766abcff35f94b98e8a9b146af22010d5e3f1b1aeae1c6d755cd0ea4c46d19fcf18ff92a282dbba9da2ad088511ffa421d6042fbf9da78402635969766893e5875fd0f73a6faf7af548953016e1cadba7474f1cc4aded66323bd070830411cc3b7ef42439e8d130cbcee720242751e490a965db5aa26838ae69f696331561881367fb6c6cd6cc190010c70732074813d1a904244114a2022620c242b72f7c016c77518ff702dbb22b3887d876254aae67bbfe3e32ca674add6a60849ee6445407f3d2d572e78149433740e338f7e94a1faa30928d05330fdba137d8ee4c4c10557f7784dad2e546fee0524fa2c32eb20094f164576a6fac76e36f0a08ab576a81c7cb942ed6fa8e4b00c23bce18cc35bcfa9b5387c35df1359bddba7e3371cc6bc7d761d4275d8d9cd9b57b90bff111ce186a94a57c83331282e1977548093c417a4392d89251e47a09b55ddc5ddd2888f298d717a8efcabf8fcf0225ec00c1ebf852487c6ef0daef8ea3bcd055f6927b5faba4a9dddf12e55df5ed31932b8a28310e9fa06323616a4882bf3178db5e242ca54796c32885b4d2f61152d85fdcb56391747daa99b784ad016378b9b154bd41868a76685b7b66d2c53ddd6a31187139d1705012cc51568fa27dc9a5975d6b0023644e93661d6e2646286c6242a0a51aa3fbeff6b8b151027adb2971e99bfee338200a2711b31f69e6f3df55475e9ba054af05e2e2baad7d9eddf436bdf7f5cc4c5896dc3a0ac1fe6721153ff1c19604fdfc2f6b11bf070737c2e8e14afb84606a71e2dfff3c9556c9e6696a868521467538e2875040fb45cb42da9fc410b27a845a8e57faebb2ad867ff696cdb48e33c18b37ab627d555ba33af446fcd6a4dda901f699dc6637c079ef02a1f5c6aa7bf24e2785977db493657bfe31384d612c60ce3c47e726c5c4b1f928c45d63bdf524dfb7453d1ece4a030df21db30623048056226b11cbf3551d84678a85ecd3b265bf724899274a4ef2ea652e4ec1c2d7142c12b84a7abb4c26d5932b2eabc5676c903a1bac662e362d7930b5751349aa3fe50f92f8dfd21445310aa67356134f723023e5da3ceca6425c192903af1a99df87796d2dbf250d013dc4388ac4eac8a2be4017267d4201e29f19fe89106cc7968a01637bed613ee0260f34f19f7afce54444c725fe1de7a66ca9971d871913aacca25133c7236a4fd3ee320945d87e0eb33189e546eb74e95597c2cc8aae2a86484f949d97193215226d6613689d7c3e7d2854277940ec3b09aff3b3c3df140f97caabb9a900952adbc3076d79c7a4be38608d2b622f7a218d5605ece65556cc3b88a610fcad9d4c28f9f3de9fff764cfdc41246015a9611eeda5d1c014c7e560f9d515a7e843f3b247e90b977f3d076b48f351ab5c23e0c574e6e8952d76bae025363a06139244780518f912b77db1ebc90a8497d8cd377beeabbfb30979adae9987f60410eb2e41fc74b4275e8ec092f9946bf834fc88bcbe25b96f6c40e2cf152a63594a4882a4f025b9f2f2a10c28681ba14cdf0db190a97f8d0f082b21def6c557b446703db86c1f0f6b8276ec3b0af850ce144c1474309ab2aff1224d7a58f6c93a6455296fe948884628eac26b6b46053a49f51f5fd04b76197c808ee215d2891bcd00ad2a4743679d509544df11f1aebb4eecbd8057a871820f44cff4d905b78dd10b5fa182424b97b1917e203e7ea24665851d7416ff5c9827ca9774397a1797dc1d4851390cf24c77c3ecc7e9434cf0f12e9ba3955b6dd1ba3539eb2fc775cdf797338351bacd24747fb4b664890816eab3c313a9d0596b52ff7314027a1743cd2aa57de4870a8cee2fd594c3131a6ab8f019c494e160c044cfc181ce7e4c17bd0759d1ef611075b5d309e670cff0d63cad2025b04776ee9d969f6d2187a99e6e1350c23b00a4ee33ff5e340d5469267ebaa60f4b0c49f105207f63d1edc4531ef45fe0c7c946f14c7b5e317bcb5e9d5a827f2affd1d98f129253628192f4eb4e37f770431f556db94ad4c32e98226aea476767c3c92bd93e8b321ef4353e20f1f3e9fc63884cdf09e02ff3fd675a26452f90a91daf0ae68a59f60319784823d996d7445a7825d67ffbb26a097be1ab969fcdd3507439204db8cd697294edecfa53dc57e41c330a5bf628cff3f28da8b5a9b018f3a0892289d1437d40d598d2e0cf8652b2d7ca4962b7cf5f6536ea2ced2e498313c6572f54d390df79e8bb02beacb251ada088dffd5c2b1a852019a83baddccec8d8063dec60c33f1cbac604688125354ea95a3e5c5f826867b62f726b959f3f7dfac3be67d1ade7bc03688a119d0c9273ff23988fc5b368f83dd6094f97a11e167128b3422f4a636bdf24a8e5ed276f50a9d4dc302ecacb8e32dfc3e90fc890efd02e5d98eb19db98864c78eb27ffd376d334ae501ac63d175503426d06781a9716283df1575a78e9c6a1ce7b7e9f79e195f523d14cc561492eb29218e8e6a78fc081a266feddd83c8297aeac33ca1526b81189b58287ef5b21502cc9a7d4240065ae324f1bfaf1c5bb806ea4054b325b3f484ab3f7f171ebe31bfe580e439d420f7fe203fa3bf8c97cdeb64a258f82900612cee331ab8a22b6e9bc315a5057ad1b82331537474ad1faee114f7f212e8985fc7abda12737c824c1b0c83ba4cf159814ad2ddf6394e28ef9ecad011383c68887a1de4d7670fad67e117a2b61a173e4cf7868415771e744459310a979907f26f6ee865c15bb235ca561460602e7a6d7986262df8bec5327d13de749c203a194ce625ce71f272001accb3381274adfc0c439cecf7ea81adba81236ccf73fe3de1774a94f98c6444863fc40eaa98f5bcb2517c634bf56f44e0a00ca106939c6d53e4aed4bc1fc606efd71f613ab8dee42814014e7a18c2489424210a39437bc4d34b8127f0ef8692fd1c58e34ae58e15625d2a4b9fb1aea3416f5853f429e0577e5efddc6543574ab2875460808dff6c9365087a0ab1e1f0093d4000da23473d015de393e073b3d5fa393baff9814df12b8865bf11e680d5107b2704e8e57a6dfd17764ed2ed8cbccbbe71ae694375a2da7dc757f1ce069b5d92cbe3c7d0f41fcb4ccd4836bdca200ec8130ed7842787564d34f598b2275f9611df27b3b41910105e4b1f547f39272aa3cd386894ffe75432633facedb2a888bce683023ab4a03694407f6836c7cc6945cdcf4aa264a8130ab64f259ea6791123cdea6d210000", 0x101b, 0x4004054, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) r6 = fcntl$dupfd(r4, 0x0, r2) ioctl$SIOCGIFMTU(r6, 0x8921, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r7 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) [ 318.228377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 318.228383] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 318.236062] binder: 14875:14880 ioctl c0306201 20000200 returned -14 [ 318.265805] binder: 14876:14878 ioctl c0306201 20000280 returned -22 19:14:42 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) 19:14:42 executing program 2 (fault-call:1 fault-nth:73): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 318.308767] libceph: connect [d::]:6789 error -101 [ 318.319660] libceph: mon0 [d::]:6789 connect error [ 318.328765] ceph: No mds server is up or the cluster is laggy [ 318.347903] binder: 14884:14891 ioctl c0306201 0 returned -14 [ 318.366273] binder: 14888:14894 ioctl c0306201 20000200 returned -14 [ 318.393676] FAULT_INJECTION: forcing a failure. [ 318.393676] name failslab, interval 1, probability 0, space 0, times 0 [ 318.405824] binder: 14884:14891 ioctl c0306201 0 returned -14 [ 318.413210] CPU: 1 PID: 14899 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 318.421097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.430445] Call Trace: [ 318.433036] dump_stack+0x1b2/0x283 [ 318.436667] should_fail.cold+0x10a/0x154 [ 318.440821] should_failslab+0xd6/0x130 [ 318.444796] __kmalloc+0x2c1/0x400 [ 318.448333] ? ceph_kvmalloc+0x2f/0x70 [ 318.452220] ceph_kvmalloc+0x2f/0x70 [ 318.455933] ceph_msg_new+0x293/0x370 [ 318.459822] msgpool_alloc+0x74/0xe0 [ 318.463532] ? msgpool_free+0x50/0x50 [ 318.467318] mempool_create_node+0x2bb/0x3d0 [ 318.471721] ceph_msgpool_init+0x8e/0x120 [ 318.475859] ceph_osdc_init+0x7a5/0xc30 [ 318.479827] ceph_create_client+0x26a/0x340 [ 318.484142] ceph_mount+0x4b9/0x181c [ 318.487844] ? __lockdep_init_map+0x100/0x560 [ 318.492321] ? __lockdep_init_map+0x100/0x560 [ 318.496806] mount_fs+0x92/0x2a0 [ 318.500153] vfs_kern_mount.part.0+0x5b/0x3c0 [ 318.504638] do_mount+0x3c9/0x25e0 [ 318.508175] ? copy_mount_string+0x40/0x40 [ 318.512402] ? __might_fault+0x177/0x1b0 [ 318.516454] ? _copy_from_user+0x94/0x100 [ 318.520581] ? memdup_user+0x54/0xa0 [ 318.524272] ? copy_mount_options+0x1ec/0x2e0 [ 318.528743] ? copy_mnt_ns+0x8a0/0x8a0 [ 318.532615] SyS_mount+0xa8/0x120 [ 318.536164] ? copy_mnt_ns+0x8a0/0x8a0 [ 318.540044] do_syscall_64+0x1d5/0x640 [ 318.543923] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 318.549091] RIP: 0033:0x45cb29 [ 318.552310] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 318.560008] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 318.567260] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 318.574521] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 318.581777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 318.589032] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 318.611682] ceph: No mds server is up or the cluster is laggy 19:14:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r4, 0x10e, 0x8, &(0x7f0000000280)=0x1, 0x4) r5 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) 19:14:42 executing program 2 (fault-call:1 fault-nth:74): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 318.618903] libceph: connect [d::]:6789 error -101 [ 318.624273] libceph: mon0 [d::]:6789 connect error [ 318.688473] binder: 14913:14916 ioctl c0306201 0 returned -14 [ 318.689168] FAULT_INJECTION: forcing a failure. [ 318.689168] name failslab, interval 1, probability 0, space 0, times 0 [ 318.709628] binder: 14913:14916 ioctl c0306201 0 returned -14 [ 318.711328] CPU: 0 PID: 14917 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 318.723398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.732742] Call Trace: [ 318.735311] dump_stack+0x1b2/0x283 [ 318.738919] should_fail.cold+0x10a/0x154 [ 318.743050] should_failslab+0xd6/0x130 [ 318.747015] __kmalloc+0x2c1/0x400 [ 318.750534] ? ceph_kvmalloc+0x2f/0x70 [ 318.754402] ceph_kvmalloc+0x2f/0x70 [ 318.758128] ceph_msg_new+0x293/0x370 [ 318.761922] msgpool_alloc+0x74/0xe0 [ 318.765650] ? msgpool_free+0x50/0x50 [ 318.769427] mempool_create_node+0x2bb/0x3d0 [ 318.773824] ceph_msgpool_init+0x8e/0x120 [ 318.777952] ceph_osdc_init+0x7a5/0xc30 [ 318.781905] ceph_create_client+0x26a/0x340 [ 318.786203] ceph_mount+0x4b9/0x181c [ 318.789896] ? __lockdep_init_map+0x100/0x560 [ 318.794371] ? __lockdep_init_map+0x100/0x560 [ 318.798863] mount_fs+0x92/0x2a0 [ 318.802211] vfs_kern_mount.part.0+0x5b/0x3c0 [ 318.806702] do_mount+0x3c9/0x25e0 [ 318.810230] ? copy_mount_string+0x40/0x40 [ 318.814449] ? __might_fault+0x177/0x1b0 [ 318.818487] ? _copy_from_user+0x94/0x100 [ 318.822614] ? memdup_user+0x54/0xa0 [ 318.826304] ? copy_mount_options+0x1ec/0x2e0 [ 318.830778] ? copy_mnt_ns+0x8a0/0x8a0 [ 318.834642] SyS_mount+0xa8/0x120 [ 318.838083] ? copy_mnt_ns+0x8a0/0x8a0 [ 318.841948] do_syscall_64+0x1d5/0x640 [ 318.845818] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 318.850991] RIP: 0033:0x45cb29 [ 318.854164] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 318.861848] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 318.869093] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 318.876343] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:42 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 318.883595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 318.890843] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f0000000080)={0x6, {0xfffffffd, 0x10000000, 0x81, 0x9}, {0xa80, 0x0, 0xffff, 0x8}, {0x74b1, 0xecfb}}) r4 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) 19:14:42 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) [ 318.941533] ceph: No mds server is up or the cluster is laggy [ 318.951136] libceph: connect [d::]:6789 error -101 [ 318.960710] libceph: mon0 [d::]:6789 connect error 19:14:42 executing program 2 (fault-call:1 fault-nth:75): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 319.031894] binder: 14929:14934 ioctl c0306201 0 returned -14 [ 319.048994] binder: 14929:14934 ioctl c0306201 0 returned -14 [ 319.050294] FAULT_INJECTION: forcing a failure. [ 319.050294] name failslab, interval 1, probability 0, space 0, times 0 [ 319.068093] CPU: 1 PID: 14938 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 319.075979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.085324] Call Trace: [ 319.087920] dump_stack+0x1b2/0x283 [ 319.091553] should_fail.cold+0x10a/0x154 [ 319.095701] should_failslab+0xd6/0x130 [ 319.099939] kmem_cache_alloc+0x28e/0x3c0 [ 319.104089] ceph_msg_new+0x31/0x370 [ 319.105039] binder: 14933:14942 unknown command 0 [ 319.107802] msgpool_alloc+0x74/0xe0 [ 319.107811] ? msgpool_free+0x50/0x50 [ 319.107822] mempool_create_node+0x2bb/0x3d0 [ 319.124523] ceph_msgpool_init+0x8e/0x120 [ 319.128671] ceph_osdc_init+0x7a5/0xc30 [ 319.132649] ceph_create_client+0x26a/0x340 [ 319.136978] ceph_mount+0x4b9/0x181c [ 319.140690] ? __lockdep_init_map+0x100/0x560 [ 319.145005] binder: 14933:14942 ioctl c0306201 20000280 returned -22 [ 319.145178] ? __lockdep_init_map+0x100/0x560 [ 319.152166] binder: 14925:14944 unknown command 25344 [ 319.156132] mount_fs+0x92/0x2a0 [ 319.156147] vfs_kern_mount.part.0+0x5b/0x3c0 [ 319.156159] do_mount+0x3c9/0x25e0 [ 319.156174] ? copy_mount_string+0x40/0x40 [ 319.156184] ? __might_fault+0x177/0x1b0 19:14:42 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 319.156195] ? _copy_from_user+0x94/0x100 [ 319.156207] ? memdup_user+0x54/0xa0 [ 319.156215] ? copy_mount_options+0x1ec/0x2e0 [ 319.156224] ? copy_mnt_ns+0x8a0/0x8a0 [ 319.156232] SyS_mount+0xa8/0x120 [ 319.156243] ? copy_mnt_ns+0x8a0/0x8a0 [ 319.173406] binder: 14925:14944 ioctl c0306201 20000280 returned -22 [ 319.176972] do_syscall_64+0x1d5/0x640 [ 319.176990] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 319.177000] RIP: 0033:0x45cb29 [ 319.192299] binder: 14943:14947 ioctl c0306201 0 returned -14 19:14:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) 19:14:43 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:14:43 executing program 2 (fault-call:1 fault-nth:76): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 319.193331] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 319.193343] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 319.193348] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 319.193354] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.193362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 319.198756] binder: 14943:14947 ioctl c0306201 0 returned -14 [ 319.201641] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 319.315495] FAULT_INJECTION: forcing a failure. [ 319.315495] name failslab, interval 1, probability 0, space 0, times 0 [ 319.332894] CPU: 0 PID: 14955 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 319.340788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.343211] binder: 14953:14958 ioctl c0306201 20000200 returned -14 [ 319.350133] Call Trace: [ 319.350154] dump_stack+0x1b2/0x283 [ 319.350170] should_fail.cold+0x10a/0x154 [ 319.350184] should_failslab+0xd6/0x130 [ 319.370929] __kmalloc+0x2c1/0x400 [ 319.374466] ? ceph_kvmalloc+0x2f/0x70 [ 319.378369] ceph_kvmalloc+0x2f/0x70 [ 319.382089] ceph_msg_new+0x293/0x370 [ 319.385897] msgpool_alloc+0x74/0xe0 [ 319.389610] ? msgpool_free+0x50/0x50 [ 319.393407] mempool_create_node+0x2bb/0x3d0 [ 319.397821] ceph_msgpool_init+0x8e/0x120 [ 319.401971] ceph_osdc_init+0x7a5/0xc30 [ 319.405940] ceph_create_client+0x26a/0x340 [ 319.410263] ceph_mount+0x4b9/0x181c [ 319.413976] ? __lockdep_init_map+0x100/0x560 [ 319.418469] ? __lockdep_init_map+0x100/0x560 [ 319.422966] mount_fs+0x92/0x2a0 [ 319.426337] vfs_kern_mount.part.0+0x5b/0x3c0 [ 319.430835] do_mount+0x3c9/0x25e0 [ 319.434379] ? copy_mount_string+0x40/0x40 [ 319.438610] ? __might_fault+0x177/0x1b0 [ 319.442668] ? _copy_from_user+0x94/0x100 [ 319.446815] ? memdup_user+0x54/0xa0 [ 319.450531] ? copy_mount_options+0x1ec/0x2e0 [ 319.452041] binder: 14964:14968 ioctl c0306201 0 returned -14 [ 319.455024] ? copy_mnt_ns+0x8a0/0x8a0 19:14:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto(r3, &(0x7f0000000040)="38a7e7ebc761b62081849d9ab972899267b3cf86b8656d0cee59359bb8463c924ae7b063d748365833413824d0480a73996b9f69d33d0613b2df2d8a2b07f46762928703a1aa9498a2df98", 0x4b, 0x20008850, 0x0, 0x0) r5 = dup2(r1, r0) ioctl$RTC_ALM_SET(r4, 0x40247007, &(0x7f00000000c0)={0x30, 0xc, 0x14, 0x1b, 0x3, 0x9, 0x6, 0x111}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) [ 319.455035] SyS_mount+0xa8/0x120 [ 319.455044] ? copy_mnt_ns+0x8a0/0x8a0 [ 319.455058] do_syscall_64+0x1d5/0x640 [ 319.455075] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 319.455081] RIP: 0033:0x45cb29 [ 319.455089] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 [ 319.472240] binder: 14964:14968 ioctl c0306201 0 returned -14 [ 319.475982] ORIG_RAX: 00000000000000a5 [ 319.475989] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$UI_END_FF_UPLOAD(r4, 0x406855c9, &(0x7f0000000040)={0xd, 0x3f, {0x57, 0x7ff, 0x9, {0xfff, 0x6d}, {0x7ff, 0x40}, @const={0x0, {0x6, 0x100, 0x0, 0x5}}}, {0x57, 0xfffe, 0x401, {0x101, 0x1f}, {0x5, 0x6}, @ramp={0x40, 0x448, {0xfffb, 0x74, 0x2, 0x1}}}}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 319.475995] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 319.476001] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.476007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 319.476012] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 319.494402] libceph: connect [d::]:6789 error -101 [ 319.561347] libceph: mon0 [d::]:6789 connect error 19:14:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 319.566479] ceph: No mds server is up or the cluster is laggy [ 319.571574] binder: 14974:14975 ioctl c0306201 0 returned -14 [ 319.581111] binder: 14974:14975 ioctl 406855c9 20000040 returned -22 [ 319.588915] binder: 14974:14975 ioctl c0306201 0 returned -14 19:14:43 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:43 executing program 2 (fault-call:1 fault-nth:77): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:43 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 19:14:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r4, 0x5386, &(0x7f0000000040)) r5 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = dup2(r1, r0) recvfrom$rxrpc(r4, &(0x7f0000000100)=""/54, 0x36, 0x0, &(0x7f0000000140)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e21, 0xffff, @dev={0xfe, 0x80, [], 0x27}, 0xf80000}}, 0x24) ioctl$VT_ACTIVATE(r4, 0x5606, 0x1) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) setsockopt$netrom_NETROM_IDLE(r6, 0x103, 0x7, &(0x7f0000000080)=0x1, 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$SNDCTL_DSP_GETTRIGGER(r4, 0x80045010, &(0x7f00000000c0)) setsockopt$inet_tcp_int(r6, 0x6, 0x7, &(0x7f00000001c0)=0x9, 0x4) [ 319.839363] FAULT_INJECTION: forcing a failure. [ 319.839363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 319.851184] CPU: 0 PID: 14988 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 319.854422] binder: 14992:14995 ioctl c0306201 0 returned -14 [ 319.859057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.859063] Call Trace: [ 319.859083] dump_stack+0x1b2/0x283 [ 319.859100] should_fail.cold+0x10a/0x154 [ 319.884608] __alloc_pages_nodemask+0x22b/0x2730 [ 319.889353] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 319.893828] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 319.898301] ? kmem_cache_alloc+0x124/0x3c0 [ 319.902602] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 319.907426] ? trace_hardirqs_on+0x10/0x10 [ 319.911636] ? SyS_mount+0xa8/0x120 [ 319.915245] ? ceph_osdc_init+0x7a5/0xc30 [ 319.919390] ? cache_alloc_refill+0x310/0x360 [ 319.924562] cache_grow_begin+0x91/0x410 [ 319.928610] cache_alloc_refill+0x28c/0x360 [ 319.932916] __kmalloc+0x378/0x400 [ 319.936436] ? ceph_kvmalloc+0x2f/0x70 [ 319.940303] ceph_kvmalloc+0x2f/0x70 [ 319.943997] ceph_msg_new+0x293/0x370 [ 319.947777] msgpool_alloc+0x74/0xe0 [ 319.951467] ? msgpool_free+0x50/0x50 [ 319.955256] mempool_create_node+0x2bb/0x3d0 [ 319.959645] ceph_msgpool_init+0x8e/0x120 [ 319.963774] ceph_osdc_init+0x7a5/0xc30 [ 319.967730] ceph_create_client+0x26a/0x340 [ 319.972031] ceph_mount+0x4b9/0x181c [ 319.975742] ? __lockdep_init_map+0x100/0x560 [ 319.980213] ? __lockdep_init_map+0x100/0x560 [ 319.984694] mount_fs+0x92/0x2a0 [ 319.988054] vfs_kern_mount.part.0+0x5b/0x3c0 [ 319.992528] do_mount+0x3c9/0x25e0 [ 319.996049] ? copy_mount_string+0x40/0x40 [ 320.000259] ? __might_fault+0x177/0x1b0 [ 320.004301] ? _copy_from_user+0x94/0x100 [ 320.008427] ? memdup_user+0x54/0xa0 [ 320.012116] ? copy_mount_options+0x1ec/0x2e0 [ 320.016589] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.020465] SyS_mount+0xa8/0x120 [ 320.023896] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.027761] do_syscall_64+0x1d5/0x640 [ 320.031632] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 320.036797] RIP: 0033:0x45cb29 [ 320.039960] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 320.047645] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 320.054891] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 320.062137] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 320.069396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 320.076817] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 320.085049] binder: 14994:14998 unknown command 0 19:14:44 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:14:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) [ 320.089901] binder: 14994:14998 ioctl c0306201 20000280 returned -22 [ 320.099038] binder: 14992:15000 ioctl c0306201 0 returned -14 [ 320.116592] ceph: No mds server is up or the cluster is laggy [ 320.122946] libceph: connect [d::]:6789 error -101 [ 320.127945] libceph: mon0 [d::]:6789 connect error 19:14:44 executing program 2 (fault-call:1 fault-nth:78): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 320.189527] binder: 15007:15010 ioctl c0306201 20000200 returned -14 [ 320.217112] FAULT_INJECTION: forcing a failure. [ 320.217112] name failslab, interval 1, probability 0, space 0, times 0 [ 320.229330] CPU: 0 PID: 15014 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 320.237216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.246555] Call Trace: [ 320.249132] dump_stack+0x1b2/0x283 [ 320.252747] should_fail.cold+0x10a/0x154 [ 320.256886] should_failslab+0xd6/0x130 [ 320.260844] __kmalloc+0x2c1/0x400 [ 320.264364] ? ceph_kvmalloc+0x2f/0x70 [ 320.268232] ceph_kvmalloc+0x2f/0x70 [ 320.271933] ceph_msg_new+0x293/0x370 [ 320.275722] msgpool_alloc+0x74/0xe0 [ 320.279413] ? msgpool_free+0x50/0x50 [ 320.283192] mempool_create_node+0x2bb/0x3d0 [ 320.287584] ceph_msgpool_init+0x8e/0x120 [ 320.291713] ceph_osdc_init+0x7a5/0xc30 [ 320.295665] ceph_create_client+0x26a/0x340 [ 320.299967] ceph_mount+0x4b9/0x181c [ 320.303657] ? __lockdep_init_map+0x100/0x560 [ 320.308133] ? __lockdep_init_map+0x100/0x560 [ 320.312609] mount_fs+0x92/0x2a0 [ 320.316000] vfs_kern_mount.part.0+0x5b/0x3c0 [ 320.320472] do_mount+0x3c9/0x25e0 [ 320.323990] ? copy_mount_string+0x40/0x40 [ 320.328201] ? __might_fault+0x177/0x1b0 [ 320.332239] ? _copy_from_user+0x94/0x100 [ 320.336369] ? memdup_user+0x54/0xa0 [ 320.340068] ? copy_mount_options+0x1ec/0x2e0 [ 320.344547] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.348418] SyS_mount+0xa8/0x120 [ 320.351854] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.355723] do_syscall_64+0x1d5/0x640 [ 320.359598] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 320.364767] RIP: 0033:0x45cb29 [ 320.367936] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 320.375626] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 320.382876] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 320.390126] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 320.397375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 320.405335] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 320.426089] ceph: No mds server is up or the cluster is laggy [ 320.432590] libceph: connect [d::]:6789 error -101 19:14:44 executing program 2 (fault-call:1 fault-nth:79): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 320.438088] libceph: mon0 [d::]:6789 connect error [ 320.491290] FAULT_INJECTION: forcing a failure. [ 320.491290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 320.503373] CPU: 1 PID: 15029 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 320.511247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.520580] Call Trace: [ 320.523156] dump_stack+0x1b2/0x283 [ 320.526773] should_fail.cold+0x10a/0x154 [ 320.530900] __alloc_pages_nodemask+0x22b/0x2730 [ 320.535640] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 320.540109] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 320.544585] ? kmem_cache_alloc+0x124/0x3c0 [ 320.548891] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 320.553710] ? trace_hardirqs_on+0x10/0x10 [ 320.557919] ? SyS_mount+0xa8/0x120 [ 320.561579] ? ceph_osdc_init+0x7a5/0xc30 [ 320.565708] ? cache_alloc_refill+0x310/0x360 [ 320.570180] cache_grow_begin+0x91/0x410 [ 320.574217] cache_alloc_refill+0x28c/0x360 [ 320.578513] __kmalloc+0x378/0x400 [ 320.582026] ? ceph_kvmalloc+0x2f/0x70 [ 320.585891] ceph_kvmalloc+0x2f/0x70 [ 320.589580] ceph_msg_new+0x293/0x370 [ 320.593358] msgpool_alloc+0x74/0xe0 [ 320.597045] ? msgpool_free+0x50/0x50 [ 320.600820] mempool_create_node+0x2bb/0x3d0 [ 320.605217] ceph_msgpool_init+0x8e/0x120 [ 320.609350] ceph_osdc_init+0x7a5/0xc30 [ 320.613303] ceph_create_client+0x26a/0x340 [ 320.617600] ceph_mount+0x4b9/0x181c [ 320.621293] ? __lockdep_init_map+0x100/0x560 [ 320.625775] ? __lockdep_init_map+0x100/0x560 [ 320.630267] mount_fs+0x92/0x2a0 [ 320.633632] vfs_kern_mount.part.0+0x5b/0x3c0 [ 320.638121] do_mount+0x3c9/0x25e0 [ 320.641642] ? copy_mount_string+0x40/0x40 [ 320.645852] ? __might_fault+0x177/0x1b0 [ 320.649889] ? _copy_from_user+0x94/0x100 [ 320.654022] ? memdup_user+0x54/0xa0 [ 320.657716] ? copy_mount_options+0x1ec/0x2e0 [ 320.662191] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.666062] SyS_mount+0xa8/0x120 [ 320.669491] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.673362] do_syscall_64+0x1d5/0x640 [ 320.677239] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 320.682401] RIP: 0033:0x45cb29 19:14:44 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x103503, 0x0) sendmsg$kcm(r1, &(0x7f0000000580)={&(0x7f00000001c0)=@tipc=@name={0x1e, 0x2, 0x1, {{0x42, 0x3}}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000240)="9acc9a7164fcb6ecdf9a0279cdcebe70b4c3ca9a958924c76577a4d152ebe851c348b09b19492dee165edf5d6ee6f10000e16fc3afa474c3b62513ee893639991059f48ff7cfc4f49ee2ff99187a8fdfbeb8a437559a416291ddfe744c439f51b79ec08ddc7b9f3d8f8147b93fd66347652b9e6287875a6c0da01ff7f836b1a82dad3d29b353a5a487901f4ce1d5255f111c6b1130c03363a23d9e58ac9d7ddd452c52f0481ec98db77c370d808e52a4ea61bbff66526500b34b805f2c68", 0xbe}, {&(0x7f0000000300)="81715a15a2ce31f4caba82fd19be6e131248fb5d387283e4dc2ef760a91a56be6909c05a117f0ec5de3b8b97aec4e88cfd774501c6cabec9617f70e3466bceebdcbdfbc8410859f21ba981547dc7249fda55456f4c4448fa03b4a68f83f01c5c4387a6e9b76ccc904c24c6694fabb576dc5f3f2ab6f708d7ae13182fa6ed1d972332678c119a5cfd5d84d21b293e7c2eb2965eec847f", 0x96}], 0x2, &(0x7f00000003c0)=[{0xc0, 0x107, 0x2, "b01708d5f0fce271d9d41d136b285830f5b6c786ae2a921470f1c34a5d9ff37f0a2553d1da443ff95fe5d0b36d25841713c1743ac1ec1c17181592ee41f1f6e350545a06a51dc5338a529d9f7d597df1058a813bf6d40c879585a6c8a42296c178fadf20d5f71ff414c2692ccbf0e0e9390e5a316cc14bd50706e04631bbce40050d011bec7a3a780eff13b4031fc595963bc85f9d44a6a12a4ab92efeed4f159646debe8c887cd23824de"}, {0x50, 0x114, 0x9, "c03a188ee9cfe5fbb79e2cfb38c4093a3923434632615c98bdbd2ca1b335959cb8dc25a974dd13bc6077f56b2f4749fc52f9c9ef27f9c14ae7a6"}, {0x88, 0x6836aede7fc4bab0, 0x401, "e7d849c924fb5aa3715ed48361ed28e2780ddc4d004034d5df6e4c95cd355cc125e15c1bc4717923a5dee58e8800fa62f1c32ccd63a3237fe80af6ed32c82f997fe00c62b57ce6d7b5121dc0853591a8f550a7e5294c7e91b6ece4a391117629a3543d3ee6596da5c811bc3e8d4b5df9cd0bf3"}], 0x198}, 0x40804) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000100)={0x1, 0x0, "71ec9540c1e0226712946b64564db94e04a3a83d3b8cc2d3"}) r2 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = dup2(r3, r2) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) 19:14:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 320.685566] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 320.693254] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 320.700506] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 320.707749] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 320.715000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 320.722253] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:44 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 19:14:44 executing program 2 (fault-call:1 fault-nth:80): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 320.781479] ceph: No mds server is up or the cluster is laggy [ 320.787785] libceph: connect [d::]:6789 error -101 [ 320.799826] libceph: mon0 [d::]:6789 connect error [ 320.842842] binder: 15038:15043 ioctl c0306201 0 returned -14 [ 320.853425] binder: 15038:15043 ioctl c0306201 0 returned -14 [ 320.859871] FAULT_INJECTION: forcing a failure. [ 320.859871] name failslab, interval 1, probability 0, space 0, times 0 [ 320.866767] binder: BINDER_SET_CONTEXT_MGR already set [ 320.877060] CPU: 1 PID: 15048 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 320.881259] binder: 15038:15043 ioctl 40046207 0 returned -16 [ 320.884938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.884943] Call Trace: [ 320.884963] dump_stack+0x1b2/0x283 [ 320.884979] should_fail.cold+0x10a/0x154 [ 320.884995] should_failslab+0xd6/0x130 [ 320.885007] kmem_cache_alloc+0x28e/0x3c0 [ 320.885018] ceph_msg_new+0x31/0x370 [ 320.885031] msgpool_alloc+0x74/0xe0 [ 320.926022] ? msgpool_free+0x50/0x50 [ 320.929812] mempool_create_node+0x2bb/0x3d0 [ 320.934269] ceph_msgpool_init+0x8e/0x120 [ 320.938397] ceph_osdc_init+0x7a5/0xc30 [ 320.942358] ceph_create_client+0x26a/0x340 [ 320.946657] ceph_mount+0x4b9/0x181c [ 320.950349] ? __lockdep_init_map+0x100/0x560 [ 320.954820] ? __lockdep_init_map+0x100/0x560 [ 320.959313] mount_fs+0x92/0x2a0 [ 320.962675] vfs_kern_mount.part.0+0x5b/0x3c0 [ 320.967151] do_mount+0x3c9/0x25e0 [ 320.970687] ? copy_mount_string+0x40/0x40 [ 320.974918] ? __might_fault+0x177/0x1b0 [ 320.978974] ? _copy_from_user+0x94/0x100 [ 320.983117] ? memdup_user+0x54/0xa0 [ 320.986826] ? copy_mount_options+0x1ec/0x2e0 [ 320.991307] ? copy_mnt_ns+0x8a0/0x8a0 [ 320.995172] SyS_mount+0xa8/0x120 [ 320.998600] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.002471] do_syscall_64+0x1d5/0x640 [ 321.006339] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 321.011521] RIP: 0033:0x45cb29 [ 321.014686] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 321.022371] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 321.029623] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:44 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 19:14:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 321.036874] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 321.044119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 321.051364] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:45 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 321.086695] binder: 15037:15053 unknown command 0 19:14:45 executing program 2 (fault-call:1 fault-nth:81): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 321.107990] binder: 15037:15053 ioctl c0306201 20000280 returned -22 19:14:45 executing program 1: r0 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r0, 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r1, 0x8a, 0x586d, 0x8, 0x2}) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, 0x1411, 0x200, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x3b}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x5}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x7}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc0}, 0x805) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x120, 0x17, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_FLOWTABLE_HOOK={0xd0, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'nr0\x00'}, {0x14, 0x1, 'lo\x00'}, {0x14, 0x1, 'ip6_vti0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'lo\x00'}, {0x14, 0x1, 'batadv_slave_1\x00'}, {0x14, 0x1, 'syz_tun\x00'}, {0x14, 0x1, 'ip6gretap0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x120}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r3, r6) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) [ 321.155231] binder: 15055:15062 ioctl c0306201 20000200 returned -14 [ 321.174328] FAULT_INJECTION: forcing a failure. [ 321.174328] name failslab, interval 1, probability 0, space 0, times 0 [ 321.177038] binder: 15056:15067 unknown command 25344 [ 321.193901] binder: 15056:15067 ioctl c0306201 20000280 returned -22 [ 321.226246] CPU: 1 PID: 15066 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 321.228035] binder: 15069:15072 ioctl c0306201 0 returned -14 [ 321.234161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.234166] Call Trace: [ 321.234185] dump_stack+0x1b2/0x283 [ 321.234202] should_fail.cold+0x10a/0x154 [ 321.234218] should_failslab+0xd6/0x130 [ 321.234230] kmem_cache_alloc+0x28e/0x3c0 [ 321.234244] ceph_msg_new+0x31/0x370 [ 321.234258] msgpool_alloc+0x74/0xe0 [ 321.234267] ? msgpool_free+0x50/0x50 [ 321.234276] mempool_create_node+0x2bb/0x3d0 [ 321.234291] ceph_msgpool_init+0x8e/0x120 [ 321.234304] ceph_osdc_init+0x7a5/0xc30 [ 321.292541] ceph_create_client+0x26a/0x340 [ 321.296848] ceph_mount+0x4b9/0x181c [ 321.300734] ? __lockdep_init_map+0x100/0x560 [ 321.305237] ? __lockdep_init_map+0x100/0x560 [ 321.309719] mount_fs+0x92/0x2a0 [ 321.313088] vfs_kern_mount.part.0+0x5b/0x3c0 [ 321.317565] do_mount+0x3c9/0x25e0 [ 321.321100] ? copy_mount_string+0x40/0x40 [ 321.325327] ? __might_fault+0x177/0x1b0 [ 321.329375] ? _copy_from_user+0x94/0x100 [ 321.333510] ? memdup_user+0x54/0xa0 [ 321.337203] ? copy_mount_options+0x1ec/0x2e0 [ 321.341676] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.345551] SyS_mount+0xa8/0x120 [ 321.348991] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.352860] do_syscall_64+0x1d5/0x640 [ 321.356742] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 321.361920] RIP: 0033:0x45cb29 [ 321.365086] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:45 executing program 2 (fault-call:1 fault-nth:82): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 321.372773] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 321.380027] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 321.387281] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 321.396010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 321.403263] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 321.449911] FAULT_INJECTION: forcing a failure. [ 321.449911] name failslab, interval 1, probability 0, space 0, times 0 [ 321.462081] CPU: 0 PID: 15076 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 321.469965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.479309] Call Trace: [ 321.481888] dump_stack+0x1b2/0x283 [ 321.485510] should_fail.cold+0x10a/0x154 [ 321.489657] should_failslab+0xd6/0x130 [ 321.493620] __kmalloc+0x2c1/0x400 [ 321.497143] ? ceph_kvmalloc+0x2f/0x70 [ 321.501010] ceph_kvmalloc+0x2f/0x70 [ 321.504704] ceph_msg_new+0x293/0x370 [ 321.508485] msgpool_alloc+0x74/0xe0 [ 321.512179] ? msgpool_free+0x50/0x50 [ 321.515956] mempool_create_node+0x2bb/0x3d0 [ 321.520361] ceph_msgpool_init+0x8e/0x120 [ 321.524500] ceph_osdc_init+0x7a5/0xc30 [ 321.528456] ceph_create_client+0x26a/0x340 [ 321.532772] ceph_mount+0x4b9/0x181c [ 321.536464] ? __lockdep_init_map+0x100/0x560 [ 321.540935] ? __lockdep_init_map+0x100/0x560 [ 321.545410] mount_fs+0x92/0x2a0 [ 321.548758] vfs_kern_mount.part.0+0x5b/0x3c0 [ 321.556097] do_mount+0x3c9/0x25e0 [ 321.559620] ? copy_mount_string+0x40/0x40 [ 321.563831] ? __might_fault+0x177/0x1b0 [ 321.567871] ? _copy_from_user+0x94/0x100 [ 321.572000] ? memdup_user+0x54/0xa0 [ 321.575691] ? copy_mount_options+0x1ec/0x2e0 [ 321.580254] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.584119] SyS_mount+0xa8/0x120 [ 321.587561] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.591441] do_syscall_64+0x1d5/0x640 [ 321.595312] entry_SYSCALL_64_after_hwframe+0x46/0xbb 19:14:45 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:45 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 321.600478] RIP: 0033:0x45cb29 [ 321.603645] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 321.611329] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 321.618662] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 321.625908] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 321.633156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 321.640404] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:45 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r2, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000080)={0xb, @pix={0x3, 0x5500, 0x50313459, 0x0, 0x8, 0x200, 0x2, 0xffffffff, 0x1, 0x4}}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r7 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r3, 0x891b, &(0x7f0000000040)={'bond0\x00', {0x2, 0x4e24, @multicast1}}) 19:14:45 executing program 2 (fault-call:1 fault-nth:83): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 321.691407] ceph: No mds server is up or the cluster is laggy [ 321.697800] libceph: connect [d::]:6789 error -101 [ 321.708561] libceph: mon0 [d::]:6789 connect error [ 321.767460] binder: 15092:15097 ioctl c0306201 0 returned -14 [ 321.776096] binder: 15092:15097 ioctl c0306201 0 returned -14 [ 321.803480] FAULT_INJECTION: forcing a failure. [ 321.803480] name failslab, interval 1, probability 0, space 0, times 0 [ 321.804142] binder: 15082:15100 unknown command 0 [ 321.819750] CPU: 0 PID: 15098 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 321.827629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.836978] Call Trace: [ 321.839565] dump_stack+0x1b2/0x283 [ 321.843199] should_fail.cold+0x10a/0x154 [ 321.844647] binder: 15082:15100 ioctl c0306201 20000280 returned -22 [ 321.847348] should_failslab+0xd6/0x130 [ 321.847359] __kmalloc+0x2c1/0x400 [ 321.847368] ? __alloc_workqueue_key+0x114/0xdc0 [ 321.847375] ? __kmalloc+0x3a4/0x400 [ 321.847386] __alloc_workqueue_key+0x114/0xdc0 [ 321.847398] ? ceph_kvmalloc+0x3c/0x70 [ 321.847409] ? ceph_msg_new+0x272/0x370 [ 321.847421] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 321.847433] ? mempool_create_node+0x2dc/0x3d0 [ 321.891771] ceph_osdc_init+0x7e0/0xc30 [ 321.895727] ceph_create_client+0x26a/0x340 [ 321.900030] ceph_mount+0x4b9/0x181c [ 321.903734] ? __lockdep_init_map+0x100/0x560 [ 321.908205] ? __lockdep_init_map+0x100/0x560 [ 321.912683] mount_fs+0x92/0x2a0 [ 321.916029] vfs_kern_mount.part.0+0x5b/0x3c0 [ 321.920503] do_mount+0x3c9/0x25e0 [ 321.924024] ? copy_mount_string+0x40/0x40 [ 321.928237] ? __might_fault+0x177/0x1b0 [ 321.932279] ? _copy_from_user+0x94/0x100 [ 321.936405] ? memdup_user+0x54/0xa0 [ 321.940094] ? copy_mount_options+0x1ec/0x2e0 [ 321.944565] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.948429] SyS_mount+0xa8/0x120 [ 321.951859] ? copy_mnt_ns+0x8a0/0x8a0 [ 321.955727] do_syscall_64+0x1d5/0x640 [ 321.959598] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 321.964763] RIP: 0033:0x45cb29 19:14:45 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:45 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 19:14:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) [ 321.967928] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 321.975614] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 321.982861] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 321.990108] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 321.997353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 322.004601] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:45 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x4000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@increfs], 0x5b, 0x0, &(0x7f00000000c0)="c34420b472cb8ccaefb1d549be6cabcb52ad5f6b8b566f4c60bd680812fa41e5fa81a16165d767377169b8f92f5272c4991693ba7f9b530dcfbf3a0d2267bd61eade06e0855fb0c888ce5028d96f8ba3f2d5c9adad2fa8cb415ced"}) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = dup2(r2, r0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) 19:14:46 executing program 2 (fault-call:1 fault-nth:84): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 322.045586] binder: 15104:15106 ioctl c0306201 0 returned -14 [ 322.052764] binder: 15105:15107 ioctl c0306201 20000200 returned -14 [ 322.065797] binder: 15104:15106 ioctl c0306201 0 returned -14 [ 322.130434] FAULT_INJECTION: forcing a failure. [ 322.130434] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 322.142252] CPU: 0 PID: 15115 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 322.150128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.159475] Call Trace: [ 322.162062] dump_stack+0x1b2/0x283 [ 322.165698] should_fail.cold+0x10a/0x154 [ 322.166070] binder: 15112:15116 ioctl c0306201 0 returned -14 [ 322.169845] __alloc_pages_nodemask+0x22b/0x2730 [ 322.169867] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 322.177729] binder: 15112:15116 ioctl c0306201 0 returned -14 [ 322.180466] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 322.180475] ? kmem_cache_alloc+0x124/0x3c0 [ 322.180487] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 322.204409] ? trace_hardirqs_on+0x10/0x10 [ 322.208624] ? SyS_mount+0xa8/0x120 [ 322.212233] ? ceph_osdc_init+0x7a5/0xc30 [ 322.216366] ? cache_alloc_refill+0x310/0x360 [ 322.220850] cache_grow_begin+0x91/0x410 [ 322.224889] cache_alloc_refill+0x28c/0x360 [ 322.229186] __kmalloc+0x378/0x400 [ 322.232701] ? ceph_kvmalloc+0x2f/0x70 [ 322.236575] ceph_kvmalloc+0x2f/0x70 [ 322.240274] ceph_msg_new+0x293/0x370 [ 322.244072] msgpool_alloc+0x74/0xe0 [ 322.247775] ? msgpool_free+0x50/0x50 [ 322.251551] mempool_create_node+0x2bb/0x3d0 [ 322.255937] ceph_msgpool_init+0x8e/0x120 [ 322.260066] ceph_osdc_init+0x7a5/0xc30 [ 322.264020] ceph_create_client+0x26a/0x340 [ 322.268333] ceph_mount+0x4b9/0x181c [ 322.272033] ? __lockdep_init_map+0x100/0x560 [ 322.276513] ? __lockdep_init_map+0x100/0x560 [ 322.281006] mount_fs+0x92/0x2a0 [ 322.284354] vfs_kern_mount.part.0+0x5b/0x3c0 [ 322.288829] do_mount+0x3c9/0x25e0 [ 322.292350] ? copy_mount_string+0x40/0x40 [ 322.296560] ? __might_fault+0x177/0x1b0 [ 322.300600] ? _copy_from_user+0x94/0x100 [ 322.304725] ? memdup_user+0x54/0xa0 [ 322.308416] ? copy_mount_options+0x1ec/0x2e0 [ 322.312890] ? copy_mnt_ns+0x8a0/0x8a0 [ 322.316770] SyS_mount+0xa8/0x120 [ 322.320216] ? copy_mnt_ns+0x8a0/0x8a0 [ 322.324083] do_syscall_64+0x1d5/0x640 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x8400, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x400000, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) [ 322.327951] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 322.333120] RIP: 0033:0x45cb29 [ 322.336294] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 322.343976] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 322.351240] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 322.358485] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 322.365730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 322.372973] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) [ 322.399282] libceph: connect [d::]:6789 error -101 [ 322.404472] libceph: mon0 [d::]:6789 connect error [ 322.412756] binder: 15108:15120 unknown command 25344 [ 322.419205] ceph: No mds server is up or the cluster is laggy [ 322.420539] binder: 15122:15124 ioctl c0306201 0 returned -14 [ 322.429635] binder: 15108:15120 ioctl c0306201 20000280 returned -22 [ 322.437189] binder: 15122:15124 ioctl c0306201 0 returned -14 19:14:46 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:14:46 executing program 2 (fault-call:1 fault-nth:85): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:46 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) rmdir(&(0x7f0000000040)='./file0\x00') ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) [ 322.570772] FAULT_INJECTION: forcing a failure. [ 322.570772] name failslab, interval 1, probability 0, space 0, times 0 [ 322.582181] CPU: 0 PID: 15139 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 322.591027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.600383] Call Trace: [ 322.602974] dump_stack+0x1b2/0x283 [ 322.606608] should_fail.cold+0x10a/0x154 [ 322.610760] should_failslab+0xd6/0x130 [ 322.614740] __kmalloc+0x2c1/0x400 [ 322.618283] ? ceph_kvmalloc+0x2f/0x70 [ 322.622168] ceph_kvmalloc+0x2f/0x70 [ 322.625887] ceph_msg_new+0x293/0x370 [ 322.626590] binder: 15138:15146 unknown command 0 [ 322.629683] msgpool_alloc+0x74/0xe0 [ 322.629694] ? msgpool_free+0x50/0x50 [ 322.629704] mempool_create_node+0x2bb/0x3d0 [ 322.629723] ceph_msgpool_init+0x8e/0x120 [ 322.634630] binder: 15138:15146 ioctl c0306201 20000280 returned -22 [ 322.638234] ceph_osdc_init+0x7a5/0xc30 [ 322.638254] ceph_create_client+0x26a/0x340 [ 322.638270] ceph_mount+0x4b9/0x181c 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) accept4$unix(r3, &(0x7f0000000040)=@abs, &(0x7f00000000c0)=0x6e, 0x800) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) [ 322.651076] binder: 15142:15147 ioctl c0306201 0 returned -14 [ 322.657044] ? __lockdep_init_map+0x100/0x560 [ 322.657055] ? __lockdep_init_map+0x100/0x560 [ 322.657069] mount_fs+0x92/0x2a0 [ 322.657084] vfs_kern_mount.part.0+0x5b/0x3c0 [ 322.657097] do_mount+0x3c9/0x25e0 [ 322.657109] ? copy_mount_string+0x40/0x40 [ 322.657118] ? __might_fault+0x177/0x1b0 [ 322.657130] ? _copy_from_user+0x94/0x100 [ 322.666643] binder: 15142:15147 ioctl c0306201 0 returned -14 [ 322.669085] ? memdup_user+0x54/0xa0 [ 322.669096] ? copy_mount_options+0x1ec/0x2e0 [ 322.669105] ? copy_mnt_ns+0x8a0/0x8a0 [ 322.669116] SyS_mount+0xa8/0x120 [ 322.669124] ? copy_mnt_ns+0x8a0/0x8a0 [ 322.669136] do_syscall_64+0x1d5/0x640 [ 322.675496] binder_alloc: 15136: binder_alloc_buf, no vma [ 322.679480] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 322.679489] RIP: 0033:0x45cb29 [ 322.679495] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 322.679505] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) sched_yield() ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 322.679510] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 322.679518] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 322.739464] binder: 15149:15152 ioctl c0306201 0 returned -14 [ 322.742311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 322.742318] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 322.763493] libceph: connect [d::]:6789 error -101 [ 322.782365] binder: 15149:15152 ioctl c0306201 0 returned -14 [ 322.788558] libceph: mon0 [d::]:6789 connect error 19:14:46 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 322.817215] ceph: No mds server is up or the cluster is laggy [ 322.837296] binder: 15159:15160 ioctl c0306201 0 returned -14 19:14:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x218, 0x0) 19:14:46 executing program 2 (fault-call:1 fault-nth:86): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0xbf0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 322.868815] binder: 15159:15160 ioctl c0306201 0 returned -14 [ 322.925572] binder: 15170:15171 ioctl c0306201 0 returned -14 [ 322.931850] binder: 15164:15167 ioctl c0306201 20000200 returned -14 [ 322.943593] binder: 15170:15171 ioctl c0306201 0 returned -14 [ 322.953266] FAULT_INJECTION: forcing a failure. [ 322.953266] name failslab, interval 1, probability 0, space 0, times 0 [ 322.971376] binder: 15168:15175 unknown command 25344 [ 322.978772] binder: 15168:15175 ioctl c0306201 20000280 returned -22 [ 322.981586] CPU: 0 PID: 15172 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 322.993136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.002476] Call Trace: [ 323.005070] dump_stack+0x1b2/0x283 [ 323.008691] should_fail.cold+0x10a/0x154 [ 323.012821] should_failslab+0xd6/0x130 [ 323.016789] __kmalloc+0x2c1/0x400 [ 323.020313] ? ceph_kvmalloc+0x2f/0x70 [ 323.024186] ceph_kvmalloc+0x2f/0x70 [ 323.027886] ceph_msg_new+0x293/0x370 [ 323.031671] msgpool_alloc+0x74/0xe0 [ 323.035367] ? msgpool_free+0x50/0x50 [ 323.039147] mempool_create_node+0x2bb/0x3d0 [ 323.043543] ceph_msgpool_init+0x8e/0x120 [ 323.047673] ceph_osdc_init+0x7a5/0xc30 [ 323.051628] ceph_create_client+0x26a/0x340 [ 323.055929] ceph_mount+0x4b9/0x181c [ 323.059629] ? __lockdep_init_map+0x100/0x560 [ 323.064104] ? __lockdep_init_map+0x100/0x560 [ 323.068590] mount_fs+0x92/0x2a0 [ 323.071936] vfs_kern_mount.part.0+0x5b/0x3c0 [ 323.076412] do_mount+0x3c9/0x25e0 [ 323.079932] ? copy_mount_string+0x40/0x40 [ 323.084143] ? __might_fault+0x177/0x1b0 [ 323.088187] ? _copy_from_user+0x94/0x100 [ 323.092317] ? memdup_user+0x54/0xa0 [ 323.096005] ? copy_mount_options+0x1ec/0x2e0 [ 323.100594] ? copy_mnt_ns+0x8a0/0x8a0 [ 323.104458] SyS_mount+0xa8/0x120 [ 323.107909] ? copy_mnt_ns+0x8a0/0x8a0 [ 323.111775] do_syscall_64+0x1d5/0x640 [ 323.115645] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 323.120810] RIP: 0033:0x45cb29 19:14:46 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$USBDEVFS_GET_CAPABILITIES(r6, 0x8004551a, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 323.123976] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 323.131660] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 323.138905] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 323.146151] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 323.153397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 323.160645] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$SOUND_PCM_READ_CHANNELS(r3, 0x80045006, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 323.204018] binder: 15178:15182 ioctl c0306201 0 returned -14 [ 323.211401] ceph: No mds server is up or the cluster is laggy [ 323.218669] libceph: connect [d::]:6789 error -101 [ 323.224801] libceph: mon0 [d::]:6789 connect error [ 323.235417] binder: 15178:15182 ioctl c0306201 0 returned -14 [ 323.278984] binder: 15188:15190 ioctl c0306201 0 returned -14 [ 323.290689] binder: 15188:15190 ioctl c0306201 0 returned -14 19:14:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:14:47 executing program 2 (fault-call:1 fault-nth:87): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:47 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) syz_emit_ethernet(0xc3, &(0x7f0000000040)={@multicast, @broadcast, @val={@val={0x9100, 0x0, 0x1, 0x4}, {0x8100, 0x0, 0x1, 0x1}}, {@llc_tr={0x11, {@snap={0x3527ce7161f25c4c, 0x1, "ec", "e6111d", 0x806, "1e2e71a305ef0685f2dd85b97687b25da71e71a5a0c1ff309f9c4ad1c566f718a5e9af0dd70b483100f5f436ea281e26d245469953873a6c0ccab13a7b712e6ef1c8c51fe35fd11386f6f9f6d01994ea2885c422046d978d88c49042304f80cfd4bc07712e905a2920b78ebfc76cffd8572127bc552da03b13210db22f3888320325989620eab2dcfe8318d182fcd6662a5e227267ebd5f35a6458fec17c8c6ad3d2c00f5d"}}}}}, &(0x7f0000000140)={0x1, 0x3, [0x5a, 0x10, 0xd, 0xdab]}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 323.402852] FAULT_INJECTION: forcing a failure. [ 323.402852] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 323.414675] CPU: 1 PID: 15197 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 323.415160] binder: 15198:15201 ioctl c0306201 0 returned -14 [ 323.422548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.422553] Call Trace: [ 323.422571] dump_stack+0x1b2/0x283 [ 323.422588] should_fail.cold+0x10a/0x154 [ 323.422603] __alloc_pages_nodemask+0x22b/0x2730 [ 323.422622] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 323.431213] binder: 15198:15201 ioctl c0306201 0 returned -14 [ 323.437831] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 323.437842] ? kmem_cache_alloc+0x124/0x3c0 [ 323.437855] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 323.437866] ? trace_hardirqs_on+0x10/0x10 [ 323.437875] ? SyS_mount+0xa8/0x120 [ 323.437889] ? cache_alloc_refill+0x310/0x360 [ 323.437903] cache_grow_begin+0x91/0x410 [ 323.437915] cache_alloc_refill+0x28c/0x360 [ 323.497441] __kmalloc+0x378/0x400 [ 323.500959] ? ceph_kvmalloc+0x2f/0x70 [ 323.504826] ceph_kvmalloc+0x2f/0x70 [ 323.508520] ceph_msg_new+0x293/0x370 [ 323.512300] msgpool_alloc+0x74/0xe0 [ 323.515992] ? msgpool_free+0x50/0x50 [ 323.519772] mempool_create_node+0x2bb/0x3d0 [ 323.524161] ceph_msgpool_init+0x8e/0x120 [ 323.528287] ceph_osdc_init+0x7a5/0xc30 [ 323.532240] ceph_create_client+0x26a/0x340 [ 323.536558] ceph_mount+0x4b9/0x181c [ 323.540251] ? __lockdep_init_map+0x100/0x560 [ 323.544722] ? __lockdep_init_map+0x100/0x560 [ 323.549198] mount_fs+0x92/0x2a0 [ 323.552547] vfs_kern_mount.part.0+0x5b/0x3c0 [ 323.557021] do_mount+0x3c9/0x25e0 [ 323.560542] ? copy_mount_string+0x40/0x40 [ 323.564768] ? __might_fault+0x177/0x1b0 [ 323.568807] ? _copy_from_user+0x94/0x100 [ 323.572933] ? memdup_user+0x54/0xa0 [ 323.576623] ? copy_mount_options+0x1ec/0x2e0 [ 323.581093] ? copy_mnt_ns+0x8a0/0x8a0 [ 323.584973] SyS_mount+0xa8/0x120 [ 323.588404] ? copy_mnt_ns+0x8a0/0x8a0 [ 323.592270] do_syscall_64+0x1d5/0x640 [ 323.596140] entry_SYSCALL_64_after_hwframe+0x46/0xbb 19:14:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 323.601306] RIP: 0033:0x45cb29 [ 323.604471] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 323.612178] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 323.619439] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 323.626685] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 323.633933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 323.641178] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:14:47 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 323.679381] libceph: connect [d::]:6789 error -101 [ 323.684689] libceph: mon0 [d::]:6789 connect error 19:14:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) [ 323.727001] binder: 15199:15211 unknown command 0 [ 323.736566] binder: 15199:15211 ioctl c0306201 20000280 returned -22 [ 323.750426] binder: 15206:15214 ioctl c0306201 0 returned -14 [ 323.763681] binder: 15206:15214 ioctl c0306201 0 returned -14 19:14:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, &(0x7f0000000040)="fd630346960d3d1becfc3f88a6ddf90dfd0b972f86378c74e4147594cb4f1e3f6c87091ad56dd629d87d2fc94a00094e9dc3d9bc7a658d9a44f28ca720ec3060418098a42c852aa716e13267bfbb5e6ad466715f1b59a9956ba9de0430a3a443b4a7ca9a01c647a6d32e153f1f507d422f334359c7d110af80dfa7f2ea400f0a05b158176a54b5411734445efb52edeaba41f725e0d4b84cb6656e46b2a20dace668542a6a3ffee624082a590f82dcae8cf2646bdababe9dd4efbb1e039249d77d0f444e5da342fb36c226cdfc95572e4135f543e240fa3ad0a17902cb21eca807a77466252e445a10cffd4aab62070436b132220489cb12627c6b2d8839ddce") ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) [ 323.771135] binder: 15213:15218 ioctl c0306201 20000200 returned -14 [ 323.795918] ceph: No mds server is up or the cluster is laggy [ 323.807534] binder: 15221:15224 ioctl c0306201 0 returned -14 [ 323.817770] binder: 15221:15224 ioctl c0306201 0 returned -14 19:14:47 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) read$rfkill(r4, &(0x7f0000000040), 0x8) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 19:14:47 executing program 2 (fault-call:1 fault-nth:88): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 323.840904] binder: 15216:15227 unknown command 25344 [ 323.856341] binder: 15216:15227 ioctl c0306201 20000280 returned -22 [ 323.911784] binder: 15233:15235 ioctl c0306201 0 returned -14 [ 323.926956] FAULT_INJECTION: forcing a failure. [ 323.926956] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 323.938768] CPU: 0 PID: 15236 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 323.946643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.955988] Call Trace: [ 323.956266] binder: 15228:15238 unknown command 0 [ 323.958573] dump_stack+0x1b2/0x283 [ 323.958591] should_fail.cold+0x10a/0x154 [ 323.958610] __alloc_pages_nodemask+0x22b/0x2730 [ 323.963567] binder: 15228:15238 ioctl c0306201 20000280 returned -22 [ 323.967052] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 323.967064] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 323.967071] ? kmem_cache_alloc+0x124/0x3c0 [ 323.967084] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 324.000487] ? trace_hardirqs_on+0x10/0x10 [ 324.002059] binder: 15233:15240 ioctl c0306201 0 returned -14 [ 324.004705] ? SyS_mount+0xa8/0x120 [ 324.004719] ? ceph_osdc_init+0x7a5/0xc30 [ 324.004732] ? cache_alloc_refill+0x310/0x360 [ 324.004753] cache_grow_begin+0x91/0x410 [ 324.026860] cache_alloc_refill+0x28c/0x360 [ 324.031176] __kmalloc+0x378/0x400 [ 324.034702] ? ceph_kvmalloc+0x2f/0x70 [ 324.038567] ceph_kvmalloc+0x2f/0x70 [ 324.042268] ceph_msg_new+0x293/0x370 [ 324.046055] msgpool_alloc+0x74/0xe0 [ 324.049745] ? msgpool_free+0x50/0x50 [ 324.053524] mempool_create_node+0x2bb/0x3d0 [ 324.057913] ceph_msgpool_init+0x8e/0x120 [ 324.062040] ceph_osdc_init+0x7a5/0xc30 [ 324.065994] ceph_create_client+0x26a/0x340 [ 324.070304] ceph_mount+0x4b9/0x181c [ 324.074010] ? __lockdep_init_map+0x100/0x560 [ 324.079438] ? __lockdep_init_map+0x100/0x560 [ 324.083918] mount_fs+0x92/0x2a0 [ 324.087266] vfs_kern_mount.part.0+0x5b/0x3c0 [ 324.091740] do_mount+0x3c9/0x25e0 [ 324.095266] ? copy_mount_string+0x40/0x40 [ 324.099481] ? __might_fault+0x177/0x1b0 [ 324.103531] ? _copy_from_user+0x94/0x100 [ 324.107665] ? memdup_user+0x54/0xa0 [ 324.111363] ? copy_mount_options+0x1ec/0x2e0 [ 324.115846] ? copy_mnt_ns+0x8a0/0x8a0 [ 324.119709] SyS_mount+0xa8/0x120 [ 324.123139] ? copy_mnt_ns+0x8a0/0x8a0 [ 324.127005] do_syscall_64+0x1d5/0x640 [ 324.130873] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 324.136041] RIP: 0033:0x45cb29 [ 324.139263] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 324.146985] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 324.154234] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 324.161478] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.168724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 324.175981] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 324.196805] ceph: No mds server is up or the cluster is laggy [ 324.203415] libceph: connect [d::]:6789 error -101 19:14:48 executing program 2 (fault-call:1 fault-nth:89): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 324.208649] libceph: mon0 [d::]:6789 connect error [ 324.267023] FAULT_INJECTION: forcing a failure. [ 324.267023] name failslab, interval 1, probability 0, space 0, times 0 [ 324.278733] CPU: 1 PID: 15249 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 324.286597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.295932] Call Trace: [ 324.298501] dump_stack+0x1b2/0x283 [ 324.302111] should_fail.cold+0x10a/0x154 [ 324.306240] should_failslab+0xd6/0x130 [ 324.310193] kmem_cache_alloc+0x28e/0x3c0 [ 324.314326] ceph_msg_new+0x31/0x370 [ 324.318022] msgpool_alloc+0x74/0xe0 [ 324.321715] ? msgpool_free+0x50/0x50 [ 324.325493] mempool_create_node+0x2bb/0x3d0 [ 324.329883] ceph_msgpool_init+0x8e/0x120 [ 324.334014] ceph_osdc_init+0x7a5/0xc30 [ 324.337967] ceph_create_client+0x26a/0x340 [ 324.342267] ceph_mount+0x4b9/0x181c [ 324.345959] ? __lockdep_init_map+0x100/0x560 [ 324.350431] ? __lockdep_init_map+0x100/0x560 [ 324.354910] mount_fs+0x92/0x2a0 [ 324.358267] vfs_kern_mount.part.0+0x5b/0x3c0 [ 324.362739] do_mount+0x3c9/0x25e0 [ 324.366262] ? copy_mount_string+0x40/0x40 [ 324.370472] ? __might_fault+0x177/0x1b0 [ 324.374510] ? _copy_from_user+0x94/0x100 [ 324.378636] ? memdup_user+0x54/0xa0 [ 324.382337] ? copy_mount_options+0x1ec/0x2e0 [ 324.386807] ? copy_mnt_ns+0x8a0/0x8a0 [ 324.390672] SyS_mount+0xa8/0x120 [ 324.394102] ? copy_mnt_ns+0x8a0/0x8a0 [ 324.397972] do_syscall_64+0x1d5/0x640 [ 324.401840] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 324.407006] RIP: 0033:0x45cb29 [ 324.410173] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 19:14:48 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) [ 324.417857] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 324.425113] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 324.432367] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.439612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 324.446856] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:48 executing program 2 (fault-call:1 fault-nth:90): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 324.533980] FAULT_INJECTION: forcing a failure. [ 324.533980] name failslab, interval 1, probability 0, space 0, times 0 [ 324.534257] binder: 15253:15258 unknown command 0 [ 324.545440] CPU: 1 PID: 15256 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 324.558000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.558239] binder: 15253:15258 ioctl c0306201 20000280 returned -22 [ 324.567342] Call Trace: [ 324.567361] dump_stack+0x1b2/0x283 [ 324.567377] should_fail.cold+0x10a/0x154 [ 324.567414] should_failslab+0xd6/0x130 [ 324.588107] kmem_cache_alloc_node+0x25f/0x400 [ 324.592681] alloc_unbound_pwq+0x465/0xc10 [ 324.596895] apply_wqattrs_prepare+0x291/0x7f0 [ 324.601458] apply_workqueue_attrs_locked+0x9d/0x120 [ 324.606542] apply_workqueue_attrs+0x2c/0x50 [ 324.610924] __alloc_workqueue_key+0x6d5/0xdc0 [ 324.615489] ? ceph_kvmalloc+0x3c/0x70 [ 324.619367] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 324.624384] ceph_osdc_init+0x7e0/0xc30 [ 324.628339] ceph_create_client+0x26a/0x340 [ 324.632643] ceph_mount+0x4b9/0x181c [ 324.636332] ? __lockdep_init_map+0x100/0x560 [ 324.640802] ? __lockdep_init_map+0x100/0x560 [ 324.645274] mount_fs+0x92/0x2a0 [ 324.648619] vfs_kern_mount.part.0+0x5b/0x3c0 [ 324.653092] do_mount+0x3c9/0x25e0 [ 324.656655] ? copy_mount_string+0x40/0x40 [ 324.660864] ? __might_fault+0x177/0x1b0 [ 324.664901] ? _copy_from_user+0x94/0x100 [ 324.669026] ? memdup_user+0x54/0xa0 [ 324.672713] ? copy_mount_options+0x1ec/0x2e0 [ 324.677183] ? copy_mnt_ns+0x8a0/0x8a0 [ 324.681056] SyS_mount+0xa8/0x120 [ 324.684488] ? copy_mnt_ns+0x8a0/0x8a0 [ 324.688352] do_syscall_64+0x1d5/0x640 [ 324.692221] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 324.697389] RIP: 0033:0x45cb29 [ 324.700555] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 324.708245] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 324.715500] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 324.722748] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 19:14:48 executing program 1: r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$FITHAW(r0, 0xc0045878) r1 = getpid() r2 = getpid() r3 = socket(0x2000000000000021, 0x2, 0x10000000000002) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r3, &(0x7f0000000080)) r4 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r5, r4) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) 19:14:48 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) 19:14:48 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:48 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:48 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) accept4$netrom(r3, &(0x7f0000000040)={{0x3, @null}, [@default, @bcast, @null, @rose, @default, @default, @null, @rose]}, &(0x7f00000000c0)=0x48, 0x80000) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 324.729995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 324.737241] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 324.769224] binder: 15261:15262 ioctl c0306201 0 returned -14 19:14:48 executing program 2 (fault-call:1 fault-nth:91): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:48 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 324.832810] binder: 15267:15271 ioctl c0306201 0 returned -14 [ 324.855787] binder: 15269:15274 ioctl c0306201 20000200 returned -14 [ 324.867151] binder: 15267:15271 ioctl c0306201 0 returned -14 19:14:48 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000040)=0x6, 0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x33, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000003c0)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000300)=[{0x20, 0x0, [0x5, 0x3, 0x1f, 0xffff, 0x68, 0x20, 0x5, 0x80, 0x8001, 0x3f, 0x80, 0xd03, 0x6, 0xc, 0x9, 0x1a6]}], 0xffffffffffffffff, 0x1, 0x1, 0x48}}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfff7}, {}, {0x6}}, [@filter_kind_options=@f_rsvp={{0x9, 0x1, 'rsvp\x00'}, {0x4}}]}, 0x34}}, 0x0) sendmmsg(r1, &(0x7f000000a280), 0x0, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r5, r0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 324.887930] FAULT_INJECTION: forcing a failure. [ 324.887930] name failslab, interval 1, probability 0, space 0, times 0 [ 324.926289] CPU: 0 PID: 15277 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 324.934181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.943517] Call Trace: [ 324.946089] dump_stack+0x1b2/0x283 [ 324.949701] should_fail.cold+0x10a/0x154 [ 324.953831] should_failslab+0xd6/0x130 [ 324.957786] kmem_cache_alloc_node_trace+0x25a/0x400 [ 324.962872] alloc_worker+0x43/0x1c0 [ 324.966564] __alloc_workqueue_key+0x9df/0xdc0 [ 324.971124] ? ceph_kvmalloc+0x3c/0x70 [ 324.974993] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 324.979996] ceph_osdc_init+0x7e0/0xc30 [ 324.983949] ceph_create_client+0x26a/0x340 [ 324.988250] ceph_mount+0x4b9/0x181c [ 324.991944] ? __lockdep_init_map+0x100/0x560 [ 324.996433] ? __lockdep_init_map+0x100/0x560 [ 325.000918] mount_fs+0x92/0x2a0 [ 325.004291] vfs_kern_mount.part.0+0x5b/0x3c0 [ 325.008793] do_mount+0x3c9/0x25e0 [ 325.012320] ? copy_mount_string+0x40/0x40 [ 325.016541] ? __might_fault+0x177/0x1b0 [ 325.020589] ? _copy_from_user+0x94/0x100 [ 325.024721] ? memdup_user+0x54/0xa0 [ 325.028416] ? copy_mount_options+0x1ec/0x2e0 [ 325.033845] ? copy_mnt_ns+0x8a0/0x8a0 [ 325.037722] SyS_mount+0xa8/0x120 [ 325.041156] ? copy_mnt_ns+0x8a0/0x8a0 [ 325.045024] do_syscall_64+0x1d5/0x640 [ 325.048899] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 325.054068] RIP: 0033:0x45cb29 [ 325.057236] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 325.064937] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 325.072199] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 325.079465] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 325.086721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 325.093983] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 325.140327] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 325.179106] binder: 15281:15290 ioctl c0306201 0 returned -14 19:14:49 executing program 1: getpeername$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000240)=0x1c) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, 0x0, 0x1, 0x70bd25, 0x25dfdbff, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @mcast2}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x1f}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200048d1}, 0x0) [ 325.199677] binder: 15281:15290 ioctl c0306201 0 returned -14 19:14:49 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:14:49 executing program 2 (fault-call:1 fault-nth:92): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0xab9535e9a6578fc1, 0x0, 0x0, {0x6b}}, 0x1c}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f0000000280)={0x0, 0x33, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r9, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0xfff7}, {}, {0x6}}, [@filter_kind_options=@f_rsvp={{0x9, 0x1, 'rsvp\x00'}, {0x4}}]}, 0x34}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x28, r6, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0xffffffff, 0x2}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0xfffffffffffffdfe}, 0x1, 0x0, 0x0, 0x4880}, 0x4880) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) dup2(r1, r0) [ 325.330424] FAULT_INJECTION: forcing a failure. [ 325.330424] name failslab, interval 1, probability 0, space 0, times 0 [ 325.343748] CPU: 0 PID: 15311 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 325.351640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.359928] binder: 15310:15314 ioctl c0306201 0 returned -14 [ 325.360986] Call Trace: [ 325.361005] dump_stack+0x1b2/0x283 [ 325.361021] should_fail.cold+0x10a/0x154 [ 325.361035] should_failslab+0xd6/0x130 [ 325.379316] binder: 15310:15314 ioctl c0306201 0 returned -14 [ 325.381169] kmem_cache_alloc+0x28e/0x3c0 [ 325.381184] ceph_msg_new+0x31/0x370 [ 325.381199] msgpool_alloc+0x74/0xe0 [ 325.398607] ? msgpool_free+0x50/0x50 [ 325.402405] mempool_create_node+0x2bb/0x3d0 [ 325.405223] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 325.406814] ceph_msgpool_init+0x8e/0x120 [ 325.406829] ceph_osdc_init+0x7a5/0xc30 [ 325.406842] ceph_create_client+0x26a/0x340 [ 325.406854] ceph_mount+0x4b9/0x181c [ 325.406862] ? __lockdep_init_map+0x100/0x560 [ 325.406874] ? __lockdep_init_map+0x100/0x560 [ 325.406887] mount_fs+0x92/0x2a0 [ 325.431582] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 325.436044] vfs_kern_mount.part.0+0x5b/0x3c0 [ 325.436057] do_mount+0x3c9/0x25e0 [ 325.436072] ? copy_mount_string+0x40/0x40 [ 325.436082] ? __might_fault+0x177/0x1b0 [ 325.436094] ? _copy_from_user+0x94/0x100 [ 325.436106] ? memdup_user+0x54/0xa0 [ 325.436115] ? copy_mount_options+0x1ec/0x2e0 [ 325.436123] ? copy_mnt_ns+0x8a0/0x8a0 [ 325.436134] SyS_mount+0xa8/0x120 [ 325.436142] ? copy_mnt_ns+0x8a0/0x8a0 [ 325.436153] do_syscall_64+0x1d5/0x640 [ 325.436168] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 325.504803] RIP: 0033:0x45cb29 [ 325.507977] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 325.515728] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 325.522982] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 325.530240] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 325.537487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 325.544741] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = accept4$inet(r6, 0x0, &(0x7f0000000040), 0x800) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r7, 0x8983, &(0x7f0000000080)) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:49 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:49 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:14:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) dup2(r1, r0) 19:14:49 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:49 executing program 2 (fault-call:1 fault-nth:93): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 325.658523] binder: 15330:15331 ioctl c0306201 0 returned -14 [ 325.680483] binder: 15330:15331 ioctl c0306201 0 returned -14 [ 325.691058] binder: 15333:15340 ioctl c0306201 20000200 returned -14 [ 325.700632] FAULT_INJECTION: forcing a failure. 19:14:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) prctl$PR_SET_FP_MODE(0x2d, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 325.700632] name failslab, interval 1, probability 0, space 0, times 0 [ 325.725445] CPU: 1 PID: 15339 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 325.733333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.742687] Call Trace: [ 325.745271] dump_stack+0x1b2/0x283 [ 325.748884] should_fail.cold+0x10a/0x154 [ 325.753036] should_failslab+0xd6/0x130 [ 325.756991] __kmalloc+0x2c1/0x400 [ 325.760512] ? ceph_kvmalloc+0x2f/0x70 [ 325.764381] ceph_kvmalloc+0x2f/0x70 [ 325.768074] ceph_msg_new+0x293/0x370 [ 325.771854] msgpool_alloc+0x74/0xe0 [ 325.776327] ? msgpool_free+0x50/0x50 [ 325.780105] mempool_create_node+0x2bb/0x3d0 [ 325.784496] ceph_msgpool_init+0x8e/0x120 [ 325.788635] ceph_osdc_init+0x7a5/0xc30 [ 325.792592] ceph_create_client+0x26a/0x340 [ 325.796894] ceph_mount+0x4b9/0x181c [ 325.800586] ? __lockdep_init_map+0x100/0x560 [ 325.805076] ? __lockdep_init_map+0x100/0x560 [ 325.809562] mount_fs+0x92/0x2a0 [ 325.812923] vfs_kern_mount.part.0+0x5b/0x3c0 [ 325.817407] do_mount+0x3c9/0x25e0 [ 325.820933] ? copy_mount_string+0x40/0x40 [ 325.825149] ? __might_fault+0x177/0x1b0 [ 325.829196] ? _copy_from_user+0x94/0x100 [ 325.833336] ? memdup_user+0x54/0xa0 [ 325.837029] ? copy_mount_options+0x1ec/0x2e0 [ 325.841504] ? copy_mnt_ns+0x8a0/0x8a0 [ 325.845374] SyS_mount+0xa8/0x120 [ 325.848808] ? copy_mnt_ns+0x8a0/0x8a0 [ 325.852694] do_syscall_64+0x1d5/0x640 [ 325.856570] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 325.861739] RIP: 0033:0x45cb29 [ 325.864910] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 325.872596] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 325.879949] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 325.887376] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 325.894624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 325.901873] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 325.915440] binder: 15344:15347 ioctl c0306201 0 returned -14 [ 325.925074] binder: 15332:15350 unknown command 25344 [ 325.948653] libceph: connect [d::]:6789 error -101 [ 325.954154] binder: 15344:15347 ioctl c0306201 0 returned -14 [ 325.954936] libceph: mon0 [d::]:6789 connect error 19:14:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) dup2(r1, r0) 19:14:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x2) r1 = syz_open_dev$binderN(0x0, 0x0, 0x803) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 325.967658] binder: 15332:15350 ioctl c0306201 20000280 returned -22 [ 325.998575] ceph: No mds server is up or the cluster is laggy 19:14:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:49 executing program 2 (fault-call:1 fault-nth:94): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:50 executing program 4: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, 0x0, 0x0) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 326.024902] binder: 15357:15362 ioctl c0306201 0 returned -14 [ 326.038395] binder: 15357:15362 ioctl c0306201 0 returned -14 [ 326.109179] FAULT_INJECTION: forcing a failure. [ 326.109179] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 326.109444] binder: 15366:15369 ioctl c0306201 0 returned -14 [ 326.121005] CPU: 0 PID: 15370 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 326.121011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.121016] Call Trace: [ 326.121036] dump_stack+0x1b2/0x283 [ 326.121053] should_fail.cold+0x10a/0x154 [ 326.121068] __alloc_pages_nodemask+0x22b/0x2730 [ 326.121089] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 326.121101] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 326.121109] ? kmem_cache_alloc+0x124/0x3c0 [ 326.121119] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 326.121130] ? trace_hardirqs_on+0x10/0x10 [ 326.121138] ? SyS_mount+0xa8/0x120 [ 326.121149] ? ceph_osdc_init+0x7a5/0xc30 [ 326.121160] ? cache_alloc_refill+0x310/0x360 [ 326.193831] cache_grow_begin+0x91/0x410 [ 326.197897] cache_alloc_refill+0x28c/0x360 [ 326.202221] __kmalloc+0x378/0x400 [ 326.205756] ? ceph_kvmalloc+0x2f/0x70 [ 326.209638] ceph_kvmalloc+0x2f/0x70 [ 326.213347] ceph_msg_new+0x293/0x370 [ 326.215128] binder: 15366:15369 ioctl c0306201 0 returned -14 [ 326.217144] msgpool_alloc+0x74/0xe0 [ 326.217156] ? msgpool_free+0x50/0x50 [ 326.217165] mempool_create_node+0x2bb/0x3d0 [ 326.217181] ceph_msgpool_init+0x8e/0x120 [ 326.217197] ceph_osdc_init+0x7a5/0xc30 [ 326.243141] ceph_create_client+0x26a/0x340 [ 326.247470] ceph_mount+0x4b9/0x181c [ 326.251187] ? __lockdep_init_map+0x100/0x560 19:14:50 executing program 1: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x40, 0x9, 0x0, 0x40000000000000, 0x8}, 0x0) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, 0x0, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000040)=0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) r7 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r7, 0x0, 0x0) kcmp(r3, r5, 0x2, r6, 0xffffffffffffffff) r8 = socket$phonet_pipe(0x23, 0x5, 0x2) r9 = dup2(r0, r8) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r9, 0x40046207, 0x0) [ 326.255684] ? __lockdep_init_map+0x100/0x560 [ 326.260178] mount_fs+0x92/0x2a0 [ 326.263545] vfs_kern_mount.part.0+0x5b/0x3c0 [ 326.268051] do_mount+0x3c9/0x25e0 [ 326.271592] ? copy_mount_string+0x40/0x40 [ 326.275830] ? __might_fault+0x177/0x1b0 [ 326.279889] ? _copy_from_user+0x94/0x100 [ 326.284037] ? memdup_user+0x54/0xa0 [ 326.287743] ? copy_mount_options+0x1ec/0x2e0 [ 326.291632] binder: 15377:15380 ioctl c0306201 0 returned -14 [ 326.292228] ? copy_mnt_ns+0x8a0/0x8a0 [ 326.292238] SyS_mount+0xa8/0x120 [ 326.292247] ? copy_mnt_ns+0x8a0/0x8a0 [ 326.292260] do_syscall_64+0x1d5/0x640 [ 326.292278] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 326.292286] RIP: 0033:0x45cb29 [ 326.292292] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 326.292301] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 326.292306] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 326.292311] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 326.292316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 326.292322] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 326.329746] libceph: connect [d::]:6789 error -101 [ 326.372526] libceph: mon0 [d::]:6789 connect error [ 326.377505] ceph: No mds server is up or the cluster is laggy [ 326.387185] binder: 15377:15380 ioctl c0306201 0 returned -14 19:14:50 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000"], 0x0, 0x0, 0x0}) 19:14:50 executing program 2 (fault-call:1 fault-nth:95): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:50 executing program 4: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, 0x0, 0x0) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 19:14:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:50 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:14:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$nfc_llcp(r5, 0x118, 0x3, &(0x7f0000000040)=""/91, 0x5b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KVM_SET_NESTED_STATE(r7, 0x4080aebf, &(0x7f00000001c0)={{0x2, 0x0, 0x80, {0x6000, 0x3000, 0x3}}, "85de7b66e4419f5b27732077bebb136f8857db3016cc98931c620e171e62ba01967eaa5ad7513465326a93762d64dae7f480d379e932a1490f153f054d6c290b6bc167b5c57b65fd75b5fab506cde18d3503bf4bdf28f98aa61f8ff4c51fbbd3fa1452a4b8c485e7c5a663ab7facb8db384b4878f2c2c2184af93a8e566fcd3a72849b140f7ab666095e396c86c80fecb3b94d038bcfc2c8df3604f58a46c4412744add0bb1d05434650ef39a560556d951d52d7fc94799e0f4fa0cdb5102421cb1a25882086a293c9bd9a3ecdda0bd77bc23576059a9e90305e2e1e39869716fe5de99ffcd89a94eb34892799fb0722facf47dfefe83e73b4919b575c430319e9d403e01b2ea5f28131b0d1c1682fcd8ae5a6e4f56a5845162fecdbfdc11a2ba03f66fa1bbe63d00176fb08afc4005eff969149af9e413d1d2d8c14c610245d4f3021a5085970d2c49563b789e306aa61c40d3c0f621fb170657138a753549049d8be3da2a752c650535ae63aea400edca35142f2ba0d15e64100c25e58a68e280392a69a788dc6bc06c6cfa7798b43ef4f23bed4ac852304966d0cfb4296e6bc1421d04ead09a0d88d59e19a8798d9a08d80d306ff7fb57a953a24edacc4d8869a2e11840aef7f303d54bc4c735120904e936cd3b148fa539594e3e41f1bfb9b74f845d028d08f6101296a8a52b4a434910a76312014b585e7480276973ef8c9b3f0449f44399dffc0ef8f1f57a38e80707ad584b3883018eec33f92a43cd81b3fe2896f3a06f3bc9c6e39672694f650f60e66048453240e55fa54b81b7cd15b4a14e14c334f375af1415a667b7f6332dfd400611f86c969f719116f10008c89dc2bf27eaebd472491dd30f3bac3dde82509d50a3b3b6e285f6a7849f5ecd78d87fd2993271f407f79b82d27383f9b0efb7c7bd83cc19cdcfc0b143bd084f7055605e83a39a9fad8ff4c73dadccfcbe97c6001f84838b0c067811f00565b92eef33238988ce7455bde40b9d0a688fc24ce1221d3472339786acbaa2b1aaec3a52c62a3e7891751598d021aacf30ccfb5e977831592f0b0c666f6b3b04e94dce8e261c69336635a067521ed62cc05d3161b8aecd819e249eda08da59f44786fa8a6f89a5c274652edb22d911a9d7cb89b50b6e8230eca3652eabba7bfff3c92543a960a3f9e193e59987c9450c03e76a1a22a04ca8ba603c8f6489d9d6995693736bff02f061207fb1ac9db799fdd8b712fc1215cd6f3d476116cdaf10de6631c4e1f25936d0b3ce52368193d4953eb6d1fd0acc7d4643d6e0c8d7f3e4c958ecb30a184d5490f85323fb394f7427be6bc1393144b59eb1a604a37f3c72e6d19a4a8b903a94b0e88031b4ebc0941653735403525f3a6a1cd865ba19f127634b0ffb675ac99610ee0403f397324b75e9e13c8eb37506dac1ce8c699fd5c42dac9e3d7b9c5311f33c93d1f47913b4928346968b668c513ebdef041990e9a27a58b6d452d0ff7c7981387425dda18f06509bd3c12cb4ba4219ae7819611b03599182c94968610f49e2b377b5445fa74a371235fb1c72b53549f26a29af32c8eb8072991e7ca480429a6c3b88568f441f815d9b10c43a3b7372bf5be5a5b7fb577f8cb53b8305b62cab071e44ad301860437592ab423a9e7921a92e0782035b91bae3682011de0170cbf2faf67f4fabdafc86da03102a45b13787c4b5123a5f7ce04c3e70511c308a10fab3e7a2bae8a0c553ead7ec33ee4ba37e86e9397b1f518f2bf3369c94c13e621463f88c8d7511243ac7c324ee95bfdeadc4b537544a8af64f418b12671f968851b353974da2c0ec44544d8b20d69cff331bf3e47e896db17289ba14ef4ac5846bd31fa69b52223c95a7f6601571b01117d53ed88f4c7b40a3620e0fa5463f67a27ea9c4305bd054f01a418ac1901a464922e2e05948e508c53852544fd8fad5b15478ffdc03161ce23b47ec0e32b4d1747515d25ac6db0a1bcd24b686aea0a24dd234f74f9fc6d1349813cdc3e25991c9a2c8c0ad33e185971ef35f3c2c326ebb20e75c9e07330bc516086cba9861ad5b5784c045d8f27e6ff2d906008b7620e924626cac282833f34840962e7b7dd172117186c3995ed29a35ed311314a219f5b5088d1e105e185118fe0319eb050552ed3bec7146de0dd744d000897f8e0302a8fe04bb8bf8e6b77882dfc7f5c14c8cf532900a34746b36cfe4781fd1cf2d30f7f7b48894dce11585dc195f4967adfa15ed00de0ead32380cf2c006265fb4151b7c611405365c7d322573067007fde40c1e7f886df86e926ba6a49cb4dcae183d9bf694ebdc3baf40aedeb58e96d9d9cae562a2465bdcf1450c476877c3ed559a42b761511776edecf9e970d8c84f1a6743400aa92149aa7e0084cd0dc51d097ee72867e76af3cb822b7614616634d8d4d02a257987b5a4e382acfd0d22cde8e3be0414656a500980b7034183fe258cceda1a680397b4e93ecb565c5b1674efc6beb19f23dcc475457827df9c364b380d470be8bfdb3180812adc048aa6f7f0495c8b984c4354e7ea54fa563aa705d7b7bb3854387c452537c99f005216cbf064a7ed78aaf9c8461ebc28666b754da42a2172d3ea13f8d44c1260da8dbb8c01e2a27a75ef32d7f9fb31d155b604fd78da42d0ab9efb75ae08548c82acf869b137a35c12595a4cb2dff6c77b29b41fba0c221a7002ad4eb569658e298b12f2bce97180b4d482f174f7a521b91898dbc28462d203dca1cad8ebec9f2fa0306abdb42b73abdafe2153ec08c214e7541e4ffc6f40715cf0203c2de67b4f0f37178951d4bc2d3b9679e0eccf80efb1eea7430eb608daef7f761d3e473db1e2264c07c1c619ba2ee4dc5cfcfc9f48b5ecd017b8876be580b973e378a4b44401faf17c2f59d5132bbb904798ede5747638025f7519a2549acab357b0f06585cc6b803a3a1467508c6c6f8d65ddf80a7e3388dd71fb6b76c78d840e334fdf3d08757b02aca74f9322027511d25f3c4bef830e694ddf13c153fd0a1cda0bbb40d3c907a676df0e5ca485b2ee20d82c8243e9855ee3d7ad8096b4811ca75816a94a56f507b1c0baaf5ce3b2c49172b4d791291d18a9ea4f9f6206cb0e67c7bb4818ccbde73ee586d74a392efcfe6ef31f37ae2476dc33b3d1a439809d0a809586f1856c4bdbf3042c4d889f70eb0c9c09d5e910e27eb48702791887befd343808b3af343185b62769f2565d530717b8167a3140b34b01d0c2eb688f5a5d81c9ad1dc2e65f0ed0ff43507484f61eeeb915ba46c3d65c497f4eaad15073ca45eaf2974410e60d892e07beeac4340ec431e983f1f85f04547c6af84145ae58cc2a4320f3135f9c339a9f539c02d9765b1f6b7353bd7849b88fff6e6382f64cbe63b6f2e78357c5c9676004b8d4f471d461f5e7e9a0bf51af2336c8e9aafab7bfe87e990fe9f9f6d140588a5f0a9fc8cfbe721e97fb1f3924a494c355c80ee7024d32831d3b0fbb24603ec23a00c630492d715d0645883a0f8125d2bfd727418af19017915f6c1a38560d3be0fc6083d20bcf4b014f787df67306c99c4df8e66926272cd8960a53ff795b957a8d8f641efd40919f61b8a457c9f40bbd3f494fa6476846e4ff04debebdabc10ccc6b532fa6a0f12c02e2be4f424c4380b0a2ec9a3dc85cd1c015bb1876bae514c24d435b25acd13e872fac16540d773508028b4c76241fcff9ba252e0eab4fc49e42aae804d020010acbd6f8191b48d77f8b7e2aaf216664cfdcc21ecbabbafebb1be42222d9ff05370861682df22ac80085e4d75a3e517823ead3c90fbf93386710c8afca66b221ed5bf5625817e61e5d3def97fcc6e7999aa7b678b7d6a738679a5e234e3cc5918688dedee5c42bdc56dad1fb89f13a54accc57386c25bb95adf80f6e0d3589acf04333c7c8ecb1bcfd93c89a7b4616300901492895cffa8c60ef7b9b40c74039e14fe4939edb625078f5472f67061d5f7690ae2b3f043d2aaa3da832c58f066b5bcb48929051e54199c6ebe8b698366d77eed5b27b9fd4d3019baf889413a17db43eda421affc37cd3cf817b53e94c15701ce5c3704663d4981f1a4352f055607334cbf5f0ea13cf1efbc4649522a3165019acc64b799fcddd9e6a274059682a4b2c26416d668d0b728551df14ca1e1ffb44818f7fececff0c0f5a26b0ee2049d7284f5023f7f0d8e6cfece2f2fb59c571798f8ff1bba3f8e7d398fef3701aa501d4504678163a2a3ea448b1ea411448e95c42464efa7d00c0c8bf33f171eaeb140e7b8a7f351f668055b7e7ec964563a6f7148410434bcc5cb663771c99ee114f3225edcd5915b28b57e1c8ddc3d48b39ac6454d251156326b93e6490b41c62d7b0a03f5111c40451fbb899c2ed2065c775f39e9fdc32d1b22d98e7b7f19985d5f5d548c9452c12dbe804d5afb0ec4778083e53adb06a50fc47de7ecbf578adde2474afc78c03a31dd7c561bb99e5446551f379a1b1f6d03a622b6b15864eb5f91e68ff128f0a5070ba28a7efad2b28400634ad0c528b4f58c5d0877bf608a53f976ae59cf711f501874bd04ad0be1a03fc565e0b73bc9f1b81b7f1c312fc64915861a8ab3a832374560e381059d4ea81d3f32bf22314f54612d67b9bd9565b414ac4703879b27d96a590196242fa0ec5f7c78b4a026d86774905825e9eb822bf9c596c9c0661a8fa3c4e604e042378b905baedc464918d5ce97b3ff593556b04188b4a18fe3d7c4df8b4c865db18b93f3ef90c550cb7620c5169b5df4c8a10a90b3dcc7b518930757ac8143dde21a2872f1e7b08b3c18cf24773459cfffadd876cabcd3f0010d35633774574d944ff4e7c5fa3b3f4b6bdd0c60a9ae0b205311fade493db870390a7165ad1f34bf3c694ced0e48ee7520bfc1032cccb911aef672a485f9ccfcf6f1eda412460b80b78b2156aeb3c00cbaa142bdaaec0a031315ecfe257381f42db8aefe64d1466294c7e4e2ead224b0850b1ee8d5e9188842006a81560927f3e977aa7f1fb35b9e941afd2da345d1568ce7ce0dc50f7929cc1370547fb733aeb5446543bf87da864399c4f2c4b184fff497c933b41d058a9255d094c2303fe9ec031a5ab557119ec4eb7565eca44860efe350d3ca64a40c62cc7bac96831746337c7b449565c24b02117bd8f4e0fb71de5f6d8f1d4ae2bef70e4bd0cebc42e765ce4d4105119717b2489ebb17e2e5473379c84a80809814c2cafeeaba0c587f908a9996fdd781127dca7134c84700e58b5ce300e12d39cd1c9bc7a179a29aafa3de3f0f5e27da7d882e7958de60ff720cbb6fd590d29d955e99d26c522673fa3e981d98d8638a5f49683523984093eef7d3da64b0bd3631c226ad73d312c2c9b791aea867cfbccb0d4363b5511b31dce875d4b2f6df13e5f18d90ac8673b7f1a7a45c8b12721a5aca0bd9d53437f3fca06d60e460f1b7a0d05820df7c7859b7363af8adb5b9bb5332b0950353e4628f3d4e30811373ec7653d898bc68734070395a3d5169ef9445f8c149f36037aaefaea80dd4697e514577fcd612a1b546160182235393fe8d19498769f9ac15065abc336501405e46eec8f4d0535da7c5bc0b130415d0de3124a7b6ba8eb00bd7cf9f55a135f4f29f231d0d7d4dfc7e5f94ede2086544be0f53f58f8dae5105dfb37fc85673682d278855fef9362bcf620da770f2e32dde67ec89455fcda89171ded84af8c647e384de7144477f6051b1ccf868398884e57c729b0f13bbbcc188e2887994da7421e06ac180e8e9ae1e1828cdd61a", "60ca7113e33e5f46807292e96106781c762d70b60afe49b62b20b54e6cc4b6a6544c68b53a0ab1a128dfc35523cd96cd42fd549d32ec0c7ad74b06e8cd50346e11819050053c023acacc5808670360e21860586916c9aa94e55f3414eccd5c440594df3bee9bc326b43badcbb5d8719988206f1a1c2b2aecfef25dd68d1b5851fc0ad93d59bcf8a607b5a05be6ce7a75ea93f122625112c7510b4b1b9a369ab63da23498e6722ef8f03ef35a7126af267d0761405f5b6b93ed4482cd095b850045d9d0f4ba10181116958670ba7363c5f229b7882f19da0011016971e0f69ec8f602a9e27910c661363c28dc691ab5beb2990d62b08c5e57702bc0c888f3024f9e69983bd8c749ae9124e33cacaab99797be64437f3565d241be0ab081396a037cc096a6daa33fdda422f48fb31c82ecd8167215290d1d736ae07071fd8b9d52984f41b75283083d57c0c1da9bc32f4754030e21fd8cafba2c7171b49379767b3de36c313f4b009d9185cc94f84cbe13e5d6edff1b6b131dddeb75a6786a922cedbad0051d6f108d7b3c418e58a18e45c84fe372fac2303816410fddad50bd0ebae3553a15c388bcb7ffb359f004b5ecfcb59e0bab8827750ef2c017ae05243d40c78fcb3a0c7071eeaa78e7ce49b9cbee0ecda04818b8decd22a88a868b5294ea99df7116e024b1cfb1570aa7d4e83deb13102730758e26f6231f3142add8c511a7289a1001923d0bf0f3163cf12129d8f46892710496abbb3994d61fd98820832103c41127c7d6b119090376c91defe2ed05de253bf4f0a99d8b2d183701ff5e742585d1e5cfa655f35a054b72ac7ebc59cf29a100a220662497dcc294c58f12c516f2605cd22f2cbe5ad2bb0c96eca9ae99773088012bbe46d43959aff3125f4d8b280acc0c3cfca04099740e37d42a415702f129eae8d882250ede8c0fa0c659a0e9aefdfdfa046f4977e10e32d66f134c6c04c0576d1ceb13a0264c48ba81dbf08da66eaedcb0bbbd75ef1f9ead5dafe1abf764f96f634b800503269bb6d6c84c275d40bec0936d7e8f5900003c28dbbc41c229a776bd1bccf240428b26e020acf69a5e6d7f64e97e9158f1d356cc73e788f57b957f828dbdfc71c1f26703a9e922a28a15ac4141a94f49839e7b4a3ba933ddeb28d8d81a8be9f9159114f18bcf7eefec9d2b2dd27af447cdf6b4986bd6d5122f3c3fd216bbe3f84ec24be75595a8f0eaae3445496043867c2b5d4e77099628c52f13ee376edc0c260f12ac3f54741b6f66a64eb2d68755db9bcc29d163b4352840771d6c123e241161d0246bf9aa86f96742a99a5cc0d20ed464a3d57a9d755db7296c7524ddf1578970b9dc458cb7045ee8f3e8800cece45f2d916edb0bf8b98c8cc7266235e0814c8b672db4ff1b07f175aca5d9d9a6926c6305ba3a47e98d78d501a34b2bdf170fbb207e16d2044ae55f757074bdf6f52e87db7f2b577ec2d37b7125012d967d2f131d5b3f219466ed8329fa758b462b8de075d149313b5a68e3cfeacc2fda9b17891529acc014029df88a2f2432bee2527d2701b3fff37d12934f4c04bca22092085bc105e7d7a46d4730c52cf7d419779a404fe706ad87966a6dd91f801c0f9daf7e513b1bbeef9be02df73ae5a52a15f200b11e79af0f600f44d9dfeebf57daf9404e57349a04cf966a77725eb1d08f1e2af4959aaa2919cd6640761f54989de629bac8dafa488de4e8c748dfe98843321e53537515b8301c2ec722d9bbe0f7bf7b1d96e6d805f6882d08bfd644185676ccbf30a52906efcaf7d1b4b865b63233bca6a3e844e7877d454b1b2d3912ed7fcf6dea1a925cb8014a89119a093eb0b063cc0cd1c62c9e84372e9bf04d342a8cc3fe0636868ed651cfaa0078b2e1e164a8c1f8a771fa1bfb514d792630dbd84065d16b6fe9bc785a13562265754a09339dd3f74d5e60fd777dcede5cae76765e7c4349fb636d24f0d4edc29eb8c6817a4429728a90c234d8ac16286903bb8ae7ea28851906e6c873fbb8e134fa373e067dd0300d664d3b8de2bece27bbb50c736517246964d644a1ac265a6aac731c7673bf9c8585595d5f17c784fd9b80f5eb5d3351f0a0295b7b1b56a45505f99bf07273c76ee57b5f7ece054f78b557ac2090ded1cc0f187d13f53f46e4e7a5e87ae2c569b69f90489865549186c6391bd60937431945fc10f4f369280c84c282a75b14f9a11ff044abeaca96fd7f696c411f3fd8058b52b966ab99637b7299c091b977fe223d780382f6a983a70a1f45e71ee309e234e9d01c9f9d78593d4096f8be7ca370bacf1beecb8814185aa4d2e4b2c92b760f32db6e9c7efb74dadd8993babb65de6250f14eeb497809ca45a7f64b8e5aade5f9a503c2784603041b45a01197e8991ba4de52a320eb9f164db5650830d0238b78e18ad9e77b70474ebd68346bfffc0ed11e7467d91e2f84230e5cc65bc5490c1bc3ca383748a10d382f743d994e0fe03b0a8972563c497f1aeb9ba291ed777e458ba357adf30ed09050ec6fe7126bd1deaee88b679df8b577c3126e776014dfb95eaed9dc73e61f64204590d1123d61d2e0f9bb3c481294c8f5a1faaf8a0e5a4f0c73730ca452de7628e75fb625b00a82dae66e6b70a894c80f8d51ea1d27282d42fa53aa61e95e3c52028dc2cb4dc9bc671568bacab26b2abf6665a89636cc73d06578dd231d570b5435b1bf9af1a3adb6139c376f48a9046a4d92c1f1eb6c38a1c0f9ebc22bebabaa4fb84435cca700f4f7503c9f77dedd5caa717d07d15594fff2a9c58560e91f815339007e2e8488ef5f58b7442ae6bead39ab7e66626933c1f3622a78d6f6059e528538e5560c40f46fe161a04c5d98201a9cc3b255f5a9af0641538a3781bd21696bd29e53c5b9d26d6125d5afc4dc03b50493517642167f5b0ee6d2496cd1ee37d20bfde56d3c1875765dda0e66154f7d78e2c1b267bd4efc4f5f914e0c2fb96814c21d7089b9cddb78c28459a98a96b9c5308235c98795d025b54f574d7d43f153bba0bcb770c6a84ee531272279135b39d1dc1149dab05a7e90c74e74eed21b7b5f4ab626111fbb300fdba286c44d737489c426435c1461ac00b3e1e1699624c491e32f646fba98697d93cc4a3093c832c12769b5771d9494c995dcb875d51a2615edc1a07083cb7bbddedf04bc04331c65768d605ff68bde542c1e08705267f5105dc8b35b81ac3cdb33421c9dfce9e0e0e6ca4fb244b6e82864a567a23831b1855ccefad4fc53262df3a0843623299a3bf529cba644ac54dd961cfd8244382003905f48608be6342c15576c7a2db49297550901300751acbefee74795898d17c7f1a2ed7246c0528ca91069f7cb5bf9023a9cb6145c25896cd155e9f97705a1d89c541377702138c2ae04cf1190b269b3cf8075151e9f84c1cb508b42bea42d4b0e3de42ad36c96c7a35b176a8fcdca056da405338492c8d461b919afabac299a3acfa81e4283cd1ca847aaf1f6e70ee2b80b5da76a0e42cb66f2099c32208bfe0ff1261d8c854e5e7b010778db3bc3bd4bba3571d6fca89edb35eb58f1b5f2b756193b177393c34d9dd52272bde528e7fcca01551b7b98ff061eedc6edb52e16ac8dcb44a994f387a04382c44ca9aeb857b262f9c6a519ab8dddc0058a5d29186a79b2bb069d6499087ddbaabbefb78766fa930a53ed10ac030b5d0acdb2ed77ee624af5a0e9b24c0a5b7f67af2650c91ce64b9d788813dcc32bce8a61362e9755ff558882be4a5e1b9531edaf7c99f24fde6b93d27e070b0b1ad6bd4862bd66983cbd8e8a95fd5fd03166dbc03786effd76fb322623cb2715af8bd0d2a48fe876f75ed30efd554d2e0a44b06871ddacd003573eef67391c74f6c4ede349a2ae9f707b244fb8f473f2896b1df86cf2670f59ccd7770b1615adf0efd993569a0d7372cb542d070b834162f938cc663fb7dd9a764f792093762f7f3fb99782760c166039bced85f82ccc504f818f207655806204e8d83e5e896358b858de73bf9c7af823e6c54163f78b9299c539a6c2a0a5cad9a846e4f191b710ee2e12b1001450195514b790c844ee1fa95af4ae93d3423d148fac891117f172feb89961abad9716bb47f09eb5077d4862f2b4fb7224c121a69a35d79ce17b19177526d07f2a52973ff67907ab1d6278950371dafa1370996dc4df3753fc4617c7ef69d7fe7791ebe841f279b075387fa7562ccca7ca842c0bbbf8976926a21704bbb609497901e37bc75f272ae7214407549f4cfd722e15859ac4d47abfc47ecc2ac126b700a5f3839f430ed2b971c45a7fa65e5c08b279a550e7f5db6c3d5a11a5e5f6017a8686b8b8d2463d3bbdd97036a0a5652e177408a4cb30505f1ed5ed82a11a1e8646a67f916e279cd98a6bd09493a2310a56af69fae36ee03f2d76eb8a7a2c5d19b9e1e24d3b0a328e67da83ab133b98fdde526f7190508fce62dce6960f23c43f600e82be249f10b15a73364b61471a0260fa1082ed094a43e43e4eec4fdd14dc9e73dcac379a70a45e56c4d365dd58e524e5a192e48ab4ae29c08362b65f52e875ba8f0ead92835d58c67f7715baa11b5edc8860ca065673a00709088d5a63fcc9dab58d7943f685bcd304b3374ffc98586c764e4567333501f7014fb75db295aeeba3102fc1334af12a5a8d624715b577a025aac30f36e868fd942d233646d3ff114cb44e3c420977810a7917c2a2d17edec4a71f0b62b13182c754804354049e9298575cbfa443e88af3e5ee93822edf127ef79d843d49ca794464ea2eafa57c22049601eef221a127afb7f1bae33bb32f305b6dcf80610ea6931a2e8a47af5e180e5cf6887c5b1eb25e75b7867845a265f75bfc8228740a13cc14be21e395fa83e1d6c35101d5d67e038892127dbaa7781c2390282b27b44c85d68566f2a8ff79fa5823accea3ced21a7811493295268a4a3b97bfa975d0567e18d9c1673831192479ff7f0dd3bc02f9bd04ff7e251d7074eb651624719ed4492b84b77a4f309762f056f08496ae96fa732ab170222f1cb0824883be7a62b81ac36560bfa6a15fe2182473846e671053c0f9ca00cbff0bcc454cb863e4217b3cc183603ba3b5f9a524cf49f284f539d766a07db58319242d5c2cd67e68c2b4b5b40ba694272263b2c1056f3eaf0e25f8ebc24737621e2273eb8cdd5b2f7cb2cd94aef2346ac16be803a1aa0b3e3b7edd34bf93b95e2366bcd98c47e79b310b340090d60cbfeb21f76582995cb2dfdaa75fb6ef2b3a45647dc444a4902f4cc1087db4f02b379b89c5582dc2b7930137f898111d63d1fa6eea8ba8b27b3180b469299bd68992a3a8496edaa87004e906a1e060f3c3c732429b128349c3f2110aee489b18dc1c98fa1cab85d5ba83c863a8af08dc9c9e34d12a467b0a9fad5632f9b1d27c9ae6ddbe2a5e14cbe11641e22f307d067b1d832ac0ac1e7ae725757118e11b5dc7caa6b5994688423d20b7262f74107ff994102c48eb8b027ff47bf7888fc35313646fbd355d1e60216f931c4217fc215c0cc7480e76d13b58a7aca2521c21091a36746bd6c127cee7d3b0872ce45650c4b2488513080e045c3cc102d25d78149858f1bcbe1998308ad02524f123941204ecd16a1894eac0e3262c243f918e6695a85c49fb7eb336c53256fb79fa38982bde67cce53227ad24c5399552272358ccc2e909cbe113250e9ae3de2a21b0131b2bf89a0346f0031d7a17b51b60014389be4b14185f63851f99701593805b19d28494b51dadd4b1fc6ed04d392d15fa"}) r8 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) [ 326.530444] FAULT_INJECTION: forcing a failure. [ 326.530444] name failslab, interval 1, probability 0, space 0, times 0 [ 326.556512] binder: 15399:15401 ioctl c0306201 20000200 returned -14 [ 326.564854] CPU: 1 PID: 15397 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 326.572742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.582091] Call Trace: [ 326.584680] dump_stack+0x1b2/0x283 [ 326.588314] should_fail.cold+0x10a/0x154 [ 326.592466] should_failslab+0xd6/0x130 [ 326.596443] kmem_cache_alloc_node_trace+0x25a/0x400 [ 326.601547] alloc_worker+0x43/0x1c0 [ 326.605265] __alloc_workqueue_key+0x9df/0xdc0 [ 326.609844] ? ceph_kvmalloc+0x3c/0x70 [ 326.613737] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 326.618500] binder: 15394:15409 unknown command 25344 [ 326.618757] ceph_osdc_init+0x7e0/0xc30 [ 326.627900] ceph_create_client+0x26a/0x340 [ 326.628312] binder: 15394:15409 ioctl c0306201 20000280 returned -22 [ 326.632216] ceph_mount+0x4b9/0x181c [ 326.632228] ? __lockdep_init_map+0x100/0x560 [ 326.632242] ? __lockdep_init_map+0x100/0x560 [ 326.632255] mount_fs+0x92/0x2a0 [ 326.632268] vfs_kern_mount.part.0+0x5b/0x3c0 [ 326.632280] do_mount+0x3c9/0x25e0 [ 326.632295] ? copy_mount_string+0x40/0x40 [ 326.651310] binder: 15400:15402 ioctl c0306201 0 returned -14 [ 326.651425] ? __might_fault+0x177/0x1b0 19:14:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x40000, 0x0) write$cgroup_type(r4, &(0x7f0000000080)='threaded\x00', 0x9) r5 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) sendmsg$NLBL_MGMT_C_LISTALL(r5, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="ff030000db5d435dfec4e716a2aff7eee1e54dd7c232b0a6aa60dd1ad3d1ba811e721fe22767f1f164628d16530c9ab55ef666ba0628db5ed52393d4fb787b4f2a04d2db0e04b0df6b6a83740e44f6d39414fc4d71942d8f14f06610c4b98fba0b22438f3d25f04e26b6fd314e9e16a63a0006d2661b6816ca34ae0720e773e15682d0b607f6d820688a043ec7f025f5be4e7445d9e9e48a087a6c91789b60b486d5fc8d6918a7c9d0104dee3d0e41aa196f0ed38ac9cc28d505ee8a55db6a05933d112da4a557c0d5f4769499b259c402e3ddf7a0d1c62a0000000000", @ANYRES16=0x0, @ANYBLOB="00032cbd7000fcdbdf2503000000080008000a01010014000600fe8000000000000000000000000000bb06000b0023000000"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4024800) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) [ 326.657382] binder: 15400:15402 ioctl c0306201 0 returned -14 [ 326.659248] ? _copy_from_user+0x94/0x100 [ 326.659263] ? memdup_user+0x54/0xa0 [ 326.659273] ? copy_mount_options+0x1ec/0x2e0 [ 326.659284] ? copy_mnt_ns+0x8a0/0x8a0 [ 326.698956] SyS_mount+0xa8/0x120 [ 326.702406] ? copy_mnt_ns+0x8a0/0x8a0 [ 326.706293] do_syscall_64+0x1d5/0x640 [ 326.710185] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 326.710554] binder: 15411:15413 ioctl c0306201 0 returned -14 [ 326.715365] RIP: 0033:0x45cb29 19:14:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 326.715371] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 326.715381] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 326.715388] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 326.715393] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 326.715399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 326.715404] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 19:14:50 executing program 4: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, 0x0, 0x0) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 19:14:50 executing program 2 (fault-call:1 fault-nth:96): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 326.784962] binder: 15411:15413 ioctl c0306201 0 returned -14 19:14:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000040)={0x1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = dup2(r1, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_SET_OPTION(r9, &(0x7f0000000180)={0xe, 0xffffffffffffffbf, 0xfa00, @id_tos={&(0x7f00000000c0)=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {&(0x7f0000000580), r10}}, 0x18) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) [ 326.869288] FAULT_INJECTION: forcing a failure. [ 326.869288] name failslab, interval 1, probability 0, space 0, times 0 [ 326.876681] binder: 15427:15429 ioctl c0306201 0 returned -14 [ 326.892820] CPU: 0 PID: 15426 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 326.900720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.910068] Call Trace: [ 326.912663] dump_stack+0x1b2/0x283 [ 326.916286] should_fail.cold+0x10a/0x154 [ 326.920420] should_failslab+0xd6/0x130 [ 326.924376] kmem_cache_alloc_node+0x25f/0x400 [ 326.929202] alloc_unbound_pwq+0x465/0xc10 [ 326.933420] apply_wqattrs_prepare+0x291/0x7f0 [ 326.937984] apply_workqueue_attrs_locked+0x9d/0x120 [ 326.943065] apply_workqueue_attrs+0x2c/0x50 [ 326.947452] __alloc_workqueue_key+0x6d5/0xdc0 [ 326.952012] ? ceph_kvmalloc+0x3c/0x70 [ 326.955882] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 326.960885] ceph_osdc_init+0x7e0/0xc30 [ 326.964843] ceph_create_client+0x26a/0x340 [ 326.969145] ceph_mount+0x4b9/0x181c [ 326.972836] ? __lockdep_init_map+0x100/0x560 [ 326.977327] ? __lockdep_init_map+0x100/0x560 [ 326.981807] mount_fs+0x92/0x2a0 [ 326.985158] vfs_kern_mount.part.0+0x5b/0x3c0 [ 326.989631] do_mount+0x3c9/0x25e0 [ 326.993164] ? copy_mount_string+0x40/0x40 [ 326.997387] ? __might_fault+0x177/0x1b0 [ 327.001426] ? _copy_from_user+0x94/0x100 [ 327.005551] ? memdup_user+0x54/0xa0 [ 327.009262] ? copy_mount_options+0x1ec/0x2e0 [ 327.013734] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.017599] SyS_mount+0xa8/0x120 [ 327.021028] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.024894] do_syscall_64+0x1d5/0x640 [ 327.029471] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 327.034640] RIP: 0033:0x45cb29 [ 327.037806] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 327.045490] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 327.052742] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 327.059991] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 327.067284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 327.074541] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 327.091956] binder: 15427:15432 ioctl c0306201 0 returned -14 19:14:51 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063"], 0x0, 0x0, 0x0}) 19:14:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) 19:14:51 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0xfe4c, 0x3, 0x3, 0x201, 0x0, 0x0, {0xf, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x7}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf7e9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xffc}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240400dc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xfffffffffffffffc) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000000c0)={0xa30000, 0x2, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x9d0001, 0x5, [], @p_u16=&(0x7f0000000040)=0x8000}}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x204800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, 0x0, 0x0) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r6, 0x0, 0x0) dup2(r5, r6) dup2(r1, r0) 19:14:51 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000040)) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) 19:14:51 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000000634040"], 0x0, 0x0, 0x0}) 19:14:51 executing program 2 (fault-call:1 fault-nth:97): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 19:14:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 327.404084] binder: 15443:15449 ioctl c0306201 0 returned -14 [ 327.423733] binder: 15445:15452 ioctl c0306201 20000200 returned -14 [ 327.424207] FAULT_INJECTION: forcing a failure. [ 327.424207] name failslab, interval 1, probability 0, space 0, times 0 [ 327.446708] binder: 15443:15449 ioctl c0306201 0 returned -14 19:14:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 327.452904] CPU: 1 PID: 15451 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 327.460785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.470130] Call Trace: [ 327.472715] dump_stack+0x1b2/0x283 [ 327.476346] should_fail.cold+0x10a/0x154 [ 327.480492] should_failslab+0xd6/0x130 [ 327.484469] kmem_cache_alloc_node+0x25f/0x400 [ 327.489056] alloc_unbound_pwq+0x465/0xc10 [ 327.493294] apply_wqattrs_prepare+0x291/0x7f0 [ 327.497879] apply_workqueue_attrs_locked+0x9d/0x120 19:14:51 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, 0x0, 0x0) r5 = accept(r4, &(0x7f0000000100)=@qipcrtr, &(0x7f00000001c0)=0x80) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000280)={r8, 0xa, "669751bea928bd6f8192"}, &(0x7f00000002c0)=0x12) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000300)={0x400, 0x0, 0x8004, 0x6, 0x8, 0x2, 0x8001, 0x4, r9}, &(0x7f0000000340)=0x20) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r10 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r10, 0x40046207, 0x0) 19:14:51 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r2, r2) r3 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000000c0)=[@register_looper], 0x1, 0x0, &(0x7f0000000100)='O'}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 327.502983] apply_workqueue_attrs+0x2c/0x50 [ 327.507390] __alloc_workqueue_key+0x6d5/0xdc0 [ 327.511968] ? ceph_kvmalloc+0x3c/0x70 [ 327.515861] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 327.520886] ceph_osdc_init+0x7e0/0xc30 [ 327.524862] ceph_create_client+0x26a/0x340 [ 327.529180] ceph_mount+0x4b9/0x181c [ 327.532892] ? __lockdep_init_map+0x100/0x560 [ 327.537382] ? __lockdep_init_map+0x100/0x560 [ 327.541876] mount_fs+0x92/0x2a0 [ 327.545244] vfs_kern_mount.part.0+0x5b/0x3c0 [ 327.549740] do_mount+0x3c9/0x25e0 [ 327.553283] ? copy_mount_string+0x40/0x40 [ 327.557514] ? __might_fault+0x177/0x1b0 [ 327.561574] ? _copy_from_user+0x94/0x100 [ 327.565720] ? memdup_user+0x54/0xa0 [ 327.569426] ? copy_mount_options+0x1ec/0x2e0 [ 327.571096] binder: 15460:15465 ioctl c0306201 0 returned -14 [ 327.573911] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.573924] SyS_mount+0xa8/0x120 [ 327.573933] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.573945] do_syscall_64+0x1d5/0x640 [ 327.573960] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 327.573971] RIP: 0033:0x45cb29 19:14:51 executing program 2 (fault-call:1 fault-nth:98): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) [ 327.593737] binder: 15460:15465 ioctl c0306201 0 returned -14 [ 327.594878] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 327.594890] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 327.594896] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 327.594902] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 327.594907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 327.594911] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 327.680514] FAULT_INJECTION: forcing a failure. [ 327.680514] name failslab, interval 1, probability 0, space 0, times 0 [ 327.694132] CPU: 0 PID: 15472 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 327.702015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.711361] Call Trace: [ 327.713948] dump_stack+0x1b2/0x283 [ 327.717580] should_fail.cold+0x10a/0x154 [ 327.721730] should_failslab+0xd6/0x130 [ 327.725701] __kmalloc+0x2c1/0x400 [ 327.729237] ? mempool_create_node+0x2bb/0x3d0 [ 327.733877] ? mempool_kfree+0x20/0x20 [ 327.738197] mempool_create_node+0x2bb/0x3d0 [ 327.742608] ceph_mount+0x78a/0x181c [ 327.746322] ? __lockdep_init_map+0x100/0x560 [ 327.750818] mount_fs+0x92/0x2a0 [ 327.754184] vfs_kern_mount.part.0+0x5b/0x3c0 [ 327.758666] do_mount+0x3c9/0x25e0 [ 327.762192] ? copy_mount_string+0x40/0x40 [ 327.766405] ? __might_fault+0x177/0x1b0 [ 327.770455] ? _copy_from_user+0x94/0x100 [ 327.774581] ? memdup_user+0x54/0xa0 [ 327.778271] ? copy_mount_options+0x1ec/0x2e0 [ 327.782742] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.786607] SyS_mount+0xa8/0x120 [ 327.790037] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.793907] do_syscall_64+0x1d5/0x640 [ 327.797778] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 327.802944] RIP: 0033:0x45cb29 [ 327.806114] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 327.813812] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 327.821072] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 19:14:51 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) [ 327.828318] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 327.835569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 327.842816] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 327.896164] ================================================================== [ 327.903710] BUG: KASAN: use-after-free in ceph_destroy_options+0xda/0x100 [ 327.910627] Read of size 8 at addr ffff88808350aa10 by task syz-executor.2/15472 [ 327.918148] [ 327.919771] CPU: 0 PID: 15472 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 [ 327.927640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.936982] Call Trace: [ 327.939562] dump_stack+0x1b2/0x283 [ 327.943184] ? ceph_destroy_options+0xda/0x100 [ 327.947762] print_address_description.cold+0x54/0x1dc [ 327.953032] ? ceph_destroy_options+0xda/0x100 [ 327.957604] kasan_report.cold+0xa9/0x2b9 [ 327.961747] ceph_destroy_options+0xda/0x100 [ 327.966150] ceph_mount+0xd43/0x181c [ 327.969859] ? __lockdep_init_map+0x100/0x560 [ 327.974351] mount_fs+0x92/0x2a0 [ 327.977717] vfs_kern_mount.part.0+0x5b/0x3c0 [ 327.982211] do_mount+0x3c9/0x25e0 [ 327.984259] binder: 15481:15482 ioctl c0306201 0 returned -14 [ 327.985746] ? copy_mount_string+0x40/0x40 [ 327.985759] ? __might_fault+0x177/0x1b0 [ 327.985770] ? _copy_from_user+0x94/0x100 [ 327.985783] ? memdup_user+0x54/0xa0 [ 327.993919] binder: 15481:15482 ioctl c0306201 0 returned -14 [ 327.995866] ? copy_mount_options+0x1ec/0x2e0 [ 327.995876] ? copy_mnt_ns+0x8a0/0x8a0 [ 327.995887] SyS_mount+0xa8/0x120 [ 327.995897] ? copy_mnt_ns+0x8a0/0x8a0 [ 328.029286] do_syscall_64+0x1d5/0x640 [ 328.033177] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 328.038362] RIP: 0033:0x45cb29 [ 328.041545] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 328.049243] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 328.056489] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 328.063745] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 328.070990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 328.078238] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 328.085490] [ 328.087097] Allocated by task 15472: [ 328.090792] kasan_kmalloc.part.0+0x4f/0xd0 [ 328.095093] kmem_cache_alloc_trace+0x14d/0x3f0 [ 328.099738] ceph_parse_options+0xb8/0xe50 [ 328.103951] ceph_mount+0x44f/0x181c [ 328.107642] mount_fs+0x92/0x2a0 [ 328.110996] vfs_kern_mount.part.0+0x5b/0x3c0 [ 328.115475] do_mount+0x3c9/0x25e0 [ 328.118993] SyS_mount+0xa8/0x120 [ 328.122432] do_syscall_64+0x1d5/0x640 [ 328.126300] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 328.131462] [ 328.133066] Freed by task 15472: [ 328.136413] kasan_slab_free+0xaf/0x190 [ 328.140364] kfree+0xcb/0x260 [ 328.143447] ceph_destroy_client+0x90/0xb0 [ 328.147661] ceph_mount+0xd1c/0x181c [ 328.151407] mount_fs+0x92/0x2a0 [ 328.154752] vfs_kern_mount.part.0+0x5b/0x3c0 [ 328.159224] do_mount+0x3c9/0x25e0 [ 328.162740] SyS_mount+0xa8/0x120 [ 328.166170] do_syscall_64+0x1d5/0x640 [ 328.170036] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 328.175249] [ 328.176856] The buggy address belongs to the object at ffff88808350a940 [ 328.176856] which belongs to the cache kmalloc-256 of size 256 [ 328.189497] The buggy address is located 208 bytes inside of [ 328.189497] 256-byte region [ffff88808350a940, ffff88808350aa40) [ 328.203432] The buggy address belongs to the page: [ 328.208436] page:ffffea00020d4280 count:1 mapcount:0 mapping:ffff88808350a080 index:0xffff88808350ad00 [ 328.217858] flags: 0xfffe0000000100(slab) [ 328.221982] raw: 00fffe0000000100 ffff88808350a080 ffff88808350ad00 0000000100000008 [ 328.229840] raw: ffffea00028202e0 ffffea0002801f20 ffff8880aa8007c0 0000000000000000 [ 328.237697] page dumped because: kasan: bad access detected [ 328.243387] [ 328.244992] Memory state around the buggy address: [ 328.249898] ffff88808350a900: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 328.257239] ffff88808350a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.264572] >ffff88808350aa00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 328.271910] ^ [ 328.275776] ffff88808350aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.283109] ffff88808350ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.290440] ================================================================== [ 328.297776] Disabling lock debugging due to kernel taint [ 328.304598] Kernel panic - not syncing: panic_on_warn set ... [ 328.304598] [ 328.311968] CPU: 0 PID: 15472 Comm: syz-executor.2 Tainted: G B 4.14.184-syzkaller #0 [ 328.321050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.330399] Call Trace: [ 328.332981] dump_stack+0x1b2/0x283 [ 328.336603] panic+0x1f9/0x42d [ 328.339787] ? add_taint.cold+0x16/0x16 [ 328.343751] ? preempt_schedule_common+0x4a/0xc0 [ 328.348494] ? ceph_destroy_options+0xda/0x100 [ 328.353059] ? ___preempt_schedule+0x16/0x18 [ 328.357451] ? ceph_destroy_options+0xda/0x100 [ 328.362015] kasan_end_report+0x43/0x49 [ 328.365971] kasan_report.cold+0x12f/0x2b9 [ 328.370182] ceph_destroy_options+0xda/0x100 [ 328.375435] ceph_mount+0xd43/0x181c [ 328.379126] ? __lockdep_init_map+0x100/0x560 [ 328.383597] mount_fs+0x92/0x2a0 [ 328.386940] vfs_kern_mount.part.0+0x5b/0x3c0 [ 328.391410] do_mount+0x3c9/0x25e0 [ 328.394927] ? copy_mount_string+0x40/0x40 [ 328.399143] ? __might_fault+0x177/0x1b0 [ 328.403181] ? _copy_from_user+0x94/0x100 [ 328.407320] ? memdup_user+0x54/0xa0 [ 328.411009] ? copy_mount_options+0x1ec/0x2e0 [ 328.415477] ? copy_mnt_ns+0x8a0/0x8a0 [ 328.419337] SyS_mount+0xa8/0x120 [ 328.422768] ? copy_mnt_ns+0x8a0/0x8a0 [ 328.426639] do_syscall_64+0x1d5/0x640 [ 328.430504] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 328.435668] RIP: 0033:0x45cb29 [ 328.438850] RSP: 002b:00007f3afb52bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 328.446530] RAX: ffffffffffffffda RBX: 00000000004f72e0 RCX: 000000000045cb29 [ 328.453777] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000040 [ 328.461021] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 328.468268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 328.475514] R13: 0000000000000772 R14: 00000000004ca761 R15: 00007f3afb52c6d4 [ 328.483905] Kernel Offset: disabled [ 328.487512] Rebooting in 86400 seconds..