829a0fd05370de21515ab1ea16c478f1e9fa2c4a18f880c53a5b7abeb850997fd840499d00333ffbf29112bc0a99e575996e32bf292d2b979bca6e2e584f7375a3e91b278b30683240bfcdbd61d0d522b97b9361724c4785e9b81cc12607c91e348aca9f429a775", 0xf9}, {&(0x7f0000000ac0)="f68ebb76853e1679faee1235b04e22d7dad95174bd154093143d529864068a0a2d5796eb6cf6e7165fbc64a844696899043b2e8a9b112c0c0f879f68ec6015d379691f2366f4e5660fdb5e37e15c7894620ff6f37bdbb862731e6a0061ad5d9dff76216612f947b2f783fee9ab98805938fb4c8d5ffe634f1d22c4dcc4dd0bce2fe70a66bc41a56090dad18ffa4cf3b2fdd551672c024238412b99ca6ccadf8a216fc810ebe8bd888690d38f5afd60964897d6782860ce2ee7c12d5eeb70779814c1a7799c447d23d06998df53145f3b8698b1c829e236a5c0034dce17d772600f612b6020ad1d44592edd7110b216e28f31ed974b54305f2a3d38db4df1e3274b10ae0cf60d76f87953558ee1a340e399d2ba346c8ac5b2fd5f8e36009d9548317c984eaa5d1c7a441b24131477de6e6253d3ccf91f64047a04d4203c300bb839ed616e5ac5be2bb0d855ad7c8e7bd529475059fabd944f6ae4c44539bbc26a8fd50913511b2007c4cdf101864b3a7234c76ac2a98ba6a0a178cf275a1aec8851a644a4d7279dae1c5e6039b37ff89897d2017c4abd0a21b7d34a4bf53a8280494b143cc9b1eab0b6fdeb2322bc236024d642b7967f0043abfb6cd24a13ba776ad30efe3173174ce08d31610730180435c439b5684c4fe972efd7e38c43012fbc59bbf76519821a9ed8b20a1d4782592ca104ff184a4d1b49903bbf86255d3583fb797cb6eaf7f400b9c6442ef3a88e13d019460a7b1110c97d86554e0ab56ba34370118d036ef1a58f3148b0bd44772eb574d0a8e8efcef3f722a7381f74b945806025f891d99a1b9fc94d7ed7b2d8ca996af352a371671fda7fcbb0df077163e5bed59810378f3e7d1a75935b929c44e14ac72992ae344516655508115567cacab3d6b890a1055d06201390c2b4f0c37f30dfb60434ac35bbc64c9ac8537102b6f667712f241afd150a2ca86dcee590403e8f1882135ece20fe4dd17f5a22d6463c54b1dd32f7c6aae5186aca6df372b7616dfc95c3356ea46af63e12fe47eb3f2af5f70daddfc4437ed12f80f5fe050dc1e8f9a752c44637a31ed5fcd1a3c9f5b2f0e7d6d2d4ab1c2096bce7bca5cc5a74a1dd8519deb62d17b1b5a68bbc50bb49b68b879ee179615cda69ae463b04550c9af4c3a92ef4f25e491f231d54d95a16957dc62d48fdd069325a4e0103eb3317ac7a28f003d8547b173e62fffee979a56000c99cebbb7469616ff0c3a0441d1a2a5f5ec334eeccb41a1229a4c419dd2ff424460df250692a7acce67fb8bb9d97acf61c941c0a32275d449c7aedde25ee8ba4742fe5848b6943db159d7db95310f024067f8effc25b44e86ad85eba9a5490aa388ad82bbf2284980bf28eea4108e6e0577ed47095d13f325653be99b65b39959943df93cfde1d7536ab961aecbc75b3022f64b30e8f740cb2003f4a194a8b99e45708c2325ac5dbf95cf6790bad486fe8197ed017ef6aaa775e2779da58a515f4d1fa6ce78f1ee1cdaac1818970b203da7111d15144e91d6ade0394c04c71b377de4707a7fd7b90a27c4af5dd592fdfcbe176d9388ff058b78385fe65b0ce97711df1bd9e98aa0ae6f113ce03c0afdb11da666842c9b76b245c67e4b52fa72ece5068c4201564d757a0d37a8dadd8dd141400ea7211629940a0c5381bc28f3ecfb7b0bbd37fa535f77545864818412f16dc4fbf04561923e28701627728a9015c95bd0b1937efa07a061d3f04617d22596dd0ef91152a96ee73bc599d17c176815ddcda90a86201e747173eca96123dc946789b5a1b78e6c8a8ae4c11542da5d71c2c7abe3b37e1da97917f88a9630dad422528c17f2b45351b333cb6605e26a1dfe028b52f5935176ad1deda48553ad82a409fd7ddcd31e0159600ac7f68c0b0ba3554502374691369e31156a84619053c247faac6d27862464640a7cd4106b2a08d93f9cf4cd7155d4fe072068d53b150d31fd44f4e5096a342ce18ba4b377af354c7c51c3366b25f61bcf04f246bd7fc455a226a3588f5ab7a2d90232a9e0a5d11d053a56bb09b448cf850c73cb82ed38f0436ebbd0834f55ebf2ca9180bcc0198c42865c609e683cb1f7da28808c490848abf334918443f1ffa6ef986c3304cbe3a190be21116a62e59f04a0dde0b9e670e01eeedff7cd4263c2c563b866daecb04049df78e844561015c02793424661ceed60223a1b938522bd318549b98866ee54a45173737c30674449d41b5a5754f75faf562b089d604873a13ddef7db8bd0f7df55304dd763083bd22326bef156d44e4c42f276a52b4fc5be1422b700efe56d970a1ccd558c052edef3d291f3070a5826479c4353dd62a38181c8225abbdbaaef3311bfa5724cb3fcbbd25a98cc4a50cae3a9e44b5f4210961039c491f04ec589efbd70540a05886c002f68081364a6043fe23342142f1a91e5eaed520902e9de0f5a3fa48c4627fdc852ae5326ada8ddfd1ea664d67804f25d056582d54a5a0240ba0b917b9ada746d69ad83136304c7ca523b2dbdf491b8088dd95bb5a3b8ea723e474c25b6f556e865163bd6dcf5a1dc0d91585a8d8290603d5c9e2723526c6a39ea7d778578d513bad09697500fa75dc06aaf41da38c0513c3138150e01e5cf74af8a014cf1e4c51a635f653182bf6db1bac8bc341d7eac70a871c902b7f1ba509bffcd13ca5bfeff06d9636bfd505b6d6e8089476b24b16df08005826d4dc9a902e061cb1728e52f5ac654a94987c2411319158d14aa78b6edfdfe115c981184d0828c74aca4f7a09d86e9eaeb22b175d1d4b804726c7c6b4960d143019ad1a13818301b5f836720ffea83f657deb318c473c16dc1cca14001e39f930f6c146834ac70957d07390a8539d88770fd5ac014c33454ad0d2e5e0f7ea028ad6b82d41673ed430115838b7b025bf90264bb058d9d28188186e795253fb8196352027a65ce1a4257ab20ec8654e6d326970dee7ddc7d1e75013156cf9c7a38f0cdc86f2add94d0ded99e31f617a9052cf0b5b731f1edd412659d3bf5501fa57b5228560610d8c2043501eec71a40b672ea3bd5f421127a555fa5a8776dc7c8105ed3dee9aee7dd913f401bb555875521b378d2467338e56c44f7dd0ad6974c889eb800288611415f37d127a844d23c5d9f8a8829fbc25222c0d7aeb17d7c4781f54f7ecb5dd9d6d3763f0e6e407b297959371505157ad39cd15b897bbbc63ee58af062be46c0755a7daf0bd8ce3df06de305f8a393fe812b8d30fdac7578ae0150aacb141ec8ccc0bd2c865612e3563ced4db6162a9307d4f70070ed741535d711cefaaa09d3401649d995e85bed60f76070b8df4c361f34a4b0966f5baf30d57741098ff9774782d27adee9d30f8ef0bb2ff39cd8c23698e767779dbbbb51ef9f3efd0367a8e33afacab377cc3d1557476fb9be509e6b6264725e8cfe4d9312dd1416536ba68b4f691a764f1ecdd76f7e2f4e8e2b79109df27b7143da53994af128185c57b03ada316f6b3c700819fbf65062c8d4ca3ec00bb879a971579a3e17f02687e71f8cbe11bfde8824e979a7ed62bdff44a5450b94d42f9e63d2d87743024a0576d091fc8200a64fc0650fb6a7dc138bd3c3d52fc3348d09c6df8a887f77e67b3008ab36233dde84866063d0b2c68cafdc134b294d1875e73765f4f10e9e85de4635f29b3c17f06b617a6d148a2a936e6b77a51cc799db7987feeccd0bc8b5655fd1a3167dbf45c047e3102e204755dcc45e2444a1307a5d89fbacea838f36677a2bd34c1c72d289e9b4cdc6aaa4bc9a3b802a6a129fffe33fd5906769c1d577c8a2f606934108b363c1642a10cb91f2c08a1b9c80bfda12c947ce9537ed4a1c12fc57fa3c347188fcdf708a00b86a1a4a2bd290676d54cb4c15737c244c5683a1a6ce63d1fa8f83ea27ca7479edf4479a6164ec53ca374c5fecf9d87bbc4c6cd72236844bb0897525c9049bf01548bd3e5c3cd6f45f1b7ce71cedae6ea7f4999d25131cf0fadcd1dc032d1a130791d24d823b6c0dc1ff4bf0dde269103191ea89a2f6c1585b76b65250ef5e2813939b4929d2d3e6b583bc21905fe804fce8da2ee0c222bbc362a9a7885cdfd3047c5953e10d30576b6bbb38f5e470d8fb6b74a5811ed17137969d40e0289a384995510a71f0ca4c8d50569f2f8bef95954ec66d8b967443a8784bc090ccf0e812a111bdd7e7aac729b06452a496eb7b2a4b9b6a180cfe076f99ad12484889b53b7a22de49853f61a3c22d345ecf1fc90dbbd1b32d56dd5b2ae510f8517ccadbddfab7220d0922e620777dc18d4aa79880316ffe25b0ddf6ca19461a274c77f7ba4a77e5f7b0290fbd0463d8cf03f5b41861907d79266e465f8b8b850118d40ed170c953cbe52ed57aa45e397641351a398f88f1ca305d2bdc5a14256a75cfcbce20d68fcebe9b9587e9da993ad8225062290a6bdb2654e48d0554112156f7b41878cc9e0410955748dd39792200cc47b98fac520f17207e35fff21bacc6a74755ab3797e0aa5be9e71ece0335d13728ce17eb870d0d3cd24ce8c1d0fc44061a2903ba3e12985e0e2f12003abd6dd8c99d87f0e360fe556a0cea084762d2c722d0f71fe98e6cbe3e81cd23a8cf32cc08fba2e44eb195a1a2342dbbd2021569b47597e751ed97796d4b0e14f698b8d69cb155b35a18139c73eee3eb3f35b75b633a72f1ea19b2319dd0dcd29dd8cc845531d65d743df1ec5d7145f133595914be2e22bbcc40099ddb9b2ac791087d3d2055552270223fb719550e9e7603fabb130e8129fa66b684275328a9f12f32f18c183b07f8c652fa5c2f0d1fa39dc6c837a92f6766a8b21aa3f009ec60fedfb5afb8b215e1b1210190342ab94c964c23d3e99bcd2e9d6b14f26d71e0c00e05e6e8d93024ea8eb202a760ad712ee294095abc69511559d0f3f265f91a6220e458f302f3329b0035442170c8c988878d30dd35e6dbd1f09155c0c5c822fe3be3bbc29e459c90f86fdde5c52f0e03c1597b05ae4cad664f7be23f029acceb5de1ab0f034c0562e851db11e596dea5b389a0f93dc3139b31c2eab63453469fd6113285bec5ed19f717c9a1378dff2ae65281bfdf54b4a7097d53902fae8a500269121269ffd5d9232d64b8b0bc13190dd3591b2b0c772f795525e780c2d01bb0ab833b546e8f4fbb34bd5e40a932c14da72abbc680110fb8ff52b75082d5eeb7938ad0a9399cd09d16f87a3f7b8eed79d2de87108215e1c6dff68c3482542f8ddb565d63729d976efa96f14c71a74b45ddc1a519bfcff3992a478a914b36abf714e46b73c6c53c3baec570f7ba1a3bb928a8717bcf9136ab958c8cfeba31eb9953d4fa5ce248daf9211f8bb0c7e3cfc4d32b016dc5dd8d4b5449c504832243e50882391d99c3ba737c5e2f27c46bb92f63fbc412bd8a17fb46600a33e5c19c038c533e713ea67499973ce7a03c9ab9629d44038ccebf6b76a5464b6e5b26ce6db26b7d52c393663cbb2f97cdeb708c657c2d97ba5151c3709c8abfc6d5a2abd1e4600a70ee669f4315c904db7c0205c31c0ecdbe465898f1ecc28e2b13370b9dc1fc6c8223f45ef1a55cd3fd51c62f37cc41b8f35505dcda2af29395071c976ab70323ec32f248118df94b8ac308581a38fe54ee8d6cf44de311ea19e672d68e3759d9e011a8864693767687b0eed472cf4c9d8adb2d7dfe5652b58ae42b190b7ec8512381a14257bd35c0a7b7f6d827bd37be962a10e6460e137d0d9187e1d5abbbf44182b06c3f4dfbba6285a214d7ee533e927eaf1d9b6", 0x1000}, {&(0x7f00000003c0)="832269c9d78670ec745588a4d4f67d0c30d7e5919446989254d10a705ff57f2afd33ac69d1e5fd259196fb7db449b1b6a7c6ef817d8b819ba0029d2d21eea22228ac", 0x42}], 0x4, r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'nr0\x01\x00', 0x1000000801}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x20) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000840)='nr0\x01\x00`\x00\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd7\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0=p\xd6\xe3\xe4W:\xd2\xf6\xfc\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xdb\x17\xf9\xcf#)T\xcdj^\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:\x97e\xa7\x1f\xbfD\x1e\x903V#\x10\x90_\xf7\xd3=M\x80cCn=\xf2\xe1u\x83=\'\xa4\xa1V\xe47y}\xd9\xf1\xa7p\xea\x86W\xd1') [ 1180.215130] FAULT_INJECTION: forcing a failure. [ 1180.215130] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.233024] binder_alloc: 16141: binder_alloc_buf failed to map page at 20002000 in userspace [ 1180.281907] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 1180.281918] binder_alloc: 16141: binder_alloc_buf size 41984 failed, no address space [ 1180.297959] binder: 16141:16147 transaction failed 29201/-12, size 0-12288 line 2970 [ 1180.312973] CPU: 1 PID: 16144 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1180.320050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.329426] Call Trace: [ 1180.332040] dump_stack+0x172/0x1f0 [ 1180.335691] should_fail.cold+0xa/0x1b [ 1180.339872] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1180.345008] ? lock_downgrade+0x810/0x810 [ 1180.349180] ? ___might_sleep+0x163/0x280 [ 1180.353358] __should_failslab+0x121/0x190 [ 1180.357613] should_failslab+0x9/0x14 [ 1180.361427] kmem_cache_alloc+0x2b1/0x700 [ 1180.365609] ? __d_lookup+0x433/0x760 [ 1180.369520] ? lookup_dcache+0x23/0x140 [ 1180.373528] ? d_lookup+0xf9/0x260 [ 1180.377103] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1180.381705] __d_alloc+0x2e/0x9d0 [ 1180.385172] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1180.390254] d_alloc+0x4d/0x2b0 [ 1180.393549] __lookup_hash+0xcd/0x190 [ 1180.397391] filename_create+0x1a7/0x4f0 [ 1180.401480] ? kern_path_mountpoint+0x40/0x40 [ 1180.405996] ? strncpy_from_user+0x21f/0x2e0 [ 1180.410438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1180.415993] ? getname_flags+0x277/0x5b0 [ 1180.420072] do_mkdirat+0xb5/0x2a0 [ 1180.423647] ? __ia32_sys_mknod+0xb0/0xb0 [ 1180.427808] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1180.432667] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1180.438041] ? do_syscall_64+0x26/0x610 [ 1180.442027] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1180.446625] __x64_sys_mkdir+0x5c/0x80 [ 1180.450622] do_syscall_64+0x103/0x610 [ 1180.454627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1180.459831] RIP: 0033:0x4581c7 [ 1180.463036] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1180.482078] RSP: 002b:00007f35c6934a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1180.491378] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1180.498859] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000000 [ 1180.506162] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1180.513536] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1180.521171] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000003 03:54:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:43 executing program 0: llistxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 1180.531294] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 1180.531310] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1180.557794] binder_release_work: 27 callbacks suppressed [ 1180.557801] binder: undelivered TRANSACTION_ERROR: 29201 [ 1180.576969] binder: 16148:16149 transaction failed 29201/-28, size 29696-12288 line 2970 [ 1180.585670] binder_alloc: 16141: binder_alloc_buf failed to map page at 20002000 in userspace [ 1180.607921] binder: 16141:16147 transaction failed 29201/-12, size 0-12288 line 2970 [ 1180.623041] binder: undelivered TRANSACTION_ERROR: 29201 03:54:43 executing program 0: timer_create(0x2, 0x0, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0) timer_gettime(0x0, &(0x7f0000000100)) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x80, 0x0) connect$pppoe(r0, &(0x7f00000003c0)={0x18, 0x0, {0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth0_to_team\x00'}}, 0x1e) openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc0\x00', 0x240802, 0x0) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0xf994, 0x7fff, 0x7f, 0xfff, @local}, 0x10) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000200)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) io_setup(0x3e2, &(0x7f0000000280)=0x0) kexec_load(0x1, 0x1, &(0x7f00000004c0)=[{&(0x7f0000000400)="dd5737cd592b2f6430795b9ddd586b7e4f0f302898e1cfb6641f69f376fc25ee0fd9f06ad7452389cf0f938c13b2707140033647c6c04824e6d7f0fec9a7b7d7fd6606b1f15d46339c4eefca94f938c21a704361385f8e7f2c08d7bf2bff9e8052f651da4418dcbe6a53182d4c594a51dc786de17a6c0a315156aa91b37716de3f9115819d5d", 0x86, 0xfffffffffffeffff, 0x9}], 0x160001) io_cancel(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x8, r0, &(0x7f00000002c0)="2a973e0cc9ef762b191cfc711971f8f99e27355424af99c4048d772935006294dd93bb89e6cc7edf23e7355a87117101955beef5040b1c93f1205fad2eb0fb14e9e529b79935ed35d2ca1b0eb0b41b75adecd26b652a710a30c24b8f7b1f62685e94", 0x62, 0x6, 0x0, 0x3, r0}, &(0x7f0000000380)) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f00000001c0)) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/status\x00', 0x0, 0x0) bind$isdn_base(r0, &(0x7f0000000080)={0x22, 0x3, 0x0, 0x5, 0x5}, 0x6) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) 03:54:43 executing program 2 (fault-call:2 fault-nth:28): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1180.645359] binder_alloc: 16141: binder_alloc_buf size 41984 failed, no address space [ 1180.660028] binder: undelivered TRANSACTION_ERROR: 29201 03:54:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1180.710812] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:43 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f00000002c0)=0x401, 0x4) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video37\x00', 0x2, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000080)=0xfffffffffffffff9) [ 1180.792073] binder: 16148:16158 transaction failed 29201/-28, size 29696-12288 line 2970 [ 1180.793588] binder_alloc: 16176: binder_alloc_buf failed to map page at 20002000 in userspace [ 1180.831003] binder: 16176:16178 transaction failed 29201/-12, size 0-12288 line 2970 03:54:43 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) openat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r2 = socket$rds(0x15, 0x5, 0x0) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1000000000000001, 0x0) readv(r3, &(0x7f0000000480)=[{&(0x7f0000000000)=""/43, 0x2b}], 0x1) ioctl$int_in(r3, 0x80000040045010, &(0x7f0000000140)=0x1) dup2(r2, r3) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r4 = accept$alg(r1, 0x0, 0x0) recvfrom(r4, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1180.835560] binder: undelivered TRANSACTION_ERROR: 29201 [ 1180.861221] binder: undelivered TRANSACTION_ERROR: 29201 [ 1180.871825] binder_alloc: 16176: binder_alloc_buf failed to map page at 20002000 in userspace [ 1180.881372] FAULT_INJECTION: forcing a failure. [ 1180.881372] name failslab, interval 1, probability 0, space 0, times 0 03:54:43 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:43 executing program 0: syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply}}}}, &(0x7f00000002c0)={0x0, 0x0, [0x797]}) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000140)={@broadcast, @loopback, 0x0}, &(0x7f0000000180)=0xc) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x84800, 0x0) ioctl$ION_IOC_HEAP_QUERY(r2, 0xc0184908, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000040)}) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) syz_open_procfs$namespace(r3, &(0x7f0000000100)='ns/uts\x00') ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000001c0)={@dev={0xfe, 0x80, [], 0x1e}, 0x7c, r1}) 03:54:43 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x100000000000000e, 0x4, 0x4, 0x400, 0x0, 0xffffffffffffff9c}, 0x2c) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = bpf$MAP_CREATE(0x2, &(0x7f00000000c0)={0x40000000003, 0x0, 0x940003, 0x0, 0x40007c, 0x0}, 0x2c) signalfd4(r1, &(0x7f0000000040)={0x7}, 0x8, 0x80800) [ 1180.921208] binder: 16176:16178 transaction failed 29201/-12, size 0-12288 line 2970 [ 1180.958117] binder: undelivered TRANSACTION_ERROR: 29201 [ 1180.991737] CPU: 0 PID: 16186 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1180.998768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1181.008147] Call Trace: [ 1181.010770] dump_stack+0x172/0x1f0 [ 1181.014427] should_fail.cold+0xa/0x1b [ 1181.018347] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1181.023472] ? ___might_sleep+0x163/0x280 [ 1181.027674] __should_failslab+0x121/0x190 [ 1181.032015] should_failslab+0x9/0x14 [ 1181.035856] kmem_cache_alloc+0x2b1/0x700 [ 1181.040114] ? security_compute_sid.part.0+0xbbb/0x15d0 [ 1181.045493] ? rcu_read_lock_sched_held+0x110/0x130 [ 1181.050538] ? ratelimit_state_init+0xb0/0xb0 [ 1181.055045] ext4_alloc_inode+0x1f/0x630 [ 1181.059140] ? ratelimit_state_init+0xb0/0xb0 [ 1181.063655] alloc_inode+0x66/0x190 [ 1181.067301] new_inode_pseudo+0x19/0xf0 [ 1181.071313] new_inode+0x1f/0x40 [ 1181.074711] __ext4_new_inode+0x3cb/0x52d0 [ 1181.079073] ? kasan_check_read+0x11/0x20 [ 1181.083247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1181.088925] ? ext4_free_inode+0x1470/0x1470 [ 1181.093368] ? dquot_get_next_dqblk+0x180/0x180 [ 1181.098067] ? selinux_determine_inode_label+0x1b1/0x360 [ 1181.103559] ext4_mkdir+0x3d5/0xdf0 [ 1181.107222] ? ext4_init_dot_dotdot+0x520/0x520 [ 1181.111918] ? selinux_inode_mkdir+0x23/0x30 [ 1181.116359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1181.121928] ? security_inode_mkdir+0xee/0x120 [ 1181.126621] vfs_mkdir+0x433/0x690 [ 1181.130196] do_mkdirat+0x234/0x2a0 [ 1181.133946] ? __ia32_sys_mknod+0xb0/0xb0 [ 1181.138111] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1181.142928] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1181.148317] ? do_syscall_64+0x26/0x610 [ 1181.152312] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1181.156911] __x64_sys_mkdir+0x5c/0x80 [ 1181.161090] do_syscall_64+0x103/0x610 [ 1181.164995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1181.170200] RIP: 0033:0x4581c7 [ 1181.173405] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:54:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:43 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000180)={0x4a9, 0x0, [], {0x0, @reserved}}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x488000, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x400}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r2, 0x200000006}, 0x29) [ 1181.192631] RSP: 002b:00007f35c6913a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1181.200361] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1181.207645] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000000 [ 1181.214931] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1181.222218] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1181.229590] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000003 03:54:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = semget(0x0, 0x1, 0x480) semctl$GETPID(r1, 0x4, 0xb, &(0x7f0000000100)=""/142) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1181.286975] binder: 16198:16199 transaction failed 29189/-22, size 31232-12288 line 2855 [ 1181.296382] binder_alloc: 16201: binder_alloc_buf failed to map page at 20002000 in userspace [ 1181.327816] binder: 16201:16204 transaction failed 29201/-12, size 0-12288 line 2970 [ 1181.346827] binder: BINDER_SET_CONTEXT_MGR already set 03:54:44 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x400000, 0x0) [ 1181.381167] binder: 16201:16204 ioctl 40046207 0 returned -16 [ 1181.381238] binder_alloc: 16201: binder_alloc_buf, no vma [ 1181.395339] binder: undelivered TRANSACTION_ERROR: 29201 [ 1181.408832] binder: 16201:16210 transaction failed 29189/-22, size 0-12288 line 2855 [ 1181.415580] binder: undelivered TRANSACTION_ERROR: 29189 [ 1181.465397] binder: undelivered TRANSACTION_ERROR: 29189 [ 1181.479481] binder: undelivered TRANSACTION_ERROR: 29189 03:54:44 executing program 2 (fault-call:2 fault-nth:29): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:44 executing program 1: r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000000180)={[], 0x0, 0xffffffffffff8001, 0x40, 0x0, 0x3, 0x1000, 0xf000, [], 0x8001}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='\x00\x00\x968\xe1\x89\x00\x00\x00\x00X\xb1\x8c\xa9:/\xfa\x9b\x82\xfb\xda\x83j\xff\x00\x00\x01\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000100)='cpu.st\xe6\xdc|', 0x2761, 0x0) 03:54:44 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) socket(0xa, 0x1, 0x5) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:44 executing program 0: capset(&(0x7f0000a31000)={0x19980330}, &(0x7f00009b3000)) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x800, 0x0) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000040)={0xf, {0xfffffffffffffff9, 0x80000001, 0x100000001, 0x7ff}}) 03:54:44 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1181.571261] binder_alloc: 16230: binder_alloc_buf failed to map page at 20002000 in userspace [ 1181.601931] binder_alloc: 16230: binder_alloc_buf size 16789504 failed, no address space [ 1181.614536] FAULT_INJECTION: forcing a failure. [ 1181.614536] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.628426] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1181.639360] binder_alloc: 16230: binder_alloc_buf failed to map page at 20002000 in userspace [ 1181.647375] CPU: 0 PID: 16238 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1181.655033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1181.664404] Call Trace: [ 1181.667012] dump_stack+0x172/0x1f0 [ 1181.670655] should_fail.cold+0xa/0x1b [ 1181.674565] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1181.679687] ? ___might_sleep+0x163/0x280 [ 1181.683855] __should_failslab+0x121/0x190 [ 1181.688110] should_failslab+0x9/0x14 [ 1181.691926] __kmalloc+0x2e5/0x750 [ 1181.695486] ? ext4_find_extent+0x76e/0x9d0 [ 1181.699824] ext4_find_extent+0x76e/0x9d0 [ 1181.704016] ext4_ext_map_blocks+0x1c3/0x55d0 [ 1181.708536] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 1181.713574] ? __lock_is_held+0xb6/0x140 [ 1181.717654] ? lock_acquire+0x16f/0x3f0 [ 1181.721667] ? ext4_map_blocks+0x424/0x1a10 [ 1181.726010] ext4_map_blocks+0xebd/0x1a10 [ 1181.730190] ? ext4_issue_zeroout+0x170/0x170 [ 1181.735406] ? kasan_check_write+0x14/0x20 [ 1181.739656] ? __brelse+0x95/0xb0 [ 1181.743140] ext4_getblk+0xc4/0x510 [ 1181.746794] ? ext4_iomap_begin+0xfd0/0xfd0 [ 1181.751130] ? ext4_free_inode+0x1470/0x1470 [ 1181.755645] ext4_bread+0x8f/0x230 [ 1181.759225] ? ext4_getblk+0x510/0x510 [ 1181.763153] ext4_append+0x155/0x370 [ 1181.766892] ext4_mkdir+0x61b/0xdf0 [ 1181.770549] ? ext4_init_dot_dotdot+0x520/0x520 [ 1181.775257] ? selinux_inode_mkdir+0x23/0x30 [ 1181.779708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1181.785295] ? security_inode_mkdir+0xee/0x120 [ 1181.789903] vfs_mkdir+0x433/0x690 [ 1181.793637] do_mkdirat+0x234/0x2a0 [ 1181.797304] ? __ia32_sys_mknod+0xb0/0xb0 [ 1181.801479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1181.806443] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1181.811838] ? do_syscall_64+0x26/0x610 [ 1181.815833] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1181.820439] __x64_sys_mkdir+0x5c/0x80 [ 1181.824384] do_syscall_64+0x103/0x610 [ 1181.828328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1181.833532] RIP: 0033:0x4581c7 [ 1181.836758] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1181.855771] RSP: 002b:00007f35c6955a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1181.863521] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 03:54:44 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffff9a6934adcf49ffffff060000000800450000b0000000000088907820da14bbac141403030490780008020000000000ac1414aaac1414004feaa88f264020edace331ca6e2a581565c40f61060b1e5026b22991bf6cf04eb8b6c7845727a1570000000000000000"], 0x0) 03:54:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000e3dffc)=0x7, 0x4) getsockopt$inet6_tcp_int(r0, 0x6, 0x80000000005, 0x0, &(0x7f0000000000)) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000040)=""/93, &(0x7f00000000c0)=0x5d) [ 1181.871077] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1181.878367] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1181.885826] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 1181.893114] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:44 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x45) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x20000, 0x0) write$UHID_CREATE(r1, &(0x7f00000001c0)={0x0, 'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000100)=""/178, 0xb2, 0x64, 0x0, 0x1, 0x1, 0x40}, 0x120) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:44 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x6b9b, 0x80000001, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x10000, 0x0) ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000200)={0x6, 0x0, [], {0x0, @reserved}}) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='/group.sta\x9f\xd4t\x00+\x96FR\bR\t\x12\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0W\xdfuE\xfe\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6J\x81W!\xf0\\\xa1O\x9f\x93\x19C\xceQCV\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1fM\xeba_\xa9\xcd\x10\xcd\x0e~\xc6\xed\xb6\x82\xf6\xee\x9aK\xdd\x86\xf8\x0f\x15Y-\xb8A1\x1bb\xff\xf0\xd2M\xf7)\xaa\x8a\x18\xb9_\x83>\xeb\xfc\xc18^\x1d\xb3Y\xdc#\xde\xdb\x89\x90L\x99o\x02\xb6\x98e\xc6b\xce\xb7\x99k3&\xaf\v\xc6\x80\xff\xdb\xb7\x0e\xb4K\xf8\x17\xba\xf8\xee\fe\xed]\x93\x13\xbc\xf5\xe2<\xa2\xaf\x83\xa3\xaabc\x95\x00\t:\xcc\xe1\t]\x84\x90\x17l\xd3\xa7M\xdb\x02J\x90\xe8\xe8\xb3\xc9\xf6\xea\xb2\xdeI\xe4\x0f\xd4\xca(\xcd\xfa\xb2\xb8@\xca\x17u\x02Rb\xad\xd0\xf7\x9bz#\xb8\x1d\x88\xf6?3,\x89\xb1-p\x8a\r\xdb\xd6,\xa4\x01y\x1bc\xb7\x19\xcey\xb5\xae\xc4\xe3\xc4\xe9=\x1e\x8c\xec\xfe\x05b\x7f`Y k\xc4\xa8 \xc3\x9b\v\xbbE\x8c\xb8\xe6\x8a\xa0s\b\xcb\xbb\xfa\xde\xf0\n`\x8az<\f\xf1\xbe\x85\xd1Wk\x17\xbc1q\x8b\x93Y|\x9e\xe2\xc9Ms/A\x98\xf2\x88\n\x92?7\xb1\xe0\xee\xe8yo\xb7\xb2p\xc5O~\x87\x17F\b\xb5\xd6\xdc\xe4u:$>\xd1\xaf\x1a\xcb\x18\x8a\x0e$\xbd\x94N\xc84}_\x06\x11\xd2\xdd7\xe0\b\x0f\xd0\xb0WZ\xfc\xb1\xc3\tS\x13\a6\xc0\xbc\vG\xe4p\x1b\xee\x89_=\xb8\x12\xddpk\x860\x03\xfd\xde\x0f\x9c\xc2\xe5.\xfe\xaf\x8f\xe2\x16\x8c\xdbS\xe6\xc26\xde\xf4I\x9f\x003P\xb5\x9fg\x82!\xf2\x82 \xc1Os\xd7C\\\xad\xb3n}t\xba|\x10\x05,rk\xd1\t|\x1e\x00\x9e\xfa\"\x85\xdd\xb7O\a\xfc\x14\xa8\x00\x1f6M\xb00\xbd\xb7\xd6\xa8\xffe\xb2\xcb\'', 0x2761, 0x0) ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f00000000c0)={0xb, {0x100000000, 0x1, 0x9dd, 0x4}}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000000)) bpf$MAP_CREATE(0xa, &(0x7f0000000080), 0x3c) 03:54:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0xdb) r1 = accept$alg(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000002c0), 0xfefe) sendfile(r1, r2, &(0x7f00000000c0)=0xf, 0x7ffd) [ 1182.056044] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (b2381809) [ 1182.130636] binder_alloc: 16260: binder_alloc_buf failed to map page at 20002000 in userspace 03:54:44 executing program 2 (fault-call:2 fault-nth:30): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:44 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000100)="4f7d4b5d59de89a92ed7da36249a6525dd69b360ef44e3d07795e31624b0f1069852830c0361876156fe714f1d1880b32950763e97748609000b4eadac6d70da2dc43b1143ee747ec0cbe0742de592bb46115295c0096d3f97ed919513259a307c9486cd3a20081f0b04bb2e8bcae27712012a6675c81bbb3d7c3985e33dcd26d468662af0a99859cda2a12af053e8d3af92ac183322850038b6824677f5b929c1e14625c6ca942272589ad626ebd25a207c15d53aa714cf1bddb77e09bc5f0525e5b798ff6d3cc4d717301f84281e73b77b2e3c80bca1187698fc95638fcb7e48cd563a0bbaf3bc67b775a3a39b4e82188485b391ed0effee9b4e99340e50ea") bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000200)={0x2, 0x1ff}) 03:54:44 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1182.200221] binder_alloc: 16260: binder_alloc_buf failed to map page at 20002000 in userspace [ 1182.255095] binder_alloc: 16260: binder_alloc_buf size 33566720 failed, no address space 03:54:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:45 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x8d24200ec52e4b84) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x400, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') linkat(r2, &(0x7f0000000180)='./file0\x00', r2, &(0x7f0000000300)='./file0\x00', 0x1000) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x84048002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="bfecd968fc01421864f3eb7a0430a08768", @ANYRES16=r3, @ANYBLOB="000f26bd7000fbdbdf2511000000100004000c00010073797a3100000000b6312e9d0fa5f44132c1c086e27232ec6889d726cd4f1673a7b6def25b47309eb6ae7c3bfb5a1a4ec23a97c00b56e3b1ff013b841032db6eca3db04e2f98073f2d09e157af584eceec1f73d1668bd83305638ae8431a0be6bc97b6b76db388d823aece45ce97d635e556cfa48f3b8b9564db9c545b0098eeb91e02ecd79de2ba45ea"], 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x80) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1182.317607] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:45 executing program 1: r0 = socket$kcm(0xa, 0x522000000003, 0x11) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = dup2(r0, r0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r1, 0x0, 0x0, 0x1}, 0x20) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000300), 0x1a4) recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/103, 0x67}], 0x27}, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180)={[{0x1525438afcbe8abb, 'pids'}, {0x2f, 'cpu'}, {0x0, 'memory'}, {0x2b, 'cpu'}, {0x2b, 'io'}]}, 0x1c) openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x204100, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80}, 0x40000) prctl$PR_CAPBSET_DROP(0x18, 0x12) write$binfmt_elf32(r0, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x1, 0x9, 0x2, 0x3, 0x2, 0x3, 0x0, 0x1c4, 0x38, 0x3d1, 0x1, 0x8, 0x20, 0x1, 0x6, 0x100, 0x9}, [{0x6474e551, 0x6, 0x3, 0x7, 0x2000000000, 0xffffffffffff19a0, 0x13f, 0x5}], "79f21f49656e5b630fa94555a660e220923f839db2208be1d6637d406cddd7ae592085c20fc5ded7aa001b1378d1c4e476354767a66d7e7dd220acfed8ff5f6809edf7fddf", [[], [], [], [], [], []]}, 0x69d) 03:54:45 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1182.461872] binder_alloc: 16284: binder_alloc_buf failed to map page at 20002000 in userspace [ 1182.521512] binder_alloc: 16284: binder_alloc_buf failed to map page at 20002000 in userspace 03:54:45 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) socket$bt_bnep(0x1f, 0x3, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:45 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='pagemap\x00') exit(0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x2, 0x18, 0x11, 0x8, 0x7, 0x2411, 0x5, 0x3}) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0)={0x0, 0x8000}, 0x2) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000240)={0x0, 0xfffffffffffffffe, 0x1, 0x22, 0x0, 0x466643bc}) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000040)=0x10000) r1 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000800)={0xfffffffffffffffd, 0x70, 0x3, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000540)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040002,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="0c00b4ef11de8cc1e3912128d44b3f6e324adb04c48f2546310bc72f5a8ee9716f7269fb0fe29081baa966d86c49f6686bf74a514add21503dc1c5de5131090b54740664b4d71934b22462b551fa0b99ed3e8d97da71e704e02b0a55c51c4c050be819f3ab87f6fb78"]) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x4000000000000000, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000400)='mountinfo\x00') set_thread_area(&(0x7f00000007c0)={0x6, 0x20001800, 0x0, 0x2, 0xa0, 0x200, 0x4000000080101, 0x9, 0xfffffffffffffffe, 0x3}) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140)='./file0\x00') write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000480)={0x2a, 0x4, 0x0, {0x1, 0xbe, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) mount(&(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x820c01, 0x0) mount(&(0x7f00000008c0)=@md0='/dev/md0\x00', &(0x7f0000000880)='./file0\x00', &(0x7f00000004c0)='nfsd\x00', 0x0, &(0x7f00000006c0)='\x8auU{-\x154\x05-\xab\xc0\xcb\x1an\xd76*5\xec2c\x9f\xcf\xb8\xb6v\x9aA\x06K\x95\xd4dx#\xf8\x90\r\xf1S\xc4\xc2\a\b\x03^\xe6b\x03\xaal)eb,z4\xc9\xe8\x11Y\xacV') mount(&(0x7f0000000cc0)=ANY=[@ANYBLOB="969957b52d30fea3a6945a209691fd3e214cb9dcc33db7762efad2628dcef5d3b6364e061019df973b2f53d859e769464fe2a2410d59da45d13169add1c5529ce3628e6153ceb2e151b4c4a2bdac535d50eb6b9260eb398d4d6952a19e3d52a29749828eb1caff4558ca709d9c13c28a2da129717e838eb618c9886828a09a944bc03f33827c69c3fbb70d4b5fba9945efba05926292ff09d31215ba2a5326c48ced38769a4d61db50c0ec11260778f607660f2b85e3cd0d67bc0cccd8dfba547fe5e36524ef742126514000d7cf7126e2536307a8290af7f78189fa963bfaf8cf0dee8d84a76599366358414b18f32d01f7a3d0b4802a4d706109f9138e41508afeeacc420e0420479c0a80a89182db1a3ca72250d6cde7e3e399634faea9de856662a2112c419bbcf416a390da584fb6386ef382c4f0a6699fb970efe5fc8459c3bf3556129c68a268e343c1c812b699e54dec3cbe937f9b5b0add4a7776a26b29dcd9e675b5da88241a8031e18b85c02c46c09c3f5ac75c4d468001c8a3415110d2c886bf224ff78c97d45769212925faedefe2bb"], 0x0, 0x0, 0x80010, 0x0) mount(&(0x7f0000000a40)=ANY=[@ANYBLOB="3040abf7d58436d7496072d88d9fb924bf91f65251c2210ce6c33f5cf63ee466a17a37b30eb2325bbc9556b9ba20d4df40a9cb69d15d3308712819f3d2f27695155ef2b723bc4fcb5d38c46f71f14089eea8a3bb9dfa1e774fccee35dc618d63aa608e8d3f0421aabde758c08399866dd6f0c9c72140b221ecf2e98b2b85bb8df6694a"], 0x0, 0x0, 0x80000, 0x0) r5 = dup2(r3, r1) ioctl$TCSBRKP(r4, 0x5425, 0x3) write$FUSE_OPEN(r5, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x1}}, 0x20) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x849, &(0x7f00000001c0)) syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="00002bbd7000fedbdf250e00000008000500090000004c0003001400020076657468315f746f5f7465616d00000014000600fe880000000000000000000000000001080005007f0000010800010002000000080003000400000008000800000000005000010008000b0073697000080009004d00000014000300ac1414aa000000000000000000000000080004004e240000080004004e24000008000b0073697000080004004e200000080001000a00000070000300080004000200000008000800d200000008000800ac0000001400020076657468315f746f5f6272696467650014000600fe80000000000000000000000000001a14000600ff02000000000000000000000000000000080001000200000008000500ac14141600000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x80}, 0x4004004) preadv(r2, &(0x7f0000001400)=[{&(0x7f0000004200)=""/4096, 0x9d}], 0x1, 0x2) [ 1182.596689] binder_alloc: 16284: binder_alloc_buf size 50343936 failed, no address space 03:54:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:45 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x4043, 0x0) ioctl$KIOCSOUND(r0, 0x4b2f, 0x406) r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x402, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffff43) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000180)=ANY=[@ANYBLOB="01000a00dd4790fe4d50aaaaaaaaaabb00000000c41cfc51bae306f5dc163415fb9faaaaaaaaaaaaffffffffffffaaaaaaaaaa290180c200000f000000000000"]) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(0xffffffffffffffff, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000000)=0xffffffffffffffff, 0x8) getsockname$netrom(r2, &(0x7f0000000100)={{0x3, @netrom}, [@remote, @remote, @bcast, @rose, @netrom, @bcast, @bcast]}, &(0x7f0000000080)=0x48) sysfs$2(0x2, 0x7f8, 0x0) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f00000000c0)) ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0xfff, 0xe2}) ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x0) unshare(0x40000000) 03:54:45 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000001100)=""/4096, 0x1000, 0x2000, 0x0, 0x0) [ 1182.647186] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1182.721647] binder_alloc: 16306: binder_alloc_buf failed to map page at 20002000 in userspace [ 1182.854652] FAULT_INJECTION: forcing a failure. [ 1182.854652] name failslab, interval 1, probability 0, space 0, times 0 [ 1182.866726] CPU: 1 PID: 16311 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1182.873684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1182.883128] Call Trace: [ 1182.885775] dump_stack+0x172/0x1f0 [ 1182.889435] should_fail.cold+0xa/0x1b [ 1182.893350] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1182.898493] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1182.904058] __should_failslab+0x121/0x190 [ 1182.908326] should_failslab+0x9/0x14 [ 1182.912158] __kmalloc+0x71/0x750 [ 1182.915642] ? context_struct_to_string+0x428/0x880 [ 1182.920699] context_struct_to_string+0x428/0x880 [ 1182.925586] ? dump_masked_av_helper+0xa0/0xa0 [ 1182.930205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1182.935773] ? sidtab_search_core+0x1d0/0x320 [ 1182.940307] security_sid_to_context_core.isra.0+0x226/0x2f0 [ 1182.946136] security_sid_to_context_force+0x38/0x50 [ 1182.951280] selinux_inode_init_security+0x3b6/0x7a0 [ 1182.956415] ? selinux_inode_create+0x30/0x30 [ 1182.960936] ? ext4_get_acl+0x107/0x5a0 [ 1182.964933] ? rcu_read_lock_sched_held+0x110/0x130 [ 1182.969991] security_inode_init_security+0x1b3/0x3c0 [ 1182.975209] ? ext4_init_acl+0x220/0x220 [ 1182.975233] ? security_kernel_load_data+0xb0/0xb0 [ 1182.975248] ? posix_acl_create+0x11a/0x430 [ 1182.975270] ? lock_downgrade+0x810/0x810 [ 1182.984287] ? ext4_set_acl+0x490/0x490 [ 1182.996887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1183.002462] ? check_preemption_disabled+0x48/0x290 [ 1183.007522] ext4_init_security+0x34/0x40 [ 1183.011720] __ext4_new_inode+0x3b2c/0x52d0 [ 1183.016095] ? ext4_free_inode+0x1470/0x1470 [ 1183.020559] ? dquot_get_next_dqblk+0x180/0x180 [ 1183.025266] ? selinux_determine_inode_label+0x1b1/0x360 [ 1183.030762] ext4_mkdir+0x3d5/0xdf0 [ 1183.034433] ? ext4_init_dot_dotdot+0x520/0x520 [ 1183.039156] ? selinux_inode_mkdir+0x23/0x30 [ 1183.043606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1183.049187] ? security_inode_mkdir+0xee/0x120 [ 1183.053815] vfs_mkdir+0x433/0x690 [ 1183.057397] do_mkdirat+0x234/0x2a0 [ 1183.061064] ? __ia32_sys_mknod+0xb0/0xb0 [ 1183.065245] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1183.070130] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1183.075546] ? do_syscall_64+0x26/0x610 [ 1183.079559] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1183.084195] __x64_sys_mkdir+0x5c/0x80 [ 1183.088121] do_syscall_64+0x103/0x610 [ 1183.092057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1183.097272] RIP: 0033:0x4581c7 [ 1183.100489] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1183.119428] RSP: 002b:00007f35c6955a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1183.122891] IPVS: ftp: loaded support on port[0] = 21 [ 1183.127176] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1183.127185] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1183.127193] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1183.127201] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 1183.127208] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:45 executing program 2 (fault-call:2 fault-nth:31): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:45 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:45 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) prctl$PR_SET_FPEMU(0xa, 0x3) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x40000, 0x0) r1 = request_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='/proc/self\x00', 0xfffffffffffffffb) fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) keyctl$chown(0x4, r1, r2, r3) r4 = accept$alg(r0, 0x0, 0x0) recvfrom(r4, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1183.264219] binder_alloc: 16328: binder_alloc_buf failed to map page at 20002000 in userspace [ 1183.294601] FAULT_INJECTION: forcing a failure. [ 1183.294601] name failslab, interval 1, probability 0, space 0, times 0 [ 1183.313820] CPU: 0 PID: 16334 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1183.320817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1183.330197] Call Trace: [ 1183.332832] dump_stack+0x172/0x1f0 [ 1183.336485] should_fail.cold+0xa/0x1b [ 1183.340404] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1183.345546] ? ___might_sleep+0x163/0x280 [ 1183.349753] __should_failslab+0x121/0x190 [ 1183.354028] should_failslab+0x9/0x14 [ 1183.357853] __kmalloc+0x2e5/0x750 [ 1183.361419] ? ext4_find_extent+0x76e/0x9d0 [ 1183.365770] ext4_find_extent+0x76e/0x9d0 [ 1183.369952] ext4_ext_map_blocks+0x1c3/0x55d0 [ 1183.374511] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 1183.379934] ? __lock_is_held+0xb6/0x140 [ 1183.384021] ? lock_acquire+0x16f/0x3f0 [ 1183.388013] ? ext4_map_blocks+0x424/0x1a10 [ 1183.392364] ext4_map_blocks+0xebd/0x1a10 [ 1183.396553] ? ext4_issue_zeroout+0x170/0x170 [ 1183.401101] ? kasan_check_write+0x14/0x20 [ 1183.405363] ? __brelse+0x95/0xb0 [ 1183.408842] ext4_getblk+0xc4/0x510 [ 1183.412510] ? ext4_iomap_begin+0xfd0/0xfd0 [ 1183.416870] ? ext4_free_inode+0x1470/0x1470 [ 1183.422195] ext4_bread+0x8f/0x230 [ 1183.425871] ? ext4_getblk+0x510/0x510 [ 1183.429805] ext4_append+0x155/0x370 [ 1183.433546] ext4_mkdir+0x61b/0xdf0 [ 1183.437210] ? ext4_init_dot_dotdot+0x520/0x520 [ 1183.441926] ? selinux_inode_mkdir+0x23/0x30 [ 1183.446378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1183.451952] ? security_inode_mkdir+0xee/0x120 [ 1183.456568] vfs_mkdir+0x433/0x690 [ 1183.460157] do_mkdirat+0x234/0x2a0 [ 1183.463823] ? __ia32_sys_mknod+0xb0/0xb0 [ 1183.467991] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1183.472790] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1183.478287] ? do_syscall_64+0x26/0x610 [ 1183.482304] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1183.486939] __x64_sys_mkdir+0x5c/0x80 [ 1183.490863] do_syscall_64+0x103/0x610 [ 1183.494960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1183.500183] RIP: 0033:0x4581c7 [ 1183.503494] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1183.522594] RSP: 002b:00007f35c6955a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1183.530517] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1183.538262] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1183.546878] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1183.555045] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 03:54:46 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x80, 0x400000) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000180)={0x2, 0x0, @pic={0x5, 0x6, 0xe6c779, 0x1, 0x5, 0x3f, 0x1fe, 0x7ff, 0xfff, 0x8000, 0x2, 0x7, 0xffff, 0x7, 0xf229, 0x969}}) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000100)={0x57, 0x20, 0x8000, {0x7, 0xed4c}, {0x5, 0x8b01}, @period={0x5f, 0x5a1, 0x4, 0x40, 0x7f, {0x6, 0x93, 0x0, 0x80000000}, 0x2, &(0x7f0000000140)=[0xfe, 0x1]}}) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1183.562477] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1183.574787] binder_alloc: 16328: binder_alloc_buf size 67121152 failed, no address space [ 1183.590214] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (b2381809) [ 1183.619451] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1183.631550] binder_alloc: 16328: binder_alloc_buf failed to map page at 20002000 in userspace 03:54:46 executing program 2 (fault-call:2 fault-nth:32): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:46 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:46 executing program 1: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x400000101000, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffff43) prctl$PR_GET_NO_NEW_PRIVS(0x27) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sysfs$2(0x2, 0x0, 0x0) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000080)) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) recvfrom$x25(r1, 0x0, 0x0, 0x40002101, 0x0, 0x0) fcntl$getown(r0, 0x9) gettid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) sched_setattr(r3, &(0x7f0000000140)={0x30, 0x6, 0x1, 0xfffffffffffffffe, 0x0, 0x991a, 0xffff, 0x1}, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000100)={0x0, 0x0}) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') unshare(0x40000000) 03:54:46 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4) write$capi20(r1, &(0x7f0000000100)={0x10, 0x0, 0x82, 0x0, 0x9796, 0x1}, 0x10) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000200)=""/78) write$capi20(r1, &(0x7f0000000040)={0x10, 0xe9d1, 0x8, 0x83, 0x1, 0x9}, 0x10) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000340)={0xb3, 0x1f, 0xf1e7}) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000140)={0x1, 0x9, 0x4, 0xdf7}) r2 = accept$alg(r0, 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000380), 0xfffffffffffffe4a) write$capi20(r1, &(0x7f0000000080)={0x10, 0x81, 0x89, 0x83, 0x6, 0xbe5}, 0x10) ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000300)={0x548, 0x10000000000, 0x7, 0x1, 0x7fff, "6d2f6e9567f16419371ed1daee78523ecc3632", 0x3ff, 0x1}) [ 1183.867346] binder_alloc: 16350: binder_alloc_buf size 12296 failed, no address space [ 1183.909385] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1183.930602] binder_alloc: 16350: binder_alloc_buf size 83898368 failed, no address space [ 1183.947692] binder_alloc: 16350: binder_alloc_buf size 12296 failed, no address space [ 1183.961836] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1183.988092] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1184.011390] binder_alloc: 16350: binder_alloc_buf size 83898368 failed, no address space [ 1184.038051] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1184.050309] FAULT_INJECTION: forcing a failure. [ 1184.050309] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.079942] CPU: 1 PID: 16365 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1184.086945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1184.096854] Call Trace: [ 1184.096889] dump_stack+0x172/0x1f0 [ 1184.096912] should_fail.cold+0xa/0x1b [ 1184.096931] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1184.096947] ? ext4_es_find_delayed_extent_range+0xa30/0xa30 [ 1184.096965] ? ___might_sleep+0x163/0x280 [ 1184.096990] __should_failslab+0x121/0x190 [ 1184.097012] should_failslab+0x9/0x14 [ 1184.097026] __kmalloc+0x2e5/0x750 [ 1184.097051] ? ext4_find_extent+0x76e/0x9d0 [ 1184.097075] ext4_find_extent+0x76e/0x9d0 [ 1184.097105] ext4_ext_map_blocks+0x1c3/0x55d0 [ 1184.097137] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 1184.097172] ? __lock_is_held+0xb6/0x140 [ 1184.097201] ? lock_acquire+0x16f/0x3f0 [ 1184.107369] ? ext4_map_blocks+0x87d/0x1a10 [ 1184.107394] ext4_map_blocks+0x8e5/0x1a10 [ 1184.107415] ? ext4_issue_zeroout+0x170/0x170 [ 1184.107438] ? kasan_check_write+0x14/0x20 [ 1184.107454] ? __brelse+0x95/0xb0 [ 1184.107475] ext4_getblk+0xc4/0x510 [ 1184.107491] ? ext4_iomap_begin+0xfd0/0xfd0 [ 1184.107510] ? ext4_free_inode+0x1470/0x1470 [ 1184.107528] ext4_bread+0x8f/0x230 [ 1184.107547] ? ext4_getblk+0x510/0x510 [ 1184.118617] ext4_append+0x155/0x370 [ 1184.118636] ext4_mkdir+0x61b/0xdf0 [ 1184.118659] ? ext4_init_dot_dotdot+0x520/0x520 [ 1184.118684] ? selinux_inode_mkdir+0x23/0x30 [ 1184.118704] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1184.118727] ? security_inode_mkdir+0xee/0x120 [ 1184.118748] vfs_mkdir+0x433/0x690 [ 1184.118769] do_mkdirat+0x234/0x2a0 [ 1184.118789] ? __ia32_sys_mknod+0xb0/0xb0 [ 1184.118807] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1184.118827] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1184.118843] ? do_syscall_64+0x26/0x610 [ 1184.118863] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1184.118883] __x64_sys_mkdir+0x5c/0x80 [ 1184.118900] do_syscall_64+0x103/0x610 [ 1184.118921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1184.118935] RIP: 0033:0x4581c7 [ 1184.118952] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1184.118961] RSP: 002b:00007f35c6934a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1184.118977] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1184.118993] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1184.131375] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1184.131385] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 1184.131395] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008914, &(0x7f0000000340)="0adc1f123c123f319bd070") r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x0, 0x0) accept4$nfc_llcp(r1, &(0x7f0000000240), &(0x7f00000002c0)=0x60, 0x80000) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x400002200006008, 0x1) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKROGET(r2, 0x125e, &(0x7f0000000040)) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f00000000c0)={0x8, @sliced={0x8, [0x3f, 0x8000, 0x100000001, 0x2, 0x1, 0x3, 0x2, 0x5e58cdf2, 0x81, 0x6, 0x6, 0x5, 0x800, 0x2, 0x9, 0x1, 0x8, 0x4, 0x3, 0x2, 0x1, 0x0, 0x6, 0x10000, 0x1, 0x7, 0x7fff, 0x50f9, 0x1, 0xb5d, 0x6a, 0xfffffffffffffffa, 0x200, 0x4, 0x8000, 0x1, 0x6, 0x0, 0x4, 0x5, 0x4, 0x9, 0x9, 0xe20, 0x1aa11683, 0x3f, 0x2, 0xffffffffffff2fe6]}}) arch_prctl$ARCH_SET_GS(0x1001, 0x46) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300)='/dev/hwrng\x00', 0x2, 0x0) 03:54:47 executing program 2 (fault-call:2 fault-nth:33): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:47 executing program 4: r0 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) vmsplice(r0, &(0x7f0000000600)=[{&(0x7f00000001c0)="48a7deab7e1f151c2256f3771f56c612a673f8f3a563b9e8b1139c6ab3e46c7b5d750cbfe406ae7732e8747d2f39f4bf5b73c17530deff3fa4baa0f89c459c54056d1e3105d8baf9c8efa0da0b1dc79517d27856f3546cbc83c6b3d986ec2b213fdf15b43d1d76385122b7475a64244a787ee8a2eed6a0", 0x77}, {&(0x7f0000000240)="a483e93143ab70dcb26c4546124caf9f4f2c1802cb0f72ebaa649b56a19dc173ddd74627704cb97411dc70b39a58cb5808e3c6fabe705028444fa5a91ed44223cefda2e51486f93a45a9bfb2b919cc54766bee2226d18c33b579ee23", 0x5c}, {&(0x7f00000002c0)}, {&(0x7f0000000300)="a8d79aad37a35fed8842018bf35629636e6fc1304dfda82b5a52140fa697269b2c385a6f6a5354a1f3f26ef1f15e99332345260f6af1389e3fd397c4c777f25fa34738e13f3a6486650abf16a7b6134eb7de0e99cc941470e45f4d3e961ee4cb4bb1a0b677b46ecc7b6fb443473619dc878af805171f90da138079999cc171efefed198d19ff066b2b20311fc7deb00795a6130e564314072287acc56e270b0b49832d09a80430b8c46684e93c01286f3701", 0xb2}, {&(0x7f00000003c0)="76e901cdc824dd61818a56193b2f899f9b2494a631f1f9fa62bd2404d59188fa1f7bd472ba4d4544106b22a35afa2ba0bebeab410ac256f313fdbd76f424e1bc2b44f904dba24b4624", 0x49}, {&(0x7f0000000440)="e269a6934e8831653665f99f5b6141776649a09fae3af75866ae400241a6ddba11a2fc7d59599e266399fe67b88fb1c45f33876465467d27acebbf0a8a01d0de8fdb171e4a62aff0e621148cc93ae6f4cce447a143915393726f07ecc580c93456d6669c4416c5781045aa7bd567342e77ed1126dbdd4f22fd19e58f66740c17930241adf5ca0ffa299c9bf090389146b6ffbf0111f3accee509e232634963eb012271836202f80dd1ff", 0xaa}, {&(0x7f0000000500)="a43a443d43887d6a7a6196c4a629a3dcfac4b4d355733667a8eeda87c2edcc025b9673e0d1465c17f118e813ee74bfae3b43112ff6d0680fd3b9f1e8f39f67fb58c687c7a472aa8860ad81e1c6c5b39797e7eeb9a094bd6e97893f162751ea955114b276f1dc913db2248706d4266c7d32a868e8b20315b08aababf2bf7a980b246cd87982f224c1a9fe474538db2136b63197d9e52dc2aa0e062fe1c6b71480f5f0f30460674ad4c450d3f7f289092b7be3be8f7a1ceb01301a9595fd635e1528ee38f6872364456f70178c1feb41a170946c88e757647a7dd14191ef0a43289a98", 0xe2}], 0x7, 0x42edeb6c6f9466ba) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000880)='/selinux/checkreqprot\x00', 0x800, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x7, 0x80402) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000100), &(0x7f0000000140)=0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0xbc, &(0x7f0000000680)=[@in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e22, 0x4, @mcast1, 0x7}, @in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x4e23, 0x8, @dev={0xfe, 0x80, [], 0x17}, 0x60}, @in6={0xa, 0x4e24, 0x1ff, @rand_addr="a770655264f489d375eb6a50e1009177", 0x8}, @in6={0xa, 0x4e23, 0x100000001, @local, 0x9}, @in6={0xa, 0x4e21, 0x361ecef3, @remote, 0x100}]}, &(0x7f0000000740)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000780)={r3, @in6={{0xa, 0x4e20, 0x9, @rand_addr="298738f092e46b6cf349082f19cb25f9", 0x3}}, 0x4, 0xffffffff80000000}, &(0x7f0000000840)=0x90) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r4 = accept$alg(r1, 0x0, 0x0) recvfrom(r4, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:47 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = fcntl$dupfd(r1, 0x406, r0) write$P9_RSTATFS(r3, &(0x7f0000000100)={0x43, 0x9, 0x2, {0x7fff, 0xffffffff, 0x1, 0x3f, 0x3, 0x3, 0xc000000000000000, 0x4, 0x8}}, 0x43) [ 1184.667910] binder: BINDER_SET_CONTEXT_MGR already set [ 1184.680566] binder: 16374:16381 ioctl 40046207 0 returned -16 [ 1184.699144] FAULT_INJECTION: forcing a failure. [ 1184.699144] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.748945] CPU: 0 PID: 16386 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1184.756028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1184.765701] Call Trace: [ 1184.768339] dump_stack+0x172/0x1f0 [ 1184.772100] should_fail.cold+0xa/0x1b [ 1184.776019] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1184.781149] ? ext4_es_find_delayed_extent_range+0xa30/0xa30 [ 1184.786984] ? ___might_sleep+0x163/0x280 [ 1184.791178] __should_failslab+0x121/0x190 [ 1184.795512] should_failslab+0x9/0x14 [ 1184.799370] __kmalloc+0x2e5/0x750 [ 1184.802945] ? ext4_find_extent+0x76e/0x9d0 [ 1184.807299] ext4_find_extent+0x76e/0x9d0 [ 1184.811488] ext4_ext_map_blocks+0x1c3/0x55d0 [ 1184.816039] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 1184.821204] ? __lock_is_held+0xb6/0x140 [ 1184.825310] ? lock_acquire+0x16f/0x3f0 [ 1184.829312] ? ext4_map_blocks+0x87d/0x1a10 [ 1184.829340] ext4_map_blocks+0x8e5/0x1a10 [ 1184.829364] ? ext4_issue_zeroout+0x170/0x170 [ 1184.842454] ? kasan_check_write+0x14/0x20 03:54:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) fremovexattr(r0, &(0x7f0000000080)=@random={'security.', 'skcipher\x00'}) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:47 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1184.842472] ? __brelse+0x95/0xb0 [ 1184.842495] ext4_getblk+0xc4/0x510 [ 1184.854170] ? ext4_iomap_begin+0xfd0/0xfd0 [ 1184.858545] ? ext4_free_inode+0x1470/0x1470 [ 1184.858565] ext4_bread+0x8f/0x230 [ 1184.858583] ? ext4_getblk+0x510/0x510 [ 1184.858604] ext4_append+0x155/0x370 [ 1184.858622] ext4_mkdir+0x61b/0xdf0 [ 1184.858643] ? ext4_init_dot_dotdot+0x520/0x520 [ 1184.858663] ? selinux_inode_mkdir+0x23/0x30 [ 1184.858682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1184.858698] ? security_inode_mkdir+0xee/0x120 [ 1184.858718] vfs_mkdir+0x433/0x690 [ 1184.858737] do_mkdirat+0x234/0x2a0 [ 1184.858755] ? __ia32_sys_mknod+0xb0/0xb0 [ 1184.858779] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1184.870678] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1184.870698] ? do_syscall_64+0x26/0x610 [ 1184.870717] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1184.870742] __x64_sys_mkdir+0x5c/0x80 [ 1184.883032] do_syscall_64+0x103/0x610 [ 1184.897738] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1184.897752] RIP: 0033:0x4581c7 03:54:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x40) write$FUSE_GETXATTR(r1, &(0x7f00000001c0)={0x18, 0x0, 0x8, {0x100000000}}, 0x18) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = accept$alg(r0, 0x0, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x2, 0x0) epoll_wait(r3, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3ff) setsockopt$packet_int(r3, 0x107, 0xb, &(0x7f0000000200)=0x3ff, 0x4) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1184.897768] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1184.897775] RSP: 002b:00007f35c6955a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1184.897790] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1184.897798] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1184.897805] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1184.897814] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 1184.897822] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1185.083596] binder_transaction: 25 callbacks suppressed [ 1185.083616] binder: 16405:16409 transaction failed 29201/-28, size 4-12288 line 2970 [ 1185.115928] binder: 16406:16410 transaction failed 29201/-28, size 117440512-12288 line 2970 [ 1185.172329] binder: 16405:16409 transaction failed 29201/-28, size 4-12288 line 2970 [ 1185.179855] binder: 16406:16410 transaction failed 29201/-28, size 117440512-12288 line 2970 03:54:49 executing program 1: socket$can_raw(0x1d, 0x3, 0x1) r0 = syz_open_dev$usb(0x0, 0x1, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video2\x00', 0x2, 0x0) write$vnet(r1, &(0x7f0000000280)={0x1, {&(0x7f0000000180)=""/203, 0xfffffffffffffd05, &(0x7f0000000540)=""/4096, 0x3, 0x1}}, 0x68) r3 = request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\b', 0xffffffffffffffff, 0x4c00000000006800}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:De', 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300)={0x3cf, 0x31a5a3056d8df96e, 0x1000}, 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, 0x0) ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, 0x0) keyctl$instantiate(0xc, r3, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0) 03:54:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000080)=0x1, 0x4) 03:54:49 executing program 2 (fault-call:2 fault-nth:34): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:49 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x8, 0x0, 0xfffffffffffff08e, 0x9, 0xfcc, 0x398}, 0x1c) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xb) sendmmsg(r0, &(0x7f0000002d80)=[{{&(0x7f0000000340)=@nfc={0x27, 0x1, 0x40000000}, 0x80, 0x0}}], 0x1, 0x0) 03:54:49 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1186.532839] binder_alloc_new_buf_locked: 8 callbacks suppressed [ 1186.532852] binder_alloc: 16427: binder_alloc_buf size 12296 failed, no address space [ 1186.551939] FAULT_INJECTION: forcing a failure. [ 1186.551939] name failslab, interval 1, probability 0, space 0, times 0 [ 1186.565627] CPU: 1 PID: 16426 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1186.572695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1186.573358] binder_alloc_new_buf_locked: 8 callbacks suppressed [ 1186.573373] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1186.582192] Call Trace: [ 1186.582226] dump_stack+0x172/0x1f0 [ 1186.582247] should_fail.cold+0xa/0x1b [ 1186.582264] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1186.582283] ? ___might_sleep+0x163/0x280 [ 1186.582304] __should_failslab+0x121/0x190 [ 1186.582321] should_failslab+0x9/0x14 [ 1186.582334] kmem_cache_alloc+0x2b1/0x700 [ 1186.582351] ? rcu_read_lock_sched_held+0x110/0x130 [ 1186.582376] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1186.639060] binder_alloc: 16427: binder_alloc_buf size 167784448 failed, no address space [ 1186.639636] ? __mark_inode_dirty+0x241/0x1290 [ 1186.639663] ext4_mb_new_blocks+0x5a0/0x3c20 [ 1186.648476] binder: 16427:16429 transaction failed 29201/-28, size 5-12288 line 2970 [ 1186.652726] ? ext4_find_extent+0x76e/0x9d0 [ 1186.652763] ext4_ext_map_blocks+0x2b2d/0x55d0 [ 1186.663765] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1186.665082] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 1186.665112] ? __lock_is_held+0xb6/0x140 [ 1186.672810] binder_release_work: 28 callbacks suppressed [ 1186.672818] binder: undelivered TRANSACTION_ERROR: 29201 [ 1186.674073] ext4_map_blocks+0x8e5/0x1a10 [ 1186.674097] ? ext4_issue_zeroout+0x170/0x170 [ 1186.686053] binder_alloc: 16427: binder_alloc_buf size 12296 failed, no address space [ 1186.688015] ? kasan_check_write+0x14/0x20 [ 1186.688032] ? __brelse+0x95/0xb0 [ 1186.688057] ext4_getblk+0xc4/0x510 [ 1186.688085] ? ext4_iomap_begin+0xfd0/0xfd0 [ 1186.692595] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1186.697760] ? ext4_free_inode+0x1470/0x1470 [ 1186.697781] ext4_bread+0x8f/0x230 [ 1186.697797] ? ext4_getblk+0x510/0x510 [ 1186.697819] ext4_append+0x155/0x370 [ 1186.697838] ext4_mkdir+0x61b/0xdf0 [ 1186.697872] ? ext4_init_dot_dotdot+0x520/0x520 [ 1186.697896] ? selinux_inode_mkdir+0x23/0x30 [ 1186.703764] binder: 16428:16430 transaction failed 29201/-28, size 167772160-12288 line 2970 03:54:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:49 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) write$P9_RFSYNC(r0, &(0x7f0000000000)={0x7, 0x33, 0x2}, 0x7) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000100)=@req={0x8, 0x492c, 0x5, 0x6}, 0x230) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000280)=0x32, 0x4) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) r2 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r3 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r4 = dup2(r1, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$TIOCGSID(r4, 0x5429, 0x0) gettid() ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue0\x00'}) add_key(&(0x7f0000000040)='trusted\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) fstatfs(r3, &(0x7f0000005200)=""/4096) r5 = geteuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000480)=0xc) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0}, &(0x7f00000005c0)=0xc) mount$9p_xen(&(0x7f0000000340)=',(%GPLposix_acl_accessmime_typeproc(*\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x20000, &(0x7f0000000740)={'trans=xen,', {[{@privport='privport'}, {@aname={'aname', 0x3d, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}}, {@noextend='noextend'}, {@cache_mmap='cache=mmap'}, {@cache_fscache='cache=fscache'}, {@access_any='access=any'}, {@cache_mmap='cache=mmap'}, {@version_u='version=9p2000.u'}], [{@obj_user={'obj_user', 0x3d, '}}})wlan1md5sum-$'}}, {@smackfsdef={'smackfsdef'}}, {@seclabel='seclabel'}, {@uid_lt={'uid<', r5}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@seclabel='seclabel'}, {@fowner_gt={'fowner>', r6}}, {@fowner_eq={'fowner', 0x3d, r7}}, {@fowner_lt={'fowner<', r8}}, {@audit='audit'}]}}) r9 = syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0xffffffffffff67e2, 0x400) bind$rds(r9, &(0x7f0000000180)={0x2, 0x4e20, @remote}, 0x10) bind$inet(r9, &(0x7f00000001c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 1186.707548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1186.707566] ? security_inode_mkdir+0xee/0x120 [ 1186.707585] vfs_mkdir+0x433/0x690 [ 1186.707605] do_mkdirat+0x234/0x2a0 [ 1186.707632] ? __ia32_sys_mknod+0xb0/0xb0 [ 1186.712518] binder: 16427:16440 transaction failed 29201/-28, size 5-12288 line 2970 [ 1186.720308] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1186.720329] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1186.720344] ? do_syscall_64+0x26/0x610 [ 1186.720361] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1186.720382] __x64_sys_mkdir+0x5c/0x80 [ 1186.720400] do_syscall_64+0x103/0x610 [ 1186.720421] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1186.728390] binder: undelivered TRANSACTION_ERROR: 29201 [ 1186.731842] RIP: 0033:0x4581c7 [ 1186.731860] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1186.731869] RSP: 002b:00007f35c6955a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 03:54:49 executing program 2 (fault-call:2 fault-nth:35): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1186.739567] binder: undelivered TRANSACTION_ERROR: 29201 [ 1186.745251] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1186.745260] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1186.745268] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1186.745276] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 1186.745284] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1186.790683] binder_alloc: 16427: binder_alloc_buf, no vma [ 1187.012347] binder_alloc: 16452: binder_alloc_buf size 12296 failed, no address space [ 1187.035818] FAULT_INJECTION: forcing a failure. [ 1187.035818] name failslab, interval 1, probability 0, space 0, times 0 03:54:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x21000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000400)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xeb21, 0x40280) write$input_event(r3, &(0x7f0000000280)={{0x77359400}, 0x16, 0x9, 0x100000001}, 0x18) socket$vsock_stream(0x28, 0x1, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000240)='./file0\x00', r2, r4) [ 1187.056001] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r3 = dup2(r0, r1) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r3, 0x40505330, &(0x7f00000002c0)={{0x6, 0x81}, {0x100000001, 0x2}, 0x7ff, 0x1, 0x8}) r4 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$VIDIOC_G_SLICED_VBI_CAP(r4, 0xc0745645, &(0x7f0000000240)={0x4, [0x101, 0x5, 0xffffffff, 0x9, 0x1ff, 0x63, 0x3, 0xdbc3, 0x3f, 0x53a7, 0x6, 0x0, 0x5, 0x1, 0x5, 0x40, 0x3, 0xead, 0x10ae, 0x3, 0xfffffffffffff000, 0x0, 0x4, 0x17, 0xfff, 0x1, 0x100, 0xb96, 0x3, 0x9, 0x8, 0x8, 0x100, 0x0, 0x0, 0x2, 0x5, 0xfffffffffffffe43, 0x1, 0x1f, 0x9, 0x6, 0x8, 0x9, 0x9, 0x1, 0xffffffffffffff80, 0x400], 0x6}) accept4(r2, 0x0, &(0x7f0000000080), 0x807ff) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x80000, 0x0) ioctl$PIO_SCRNMAP(r5, 0x4b41, &(0x7f0000000140)="b0a5a931877323dab13ab2a64ec1c88af4fd9e0747dcdf3cc47da28c75d81787472cdbf932654f305a9413ec7ceae3f474c0ee6d1b0db7bd236cf668b9cfd26e02f4dec3a8b698c147d59490c6defef395abcb9e159c6dfa9c5983fecb7fd7d579edf25a982fd2477a3aefe70d22f2a78f2d9643ef6a7bab637f946f059d0f73ffff7d7a8eecb90c6ec02b8607d4") [ 1187.122326] binder: 16452:16455 transaction failed 29201/-28, size 6-12288 line 2970 [ 1187.148585] CPU: 1 PID: 16457 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1187.155575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1187.164964] Call Trace: [ 1187.167586] dump_stack+0x172/0x1f0 [ 1187.171245] should_fail.cold+0xa/0x1b [ 1187.175168] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1187.180298] ? ___might_sleep+0x163/0x280 [ 1187.184562] __should_failslab+0x121/0x190 [ 1187.188823] should_failslab+0x9/0x14 [ 1187.190732] binder: 16428:16430 transaction failed 29189/-3, size 167772160-12288 line 2970 [ 1187.192639] kmem_cache_alloc+0x2b1/0x700 [ 1187.192659] ? rcu_read_lock_sched_held+0x110/0x130 [ 1187.192678] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1187.192699] ? __mark_inode_dirty+0x241/0x1290 [ 1187.201887] binder: undelivered TRANSACTION_ERROR: 29189 [ 1187.205406] ext4_mb_new_blocks+0x5a0/0x3c20 [ 1187.205431] ? ext4_find_extent+0x76e/0x9d0 [ 1187.205460] ext4_ext_map_blocks+0x2b2d/0x55d0 [ 1187.230590] binder: undelivered TRANSACTION_ERROR: 29201 [ 1187.234804] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 1187.234832] ? __lock_is_held+0xb6/0x140 [ 1187.254076] ext4_map_blocks+0x8e5/0x1a10 [ 1187.258106] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1187.258280] ? ext4_issue_zeroout+0x170/0x170 [ 1187.271291] ? kasan_check_write+0x14/0x20 [ 1187.275542] ? __brelse+0x95/0xb0 [ 1187.279022] ext4_getblk+0xc4/0x510 [ 1187.282670] ? ext4_iomap_begin+0xfd0/0xfd0 [ 1187.287014] ? ext4_free_inode+0x1470/0x1470 [ 1187.287404] binder_alloc: 16452: binder_alloc_buf size 12296 failed, no address space [ 1187.291451] ext4_bread+0x8f/0x230 [ 1187.291469] ? ext4_getblk+0x510/0x510 [ 1187.291492] ext4_append+0x155/0x370 [ 1187.305549] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:50 executing program 0: r0 = memfd_create(&(0x7f00000002c0)='\x00'/10, 0x1) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r1, &(0x7f0000000000)={0x9, @null=' \x00'}, 0x12) write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c46000000e20000000000000000030003000000000000000000380000005c94c8e2000000000000000000002000010000000000000100000000030000000000000000003f0000000000000000000000000000000000003ee879451c84d2a156d0dbe77a50000400"], 0x58) execveat(r0, &(0x7f0000000080)='\x00', 0x0, 0x0, 0x1000) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040), &(0x7f0000000140)=0x4) 03:54:50 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:50 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) write$P9_RFSYNC(r0, &(0x7f0000000000)={0x7, 0x33, 0x2}, 0x7) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000100)=@req={0x8, 0x492c, 0x5, 0x6}, 0x230) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000280)=0x32, 0x4) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) r2 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r3 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r4 = dup2(r1, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$TIOCGSID(r4, 0x5429, 0x0) gettid() ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue0\x00'}) add_key(&(0x7f0000000040)='trusted\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) fstatfs(r3, &(0x7f0000005200)=""/4096) r5 = geteuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000480)=0xc) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0}, &(0x7f00000005c0)=0xc) mount$9p_xen(&(0x7f0000000340)=',(%GPLposix_acl_accessmime_typeproc(*\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x20000, &(0x7f0000000740)={'trans=xen,', {[{@privport='privport'}, {@aname={'aname', 0x3d, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}}, {@noextend='noextend'}, {@cache_mmap='cache=mmap'}, {@cache_fscache='cache=fscache'}, {@access_any='access=any'}, {@cache_mmap='cache=mmap'}, {@version_u='version=9p2000.u'}], [{@obj_user={'obj_user', 0x3d, '}}})wlan1md5sum-$'}}, {@smackfsdef={'smackfsdef'}}, {@seclabel='seclabel'}, {@uid_lt={'uid<', r5}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@seclabel='seclabel'}, {@fowner_gt={'fowner>', r6}}, {@fowner_eq={'fowner', 0x3d, r7}}, {@fowner_lt={'fowner<', r8}}, {@audit='audit'}]}}) r9 = syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0xffffffffffff67e2, 0x400) bind$rds(r9, &(0x7f0000000180)={0x2, 0x4e20, @remote}, 0x10) bind$inet(r9, &(0x7f00000001c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 1187.307193] ext4_mkdir+0x61b/0xdf0 [ 1187.307219] ? ext4_init_dot_dotdot+0x520/0x520 [ 1187.307242] ? selinux_inode_mkdir+0x23/0x30 [ 1187.307261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1187.307282] ? security_inode_mkdir+0xee/0x120 [ 1187.311473] binder: 16452:16455 transaction failed 29201/-28, size 6-12288 line 2970 [ 1187.320065] vfs_mkdir+0x433/0x690 [ 1187.320088] do_mkdirat+0x234/0x2a0 [ 1187.320105] ? __ia32_sys_mknod+0xb0/0xb0 [ 1187.320122] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1187.320140] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1187.320165] ? do_syscall_64+0x26/0x610 [ 1187.320190] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1187.324325] binder: undelivered TRANSACTION_ERROR: 29201 [ 1187.328709] __x64_sys_mkdir+0x5c/0x80 [ 1187.328738] do_syscall_64+0x103/0x610 [ 1187.328760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1187.328773] RIP: 0033:0x4581c7 [ 1187.328789] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1187.328803] RSP: 002b:00007f35c6955a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1187.430369] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004581c7 [ 1187.437656] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000000 [ 1187.444942] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1187.452236] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 1187.459529] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:50 executing program 1: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xe017, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e22, @multicast1}}, 0x6, 0x4}, &(0x7f0000000040)=0x90) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={r2, @in6={{0xa, 0x4e21, 0x4, @loopback, 0xfffffffffffff800}}, 0x3f, 0x1a6d, 0x5e7, 0x8, 0x20}, &(0x7f0000000080)=0x98) ioctl$BLKPG(r0, 0x1269, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0}) 03:54:50 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mq_open(&(0x7f0000000000)='&\x00', 0x40, 0x100, &(0x7f0000000040)={0x4, 0xfffffffffffffff9, 0x1, 0x6, 0x4, 0x8, 0x4, 0xb46}) setsockopt$inet6_tcp_int(r0, 0x6, 0x100000010, &(0x7f0000000080), 0x4) 03:54:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:50 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) getsockname$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local}, &(0x7f00000000c0)=0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000280)=@rc, 0x35, &(0x7f0000000540), 0x0, &(0x7f0000000240)=ANY=[]}, 0x0) preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000) 03:54:50 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000001280)={'bond0\x00', 0x8801}) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001200)={0x0, 0xfffffffffffffffe, 0x1000, 0x2, @buffer={0x0, 0x50, &(0x7f0000000100)=""/80}, &(0x7f0000000180)="23df9205c7fb02d2936cf0f6408d17697c089b1ecaf2ec9a9042cc8363afb36b27d5c900c8878b30e777779be706fca8d8b6665204d5f669bcde8af0e6abe13d8c146db2105c851b6a1fc7a14890b7b6b43eae8ca05713efa6e41ede040df1a06bf53f4d26f2458144378f412d0cf67add81237768e408b5028ed66bc222d0452ca70defcc8d1bd6e53312a17f80f282f133beebc84aebd112740fff7d6e042a0fa1277f8f1540a9786b14d281fe9c37965b883d66afdf7c1871d65e0cc1f3f495768ba00adcf023577f35e922e8619674e31306b435459abcf173d972a0967dbb69546a97df9ba026da9ba35c342aa0c793ce8c351edc434d3f5bc6787a3911aadace4a936346b2515a7e5fa07b39c72f1878629bf3c658c1d2d5a151600f6e4cc3262d1657808310565a223355b476b92c04f4e84f39dac2b7c320c9bd5550df7568aa9d761087a25be02f6fe1dff401c28ca62edc0d0c4511e744c7222a9549aef0ff4b16033ef7f00b9b2978a8960e0c61b6c04204e1fcd4dacce7054031a17117eca561d58bbd255dba25448309a7530cab1be40d2cc4b8a9ad8e850caaed9a6f9c74820352665cd8887436717f85ce17741bdfd20315dee8e616558c5d9383d06fa714699073476f7c8cc578c2eafdfbece0e88fbee6c9a421c7b85eaa716c379d02182cacf2fd4b76e733f668d2cbf575cc7dae511c3814c4ab0304a72a1064d2a01321b1abb1aec3376e4430c6756bbe495b229615f2022cd14ee2fae88d3d8011f2bf4e50efe1f5a36016dab3435c054c3cef6e66a744cf204d1573a54b20f39c9644a091c851e886eedd1b8a6fabbaeccbb300a5473f307dfe6c02d393c753a131afa179350728d2df8ca69de4cdbbf138b19381c3746f4bdce4d06cd80d2a3d4c73ec58746fc2d3e3ad18e708c41cc29ccb9269481643660681101d15051c07a1ff774b8c59f23e453bc0e89c270ff48872aa36843adc9565d7dc75c41b3d666061173aa42016f20ccf6adeb7fb3954b0ca6c1f49b2319f5c0ba56af7edc77afcbe75f2f86a24a1b93b50de305700e7edea3f2002fcc8e5ec5e0509fa4a858b0c2626bc300a96c2483b9a03b24ecb827f9039238210bb842a63daa75116769a397f7a154adb251533e457defc93f1b6568c7b40c4c853963aded14307aef3e5e8dd1648014aa1044aeedc0773d8551178d992dfec8fca63bf0087f558ba3e1d327d045b24a6dfabb7c69b1b4cf56247688970744ed65989e14dd96ac412e31272bcc1e9dce5a7c5ff529dfd70ccf67a772635a31c94397f29348d8e50b26193d2236eed4977852546fb83d3a9bb34f915ad448833d0211468db846fd99b7326f7c7699b422063553efce5e9d77adc806b415deb1471071b323e70dbf6a3a19a293b88917c04d7752365b2f876a309ac8729822d9ba5f8a9ad6429ea4dcccc82eb40509bf88a70ff566ce3d4206e65645e103b05a51721eb4fa5ce1ed322f5dfec10048192fe9c80fced4dd8a23ef65e2af86544ba6ba3de73de56c3159a960ae2037e788b3ab0868ca2b09d397d7a719339f94e5dc6f6a408f118ed6c467969322a85438eafc639a7efc6fd6116049a40c993f75e51782e8eb1af2858cd065406b6da60554479ba9fbc001cc6ca5e2001e022692eab06f5da72f8e91d64698cbf17b8fef4051b275c44befd390a9e2c46d3c9b52d7af5849149cf169afd5c66a9b6267a905ba300a00f79693d948dabd78b482d0fb26b40390e68bdf601b828f3579ad25bd744ebc84b26789f12663e66bca5d0a7c06adef73383c7fe93aaaaacff740f878ee43ee56e4dc5125dc055f49676d5d5d520d6d632e1a7ef5ed5c6c5754ae025bb092ebab984851a0c76a6a958304d33c49df88ba25845c56ab9f31c9fea5eaedf0c5d1ac3bc861b158283f422248175541f9de592acabe7be088697baf62a59f3893edfa3f4cb3c37c8f9f96c4e07534934f19c81961713d7b13d19bbdfded38366ab13e590acbc49835de182f79f28a8dab39871ff08cabaaf47fd172924b3cfaf50e3b77a6bc27376e16551f6a48dbe68da27e43a17b77728d1aa4b2eed5c0c26ac4a2c641b0cfd45c5f01a2a7451eae5854e7a7a3d7c21a6006799752413b7776a93d70bd98aec7b2f4f29fab76694566d1f56d9772a00a53862d4aaef482de5b1da7a062d82328dbf57f187a7e0a8a24c1a6ade26618583b81c5e32b9f5382a5fd2bc1bb822ccdf400823615f512dd63c6d2b947a29bca7a0e131eaad520b39c15e3d9acfe8ce16401c9fcd8604a788bac143ae0a53e8986ec344bd1d0be6547509c867cc1a4d236696d3bf9b417aded8e4aec2c8ee3116b40afdede106f0c931dfea5939560a35db357fff99497762da8a6aa8a546525366615ffa82d9d92f6756490e3985452b4280f76686eaaa74b742fca5e6b23bdca90cea94845454f710caeee29b2ebb11689a3d438c3ed43bb45df955bce812524b7cca7a80b8caa484414e964007db41a8e08a03a4d019ad51dd8bc0293df3783a470727eebc82bbb3b2de531381c92dec0b2c8ad7693db177faa991a12bdf9936767e6b170383a9435b94d41bbbee305b44648b426b6179636d3a7a11b9daf4d297a2f5bc3695189f8793a4348c8ffa0e5d8702916ebdea31f4e10598629379c24091af5414e8e66e280e09c067143d8d053a1a93f22bbc2ba8ea70562bef13e9dce1b3e5574ba999926833dcd464d7c00c3a4b21a5a4e855d3372f1fa40ffe527b20dead7956d47c9e47f1c3bbc9d6478985e070d7f97615fa02f4f6f78ecbc3fc7721bf7a73e8545b37c8e11d7a35d5155af2e7ce894694926106f573e0f92b237a1b1610a5804f9aeda512056c7033cd7369a329937e3cf6415661fbb7223ec00aaeb6737f6a900957f7839cb3d4de8b3dacb4ad245de398ecf50b8aa99ad7383a19e6e490e9fba35ec49d9f70a48950a1f3bc02e809f7bdd5d1503c62ef98f5b9899ff9e2cb0c3a791304fe350a44fc915a5c508d0338f5610ace3532c85de207764abf536ec4abfb0e87cbf053d0b4c7398ffdb73501d907356a46ebcc59eb37f310cc1c8a8ee7c3a392230a2f1b0c3d4104122d8716c527e25d997c05b9f1f6e79e2dde6547936d0618eebb501bf248a7e255011196bf4d5144ab54379a8c46a2ec562b6f80dd61cf0e441bf56296bc13633a584ccd021dffb612332f3fd3033bf9d797ba257eec9b5c00a8bc2faa2214658d727f0ab94393ec6559d3d193c8f6437c59fad586057adca726faa33526919960e837ac8dae3ea9bf785de1c91fc20109a53427d27a8724c69c1235157bc758bb1f4547f5f91aadb0f1bb2154ca22ac87a66d4a465416d92b7e0ad022f85d59b8a634a997fba251f7776f514c238016df0c41b51648748c97621ed4896ddee08770cb686d3c9d3a676526ca4f1fdf3c13a7fb9195ae22f159774610be777a5e714580f8c961d55d6d17ddc7be02fa789a2bcd0faa695b6fec938a6240f488555b18105a29980669ac677e90aca19cbccb3c703aa4c80eb958e9e13dd5a7da94181256176a4eb7fbfe5704d1444aa16aafe4f2de3536fad41beaf33b7a1f25e09dc0ed8d5dae0b3f6bfefb375089d08dbc62ee1e52ab064fb53ba15c567439cd3df36ef4d87bfc726a72e9f61a57e60b0d493c92e4558f5b23f44e723bbb07908a4f3ac689d870fa04c0c735af3092d8fe3b6fdf359b0b201a20258994be6d4b3f06e3648b9db611904ebdcbdad1aed1d923373d018e7e3f05cc55fb8ef8d72e3a3cf0daa10c53fe36323a570ea353c270716b6ec632da3caa0cee776b42dce1251c9eb96667fe5f54480f3bca471673413d51bb72dd66d492775cd959185f4a069e63c370b53790a1b4f16d6ab63e47a9c9dcbb553820d259ff383258e5319a74003d4a41da3354a42542cd75c9b7a6b1a3a13ddb0ee1da052e73110f864eb49836fab7061893945020a4e53262bd53bf030880fb64c6fafabc19ee7ff76b268fcdf8ae6ba3efb2a3edd62da3f9618ff8ad734c55a789408d5fd580b32dbb216359163fb0e30ba28f5234227677b4df284475b8b2243470a3c1ef7258c396204a7e462922c9877079edf2b9528b01eaa539db6a6906795d388af1f2f16b6a0fba10d0c5eb3f373db762ad1f1a51fae1d46f64c25529301a9b48674fd2d5fc0ee2b5b96168e0e08a2e662d42428eee63889266e50d7d402ade5f18323328a1cf1a75e6e9b6142e5d4b02c8a8fdda2f3f564853790ce441cff3c0887ada4897c6b874324af8f272873780ca8751372244416f91d2f863cc8dcbeb350045ef2728eb329b6a9fb16b4ef2e3f5321409ffe9df6545a52061878027db83e5d9bbb8196bcf5d311902ce7261784cc5901cb3366200079d77795d489c852aacd47d8d79a14fc5de9a0da2879892311aca55986a0556384c76abb7268d828eaf429b5852a015d2d266be64a06f9ff83ffb29515282399c98d429183dac1a49492e8b583fdd132eb3e56578e4d022810b4ad7767759f7a3b41a7a9b5b3205d5e9da22e185300e36ed9ac52435db637e178065adfa4a5295eefc7400faab54efc200b0d92d6a6cf6f283c48fd1789b2af303e2fa7af252b2e8783454332aa1fd57a1d509697b4722f5855fe378022e17971d2e0b073824e3f87dd22f1c9326f836ca2d194760e028f83af7c320d5db2600485c6269653ded0e470585fec54fbd4f4b745305874229b65a58f229351849ed9c180362e3488bb36a39d427729aaaa5abc1b62737a04a4877abce026dde539f758b233f1c438da0ec7be8a8b60ca340a1190930a1ff0d3f64093f08473168c112ffee1855a896cd372db85e5c888e7837674fe01f7be8083cc4dcbc2b8348ec428f1a51ec515f845b6ea60644a6a2353906f8dad170365397261d2aae66284b618f010acaa5c7e912cf36c8f6cbd5d6db1785f878917bb7b783e47ae79d0d424d029b7e6745d660f9fd22c75c698e1b5e6ef2b48bc2179e28b0720b96d7c017a89bb6ddd9df09781fb67a7ec0697eea6d1a3dedbdf1854cd95d5d5d82c0683ac4b891a2d9c7c636757a21a17fee0d5a28ea2b7dde4b27a3237663d0008df7ba297ab3aa4edbbc359a9c28e6eabd93243633dfbbd7159384a6dcc00ca83c21fcdccd06f897c87342ac443899eda3df998f9db40f71b8ae2c5258cadb8cab3eb84aa003e996e6a52da0eb8967e4cb16427cca195ae7b3daafcf05a01ad7a94e1e94eb9eb2e027185f819a0c7842562f1d69d009bca0b22ffa91fef63e9975c06d8ad270fe310abcacff4e4daaad3c156ae6b9e2a21f9c782ea87670a568ef0ad1002c69083215294fe1d0c1919431e63ccea641789296f9bbc672e1f2e9de75d8f3d5e64bab2e763218c30ba4116bc19b3a8a20e6ec10cda43e43ec56e23f81fe501b14873f52e081c0da5808b1728369eb9de6fb0ed0ba49fa054c993ca9e1113d23651ed091349fd877a98d72fde4988f32e42ef170d042957e142a140155b152413b18dfbb0e1057d5f95432a072eb29f61467d8c0c0ad396f640e7414a428f5f106194d5ec6f532d7568f2a49fb8a2c9ea68a2cbf9cff869315bf802db9b25b802dfda2736644e8a42d13b4814ef9e04b13d5532b6f900a509c7a5796f6a5a98d0f26002d521b767aa6ac4a3cb66287940211fe3e4920b63f5794db15fe276ad5d1374ab56aaf5c61d4cd2ef6674239500d89841a1d6614bd8dec15dd1e28cce8f72ec9f21a552a6c7826988c13afdfecb0b8bbe2820e5936ed", &(0x7f0000001180)=""/57, 0x4, 0x4, 0xffffffffffffffff, &(0x7f00000011c0)}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1187.713450] binder_alloc: 16486: binder_alloc_buf size 12296 failed, no address space [ 1187.738891] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1187.755815] binder: undelivered TRANSACTION_ERROR: 29201 03:54:50 executing program 1: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x100, 0x113000) setsockopt$inet_dccp_int(r0, 0x21, 0xe, &(0x7f0000000040)=0x4, 0x4) r1 = open(&(0x7f0000000080)='./file0\x00', 0x200, 0x2) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) sendmsg$can_raw(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x1d, r2}, 0x10, &(0x7f0000000340)={&(0x7f00000002c0)=@canfd={{0x4, 0x2, 0x6, 0x3}, 0x32, 0x3, 0x0, 0x0, "69950e58603897b7aa8c9b6e22167bf839bffe0e136cf743107299db49464438c52162a3c8df75695813ab4ca7d22ed6e0fe448a154d3d9459f8b1685c147303"}, 0x48}, 0x1, 0x0, 0x0, 0x4008004}, 0x80) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000003c0)={0x0, 0x7, 0x5}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000440)={r3}, &(0x7f0000000480)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000004c0)={r3, 0x1f}, 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000500)={0xffffffffffffa3a9, 0x3, {0x0, 0x1, 0x81, 0x3, 0x7}}) getcwd(&(0x7f0000000580)=""/203, 0xcb) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000680)={0x6, 0x4, 0x6, 0x6}, 0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000006c0)={r3, @in={{0x2, 0x4e21, @multicast2}}, 0x8, 0x479, 0x400, 0x6, 0x1}, &(0x7f0000000780)=0x98) setxattr$security_smack_entry(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)='security.SMACK64\x00', &(0x7f0000000840)='/dev/amidi#\x00', 0xc, 0x2) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000880)={r3, 0x3, 0x2}, &(0x7f00000008c0)=0x8) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000940)={0x2, &(0x7f0000000900)=[{}, {0x0}]}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000980)={r4, 0x2}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000009c0)={{{@in=@loopback, @in6=@initdev}}, {{@in=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000ac0)=0xe8) accept4$alg(r1, 0x0, 0x0, 0x80800) setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000b00)={0x0, 0x8, 0x9, 0x9, 0x4ae, 0x0, 0x3, 0x4, 0x8, 0x3f, 0xb1}, 0xb) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000b40)={0x27, 0x2d, 0x11, 0x1a, 0x9, 0x2, 0x0, 0x144, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000b80), &(0x7f0000000bc0)=0x4) setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000c40)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000f40)={&(0x7f0000000c00), 0xc, &(0x7f0000000f00)={&(0x7f0000000c80)={0x260, r5, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x4c, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x722a0a00}, @TIPC_NLA_NET_ADDR={0x8}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2b1}]}, @TIPC_NLA_LINK={0x118, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x61}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd79}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc9f}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}]}]}, @TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffff9}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000000000}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}, @TIPC_NLA_SOCK={0x30, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1f}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa19}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x300000000000000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffffffffff9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x248}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xf6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x260}, 0x1, 0x0, 0x0, 0x1}, 0x40054) mq_timedsend(r1, &(0x7f0000000f80)="d11cbcabc611d6ec7713119fd93d5515fff4100b6254583e98406287b6e99e8229f452d94e36fa312c249fb255918286361cccd9075ba7b9bb5fef8e89850f2d65a8363a9b4c1c9ffaea898e5a5dd84b4c903b4a8c4c493d5e8f", 0x5a, 0xfcd6, &(0x7f0000001000)={0x0, 0x1c9c380}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000001040)=0x3ff) sendmsg$nl_route(r0, &(0x7f0000001140)={&(0x7f0000001080), 0xc, &(0x7f0000001100)={&(0x7f00000010c0)=@setneightbl={0x1c, 0x43, 0x310, 0x70bd25, 0x25dfdbfc, {0x1e}, [@NDTA_THRESH3={0x8, 0x4, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8005}, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) [ 1187.764892] binder: BINDER_SET_CONTEXT_MGR already set [ 1187.777873] binder: undelivered TRANSACTION_ERROR: 29189 [ 1187.783661] binder: 16486:16487 ioctl 40046207 0 returned -16 03:54:50 executing program 2 (fault-call:2 fault-nth:36): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:50 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x80, 0x0) bind$tipc(r2, &(0x7f0000000140)=@id={0x1e, 0x3, 0x3, {0x4e20, 0x3}}, 0x10) ioctl$TIOCSISO7816(r2, 0xc0285443, &(0x7f0000000100)={0x2, 0x2, 0x4, 0x2, 0xffffffff}) 03:54:50 executing program 0: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x200, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) r1 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) r2 = dup(r1) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000080)={0x7, 0x0, {0x0, 0x0, 0x0, {0x6}, {}, @rumble}, {0x0, 0x0, 0x0, {}, {}, @cond}}) 03:54:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1187.881139] binder: undelivered TRANSACTION_ERROR: 29189 [ 1187.969271] binder_alloc: 16515: binder_alloc_buf size 12312 failed, no address space [ 1187.978507] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1187.989795] binder: undelivered TRANSACTION_ERROR: 29201 [ 1188.002376] binder_alloc: 16515: binder_alloc_buf size 12312 failed, no address space 03:54:50 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:50 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = socket(0x100000000000011, 0x3, 0x0) bind(r2, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x88001) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f00000000c0)=0x8, 0x4) sendfile(r1, r3, 0x0, 0x800000000024) 03:54:50 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/igmp6\x00') getsockopt$inet_buf(r1, 0x0, 0x28, &(0x7f0000000100)=""/4096, &(0x7f0000002100)=0x1000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000001100)=""/4096, 0x1000, 0x0, 0x0, 0x0) 03:54:50 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) write$P9_RSTATu(r0, 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000003c0)='/dev/snd/controlC#\x00', 0xfffffffffffffffc, 0x3) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105511, &(0x7f0000000240)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r2) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 1188.013288] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1188.023589] FAULT_INJECTION: forcing a failure. [ 1188.023589] name failslab, interval 1, probability 0, space 0, times 0 [ 1188.035463] CPU: 1 PID: 16519 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1188.042407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1188.051772] Call Trace: [ 1188.054389] dump_stack+0x172/0x1f0 [ 1188.058135] should_fail.cold+0xa/0x1b [ 1188.062065] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1188.067282] ? __sigqueue_alloc+0x173/0x4d0 [ 1188.071631] ? find_held_lock+0x35/0x130 [ 1188.075730] __should_failslab+0x121/0x190 [ 1188.079986] should_failslab+0x9/0x14 [ 1188.083802] kmem_cache_alloc+0x47/0x700 [ 1188.087887] ? kasan_check_read+0x11/0x20 [ 1188.092059] __sigqueue_alloc+0x268/0x4d0 [ 1188.096228] __send_signal+0x20f/0x14a0 [ 1188.100228] ? lock_acquire+0x16f/0x3f0 [ 1188.104228] send_signal+0x49/0xd0 [ 1188.107791] force_sig_info+0x251/0x310 [ 1188.109769] binder_alloc: 16515: binder_alloc_buf, no vma 03:54:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:50 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8000, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x6, 0x0, 0x2, 0x7}, {0x0, 0x96, 0x10001, 0x84}]}) r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r1, 0x802c550a, &(0x7f0000000040)={0x2, 0x15e, 0x0, 0x735, 0x9}) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x4008550d, &(0x7f0000000100)) [ 1188.111789] force_sig_info_fault.constprop.0+0x215/0x360 [ 1188.123000] ? is_prefetch.isra.0+0x470/0x470 [ 1188.127526] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1188.133104] ? trace_hardirqs_on+0x67/0x230 [ 1188.137468] __bad_area_nosemaphore+0x2db/0x3f0 [ 1188.142170] ? vmacache_find+0x65/0x310 [ 1188.146183] bad_area+0x69/0x80 [ 1188.149495] __do_page_fault+0xae1/0xe90 [ 1188.153587] ? do_mkdirat+0x1a2/0x2a0 [ 1188.157420] ? vmalloc_fault+0x770/0x770 [ 1188.161520] ? trace_hardirqs_off_caller+0x65/0x220 [ 1188.166587] ? trace_hardirqs_on_caller+0x6a/0x220 [ 1188.171551] ? page_fault+0x8/0x30 [ 1188.175125] do_page_fault+0x71/0x581 [ 1188.178952] ? page_fault+0x8/0x30 [ 1188.182537] page_fault+0x1e/0x30 [ 1188.186012] RIP: 0033:0x452a5f [ 1188.189221] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 1188.189231] RSP: 002b:00007f35c6955a88 EFLAGS: 00010283 [ 1188.189245] RAX: 00007f35c6955b40 RBX: 0000000020000068 RCX: 0000000000000000 [ 1188.189255] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f35c6955b40 [ 1188.189264] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 1188.189274] R10: 0000000000000075 R11: 00000000004e31a0 R12: 0000000000000005 [ 1188.189282] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1188.252464] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (b2381809) [ 1188.285723] binder_alloc: 16530: binder_alloc_buf size 12336 failed, no address space [ 1188.319305] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:51 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:51 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) recvfrom(r0, &(0x7f0000001100)=""/4096, 0x1000, 0x0, 0x0, 0x0) [ 1188.388066] binder_alloc: 16530: binder_alloc_buf size 12336 failed, no address space [ 1188.447665] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:51 executing program 2 (fault-call:2 fault-nth:37): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_THP_DISABLE(0x29, 0x1) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x105400, 0x0) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f0000000140)=""/127) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)) ioctl(r0, 0x1ff, &(0x7f0000000000)="0adc0a123c123f319bd070") r2 = socket(0x40000000001e, 0x1, 0x0) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000100)=@req={0x0, 0xffffffff00000001, 0x8000, 0x5e72}, 0xffffffffffffffe3) getsockopt(r2, 0x8000000112, 0x83, &(0x7f00004ad000), &(0x7f0000000040)=0xfffffffffffffe67) 03:54:51 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) write$P9_RSTATu(r0, 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000003c0)='/dev/snd/controlC#\x00', 0xfffffffffffffffc, 0x3) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105511, &(0x7f0000000240)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r2) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 03:54:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:51 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="559166593ae164c990a0a5744055325889f40102", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:51 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101200, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x8}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={r2, 0x200}, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000780)='/dev/sg#\x00', 0x0, 0x80000000042) ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000000140)=0x602080) r4 = dup(r3) write$binfmt_elf64(r4, &(0x7f00000001c0)=ANY=[], 0x0) ioctl$SG_GET_REQUEST_TABLE(r4, 0x227d, 0x0) 03:54:51 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:51 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'seqiv(aegis128l)\x00'}, 0xfffffffffffffdcb) r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x800, 0x400000) bind$vsock_dgram(r1, &(0x7f0000000100)={0x28, 0x0, 0x2710, @host}, 0x10) accept$unix(r1, &(0x7f00000001c0), &(0x7f0000000240)=0x6e) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = accept$alg(r0, 0x0, 0x0) fgetxattr(r0, 0xfffffffffffffffe, &(0x7f0000000140)=""/113, 0x71) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000280)=0x0) sched_setscheduler(r3, 0x0, &(0x7f00000002c0)=0x9) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x1000, 0x40000, 0x0, 0x0) [ 1188.730779] FAULT_INJECTION: forcing a failure. [ 1188.730779] name failslab, interval 1, probability 0, space 0, times 0 [ 1188.812747] CPU: 0 PID: 16578 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1188.819768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1188.829243] Call Trace: [ 1188.831859] dump_stack+0x172/0x1f0 [ 1188.831885] should_fail.cold+0xa/0x1b [ 1188.831906] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1188.844784] ? lock_downgrade+0x810/0x810 [ 1188.849046] ? ___might_sleep+0x163/0x280 [ 1188.853237] __should_failslab+0x121/0x190 [ 1188.857498] should_failslab+0x9/0x14 [ 1188.857514] __kmalloc_track_caller+0x2e1/0x750 [ 1188.857538] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1188.857554] ? strndup_user+0x77/0xd0 [ 1188.857570] memdup_user+0x26/0xb0 [ 1188.857584] strndup_user+0x77/0xd0 [ 1188.857602] ksys_mount+0x7b/0x150 [ 1188.857621] __x64_sys_mount+0xbe/0x150 [ 1188.857641] do_syscall_64+0x103/0x610 [ 1188.857662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1188.857675] RIP: 0033:0x45b81a 03:54:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:51 executing program 1: r0 = socket(0x10, 0x802, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x2, 0xfffffffffffffe36) write(r0, &(0x7f0000000100)="fc0000001a00071bab0925000900070007ab08001b00000069020093210001c000000000000000000000000000039815fa2c1ec28656aaa79bb94b46fe0000000a00020006046c6cf733e93dad19256f1a272fdf0d11512fd233d4c000000000008934d07302ade01720d3f8bbc91a3e2e80c8fc05defd5a32e280fc83ab82f605f70cec18444ef92e475ef8a29d81f3d9a48a170e5bba4a463ae4f5566f91cf190201ded815b2ccd243fa95ed94e0ad91bd0734babc7c6d27392ad23f2eeb57d47689cd3dd16b17e583df150c3b880f41b258a17c732229d655870271777a58a80000c88068a130dddef380900000080548deac270e33429fd31101", 0xfc) [ 1188.857690] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1188.857698] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1188.857725] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1188.882711] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1188.882721] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1188.882729] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 03:54:51 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) set_tid_address(&(0x7f0000000080)) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1188.882738] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:51 executing program 2 (fault-call:2 fault-nth:38): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:51 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) finit_module(r0, &(0x7f0000000180)='{posix_acl_access\x00', 0x1) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = creat(&(0x7f0000000080)='./file0\x00', 0xde) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000100)={0x3, 0x1, {0x3, 0x2, 0x2, 0x1, 0x6}}) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:51 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) splice(r0, &(0x7f0000000040), r1, &(0x7f0000000080), 0x3f, 0xa) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TIOCGETD(r0, 0x5424, &(0x7f00000000c0)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xd) ppoll(&(0x7f0000000100)=[{r0}, {r0, 0x8110}], 0x2, 0x0, 0x0, 0x0) 03:54:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:51 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:51 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00006cdfa8)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept4$alg(r0, 0x0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x2080, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000100)={0x1, 0x0, [{0x80000005, 0x10001, 0x1, 0x800, 0x9, 0x3, 0xffffffff80000001}]}) read(r1, &(0x7f00000000c0)=""/42, 0x2a) [ 1189.259735] FAULT_INJECTION: forcing a failure. [ 1189.259735] name failslab, interval 1, probability 0, space 0, times 0 [ 1189.285405] CPU: 0 PID: 16621 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1189.292408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1189.301874] Call Trace: [ 1189.304493] dump_stack+0x172/0x1f0 [ 1189.308155] should_fail.cold+0xa/0x1b [ 1189.312065] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1189.317197] ? lock_downgrade+0x810/0x810 [ 1189.317223] ? ___might_sleep+0x163/0x280 [ 1189.317245] __should_failslab+0x121/0x190 [ 1189.317262] should_failslab+0x9/0x14 [ 1189.317277] kmem_cache_alloc_trace+0x2cf/0x760 [ 1189.317298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1189.317313] ? _copy_from_user+0xdd/0x150 [ 1189.317339] copy_mount_options+0x5c/0x3a0 [ 1189.325691] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1189.358067] ksys_mount+0xa7/0x150 [ 1189.361641] __x64_sys_mount+0xbe/0x150 [ 1189.365645] do_syscall_64+0x103/0x610 [ 1189.369560] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1189.374858] RIP: 0033:0x45b81a [ 1189.378073] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1189.398612] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:54:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:52 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:52 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={0x0, 0xfffffffeffffffff}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000180)={0x0, 0xfb, "a6c633156326facdf54e52bc81338461e9200d9844c1b43bbbb1f5490e73ad44296af1b43e0229b0496b396ec36695096360c0a91fa9f5b34bc78fb5c86b6edcc8a1ff90ca639e4ea8439b2982a6c71f3765a065747e0e15fbce6149f88bab3fb8b0c7ba139b40c887972a71a713f16d302b5681eb6c170662a5a2696f4cf1d9f88cf09c2e0e091ef918531f14dbc7681f29a5f66426e355894c6a8feed967a61c364e26259ab2866c21ee94903561195c80c60ab4041696127e50f96763bbcb7cbb61959c039c1d4ee10c8f7145e62ddb5ee28e0f242421eea180781800e99d7b934ecc3ea0f8217c3bbb0a8aee37249308255f8bf78fb76007ab"}, &(0x7f00000002c0)=0x103) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000300)={r2, 0x20000, 0x8, 0x3, 0x4, 0x0, 0x6, 0x8, {r3, @in6={{0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}, 0x100000000}}, 0x7, 0x7, 0x8, 0x4, 0x8001}}, &(0x7f00000003c0)=0xb0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r4 = accept$alg(r0, 0x0, 0x0) recvfrom(r4, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:52 executing program 0: r0 = socket$inet(0x2, 0x1, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r0, &(0x7f00000003c0)={&(0x7f0000000340)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f0000000500)="bf", 0x1}], 0x1}, 0x0) r1 = syz_open_dev$adsp(0x0, 0x7, 0x0) io_setup(0x0, &(0x7f0000000000)) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={&(0x7f0000ffc000/0x3000)=nil, 0x7fffffff, 0x5, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0xe15}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ax25_SIOCDELRT(r1, 0x890c, &(0x7f0000000200)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000600)=ANY=[@ANYBLOB="e00000027f000001ffffffffffffffff000000000000000000000000000000000000000000000000ffff000000ff00000000000000000000000000000000000000000000000000000000000000000000ffff00ffffff00000000000000000000000901010081000300220006627071300000000000000000000000006970366772653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000080000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c6500000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffff0000000000000000000000000000e000000200000000ffffffffac1414aaac14140effffff00ffffffff0000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000ffff0000ffff0000000000000000000004000005c53f0080800000016970365f76746930000000000000000076657468315f746f5f626f6e6400000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000810200000000000000000000f0001801000000000000000000000000000000000000000000000000000028004155444954000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000e3fa914d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0001802000000000000000000000000000000000000000000000000000028015345434d41524b0000000000000000000000000000000000000000000000010000000100000073797374656d5f753a6f626a6563745f723a69707461626c65735f636f6e665f743a73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e8000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000057aa4384ab3e76a0206d734c0263d881f4eba158716e86450b3a427fbdcb7dada0ba"], 0x1) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) renameat2(0xffffffffffffffff, 0x0, r2, 0x0, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getdents64(r1, &(0x7f0000000100)=""/194, 0xc2) sendfile(r2, r3, 0x0, 0x10000) sched_setattr(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x200000000000802, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x2000000000000005) [ 1189.406348] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1189.413643] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1189.420941] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1189.428238] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1189.435524] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1189.490603] binder_alloc: 16627: binder_alloc_buf, no vma 03:54:52 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1189.561919] audit: type=1800 audit(2000001292.230:275): pid=16642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16945 res=0 [ 1189.628338] audit: type=1804 audit(2000001292.230:276): pid=16642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir794294696/syzkaller.5JUWGp/1228/file0" dev="sda1" ino=16945 res=1 03:54:52 executing program 2 (fault-call:2 fault-nth:39): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:52 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f00000001c0)) recvfrom(r0, &(0x7f0000000200)=""/146, 0x92, 0x10000, &(0x7f00000002c0)=@pptp={0x18, 0x2, {0x2, @multicast2}}, 0x80) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) flock(r2, 0x2) r3 = accept$alg(r0, 0x0, 0x0) recvfrom(r3, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r4, &(0x7f0000000100)={0x2, 0x80000000}, 0x2) [ 1189.875462] FAULT_INJECTION: forcing a failure. [ 1189.875462] name failslab, interval 1, probability 0, space 0, times 0 [ 1189.907546] CPU: 0 PID: 16656 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1189.914555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1189.923957] Call Trace: [ 1189.926576] dump_stack+0x172/0x1f0 [ 1189.926603] should_fail.cold+0xa/0x1b [ 1189.926626] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1189.926648] ? lock_downgrade+0x810/0x810 [ 1189.926671] ? ___might_sleep+0x163/0x280 [ 1189.934199] __should_failslab+0x121/0x190 [ 1189.951940] should_failslab+0x9/0x14 [ 1189.955761] kmem_cache_alloc+0x2b1/0x700 [ 1189.959942] ? find_held_lock+0x35/0x130 [ 1189.964034] ? fs_reclaim_acquire+0x20/0x20 [ 1189.968389] getname_flags+0xd6/0x5b0 [ 1189.972223] user_path_at_empty+0x2f/0x50 [ 1189.976394] do_mount+0x150/0x2bc0 [ 1189.979972] ? rcu_read_lock_sched_held+0x110/0x130 [ 1189.985024] ? copy_mount_string+0x40/0x40 [ 1189.989296] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1189.994868] ? _copy_from_user+0xdd/0x150 [ 1189.999052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1190.004721] ? copy_mount_options+0x280/0x3a0 [ 1190.009271] ksys_mount+0xdb/0x150 [ 1190.024409] __x64_sys_mount+0xbe/0x150 [ 1190.028611] do_syscall_64+0x103/0x610 [ 1190.032547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1190.037770] RIP: 0033:0x45b81a [ 1190.040988] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1190.059943] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1190.067695] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1190.075199] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1190.082511] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1190.089838] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1190.097247] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:52 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x8, @ipv4={[], [], @empty}, 0x5}, @in6={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, @in={0x2, 0x4e23, @rand_addr=0xffffffff}, @in6={0xa, 0x4e24, 0x0, @mcast2, 0x20}, @in6={0xa, 0x4e24, 0x9e, @mcast1, 0x5}, @in={0x2, 0x4e23, @rand_addr=0xfffffffffffeffff}, @in6={0xa, 0x4e24, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4}, @in6={0xa, 0x4e24, 0x1ff, @local, 0xfffffffffffffff7}], 0xc8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') getsockopt(r1, 0x80, 0x1, &(0x7f0000000100)=""/212, &(0x7f0000000200)=0xd4) eventfd(0x9) preadv(r1, &(0x7f0000000700), 0x249, 0x0) getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000340), &(0x7f0000000380)=0x4) r2 = fcntl$getown(r1, 0x9) syz_open_procfs(r2, &(0x7f00000000c0)='net/nfsfs\x00') syz_genetlink_get_family_id$tipc2(0x0) 03:54:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:52 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:52 executing program 4: recvmsg$kcm(0xffffffffffffff9c, &(0x7f0000000600)={&(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)}, {&(0x7f0000000180)=""/129, 0x81}, {&(0x7f0000000240)=""/114, 0x72}, {&(0x7f00000002c0)=""/209, 0xd1}, {&(0x7f00000003c0)=""/102, 0x66}, {&(0x7f0000000440)=""/123, 0x7b}], 0x6, &(0x7f0000000540)=""/171, 0xab}, 0x10000) sendto$rxrpc(r0, &(0x7f0000000640)="66a353d112f8eaab2d75b97ee98427a37572beef25473f76f05c14cf010e2402b2bed982ef7987224e01603bab4152e3b54e7542a6f5732d23c953141a2ba856a9912fc73b1837c57b22b93474779b697ff8ae555474fcaa7a9264f467225b77ef2f8076c6849058b552bc6b5b13759482b91c0a4a4aaf03ed3c777edc47bf9cda2d5e4f46db6d2a2e7b", 0x8a, 0x4000, &(0x7f0000000700)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}}, 0x24) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) ioctl$SIOCGETNODEID(r0, 0x89e1, &(0x7f0000000080)={0x3}) r2 = accept$alg(r1, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="030000007dfcbbc852fae48124a20000000000000c000000050000009d3d000001000000000000001f0000000000000000000000000000000900000000000000000000000000000000000000000000000001000000000000"]) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:52 executing program 2 (fault-call:2 fault-nth:40): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1190.324321] binder_transaction: 31 callbacks suppressed [ 1190.324339] binder: 16667:16674 transaction failed 29201/-28, size 116-12288 line 2970 [ 1190.346953] binder: 16668:16669 transaction failed 29201/-28, size 2046820352-12288 line 2970 [ 1190.363873] audit: type=1804 audit(2000001293.030:277): pid=16662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir794294696/syzkaller.5JUWGp/1228/file0" dev="sda1" ino=16945 res=1 03:54:53 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={r0}) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000100)={{0x67, @empty, 0x4e20, 0x4, 'wlc\x00', 0x22, 0x8000, 0x61}, {@multicast1, 0x4e21, 0x2000, 0x4, 0x7, 0xb672}}, 0x44) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1190.499055] binder: BINDER_SET_CONTEXT_MGR already set 03:54:53 executing program 0: sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x84}}, 0x20000004) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="0218000010000000400000190000000008001200000fa13e870009000000004a10fc6d39498b80bc0000000000000000e000000100000000000000265bac76070001000000000000000000000000000003000600160200000200000000800000000000000000000003000500da00000002000000b28dbebb0000000000000000"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) [ 1190.549997] binder: 16667:16685 transaction failed 29189/-22, size 116-12288 line 2855 [ 1190.593867] FAULT_INJECTION: forcing a failure. [ 1190.593867] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1190.600960] binder: 16667:16674 ioctl 40046207 0 returned -16 [ 1190.605755] CPU: 1 PID: 16682 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1190.605766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1190.605771] Call Trace: [ 1190.605805] dump_stack+0x172/0x1f0 [ 1190.634228] should_fail.cold+0xa/0x1b [ 1190.638156] ? kernel_text_address+0x73/0xf0 [ 1190.642591] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1190.647729] ? mark_held_locks+0x100/0x100 [ 1190.651983] __alloc_pages_nodemask+0x1ee/0x760 [ 1190.656684] ? __alloc_pages_slowpath+0x2870/0x2870 [ 1190.661727] ? find_held_lock+0x35/0x130 [ 1190.665821] cache_grow_begin+0x9c/0x8c0 [ 1190.669918] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1190.675477] ? check_preemption_disabled+0x48/0x290 [ 1190.680515] kmem_cache_alloc+0x63e/0x700 [ 1190.680543] getname_flags+0xd6/0x5b0 [ 1190.680562] user_path_at_empty+0x2f/0x50 [ 1190.680580] do_mount+0x150/0x2bc0 [ 1190.680601] ? rcu_read_lock_sched_held+0x110/0x130 [ 1190.680620] ? copy_mount_string+0x40/0x40 [ 1190.705745] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1190.711393] ? _copy_from_user+0xdd/0x150 [ 1190.715572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1190.721132] ? copy_mount_options+0x280/0x3a0 [ 1190.725668] ksys_mount+0xdb/0x150 [ 1190.729241] __x64_sys_mount+0xbe/0x150 [ 1190.733243] do_syscall_64+0x103/0x610 [ 1190.737174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1190.742744] RIP: 0033:0x45b81a [ 1190.745948] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1190.745958] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1190.745974] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1190.745983] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:54:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:53 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000340), &(0x7f0000000380)=0x4) r2 = fcntl$getown(r0, 0x9) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000180)={{0x2, 0x1, 0x76, 0xffffffffffffffff, 'syz1\x00', 0x400}, 0x6, 0x100, 0x5, r2, 0x8, 0x848, 'syz1\x00', &(0x7f0000000100)=['cfb(twofish-asm)\x00', 'cfb(twofish-asm)\x00', 'cfb(twofish-asm)\x00', 'skcipher\x00', 'cfb(twofish-asm)\x00', ':lo\x00', 'selfem0vmnet0ppp0+\x7fmime_type-ppp1:em1eth1:\x00', '\x00'], 0x7d, [], [0x14000000, 0x2, 0x4, 0xffffffff]}) r3 = accept$alg(r0, 0x0, 0x0) recvfrom(r3, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000480)={0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000580)={0x70, 0x0, &(0x7f00000004c0)=[@request_death={0x400c630e, 0x3, 0x3}, @transaction_sg={0x40486311, {{0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x48, &(0x7f00000003c0), &(0x7f0000000400)=[0x60, 0x78, 0x78, 0x0, 0x28, 0x18, 0x30, 0x38, 0x0]}, 0x800}}, @acquire_done={0x40106309, r4}], 0x0, 0x0, &(0x7f0000000540)}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f00000002c0)={0x0}) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/net/pfkey\x00', 0x80000, 0x0) getsockopt$IP6T_SO_GET_INFO(r6, 0x29, 0x40, &(0x7f00000005c0)={'security\x00'}, &(0x7f0000000540)=0x54) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000300)={r5}) 03:54:53 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x8, @ipv4={[], [], @empty}, 0x5}, @in6={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, @in={0x2, 0x4e23, @rand_addr=0xffffffff}, @in6={0xa, 0x4e24, 0x0, @mcast2, 0x20}, @in6={0xa, 0x4e24, 0x9e, @mcast1, 0x5}, @in={0x2, 0x4e23, @rand_addr=0xfffffffffffeffff}, @in6={0xa, 0x4e24, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4}, @in6={0xa, 0x4e24, 0x1ff, @local, 0xfffffffffffffff7}], 0xc8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') getsockopt(r1, 0x80, 0x1, &(0x7f0000000100)=""/212, &(0x7f0000000200)=0xd4) eventfd(0x9) preadv(r1, &(0x7f0000000700), 0x249, 0x0) getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000340), &(0x7f0000000380)=0x4) r2 = fcntl$getown(r1, 0x9) syz_open_procfs(r2, &(0x7f00000000c0)='net/nfsfs\x00') syz_genetlink_get_family_id$tipc2(0x0) 03:54:53 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1190.745999] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1190.772839] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1190.772850] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1190.795982] binder: 16699:16700 transaction failed 29189/-22, size 4261281791-12288 line 2855 [ 1190.827116] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (b2381809) 03:54:53 executing program 4: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@dev}}, &(0x7f0000000240)=0xe8) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000280)={r1, @loopback, @rand_addr=0x4}, 0xc) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x2, 0x0) r3 = accept$alg(r2, 0x0, 0x0) recvfrom(r3, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) accept4(r0, 0x0, &(0x7f00000002c0), 0x800) 03:54:53 executing program 0: waitid(0x200000002, 0x0, 0x0, 0x2, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x20000, 0x0) write$evdev(r0, &(0x7f0000000040)=[{{0x77359400}, 0x14, 0x5, 0x5}, {{}, 0x0, 0x1, 0x7b8}], 0x30) [ 1190.837153] binder: 16701:16704 transaction failed 29201/-28, size 122-12288 line 2970 [ 1190.862316] binder: 16701:16709 transaction failed 29201/-28, size 122-12288 line 2970 [ 1190.866043] binder: 16699:16708 transaction failed 29201/-28, size 4261281791-12288 line 2970 03:54:53 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:53 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:53 executing program 2 (fault-call:2 fault-nth:41): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:53 executing program 0: openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x100, 0x0) r0 = socket$inet(0x2, 0x3, 0x81) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f00000000c0)="ac141422", 0x4) 03:54:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x22, 0x2, 0x4) recvmsg(r1, &(0x7f00000014c0)={&(0x7f0000000180)=@sco, 0x80, &(0x7f0000001400)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/253, 0xfd}, {&(0x7f0000001300)=""/42, 0x2a}, {&(0x7f0000001340)=""/191, 0xbf}], 0x4, &(0x7f0000001440)=""/125, 0x7d}, 0x20) ioctl$IMGETDEVINFO(r1, 0x80044944, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000e00000/0x200000)=nil, &(0x7f0000f2a000/0x3000)=nil, &(0x7f0000fba000/0x2000)=nil, &(0x7f0000ebb000/0x3000)=nil, &(0x7f0000f85000/0x2000)=nil, &(0x7f0000f92000/0x4000)=nil, &(0x7f0000ec7000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)="ba13087739834525ad1a4295dd998fb1f20ecd22fe6b22a033e3023d7fc4fec431deab62ff1bc724dc6f678025f26ba46cd85a08e722742c8dfdca02cd2db33b0fdfb91cce2be9f264c91c96dccfe3ddcef7bbddd217e12d89d6e1755ec56c9532c8c1d4a09e0039d5132366274bce81f0494a5f8c0e488bd98346b302d37964c3f5684d6af59059b60ca561c20ae4ab6549e55048e41dffb87a0d0e7678d0fb2f13c360fc06ebbd4ee21b7cd26e8a729e", 0xb1, r0}, 0x68) [ 1191.042188] binder: 16721:16722 transaction failed 29189/-22, size 4294966781-12288 line 2855 [ 1191.112791] binder: 16725:16726 transaction failed 29201/-28, size 768-12288 line 2970 [ 1191.149134] binder: 16721:16722 transaction failed 29201/-28, size 4294966781-12288 line 2970 03:54:53 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x0, 0x101000) ioctl$DRM_IOCTL_GET_UNIQUE(r1, 0xc0106401, &(0x7f0000001100)={0x1000, &(0x7f0000000100)=""/4096}) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1191.190088] FAULT_INJECTION: forcing a failure. [ 1191.190088] name failslab, interval 1, probability 0, space 0, times 0 [ 1191.215120] CPU: 0 PID: 16735 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1191.222125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1191.231509] Call Trace: [ 1191.234132] dump_stack+0x172/0x1f0 [ 1191.237797] should_fail.cold+0xa/0x1b [ 1191.241712] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1191.246843] ? lock_downgrade+0x810/0x810 [ 1191.251034] ? ___might_sleep+0x163/0x280 [ 1191.255209] __should_failslab+0x121/0x190 [ 1191.259474] should_failslab+0x9/0x14 [ 1191.263310] __kmalloc_track_caller+0x2e1/0x750 [ 1191.268015] ? kstrdup_const+0x66/0x80 [ 1191.271958] kstrdup+0x3a/0x70 [ 1191.275199] kstrdup_const+0x66/0x80 [ 1191.278949] alloc_vfsmnt+0xba/0x780 [ 1191.282697] vfs_kern_mount.part.0+0x2a/0x410 [ 1191.287244] do_mount+0x53e/0x2bc0 03:54:53 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1191.290824] ? copy_mount_string+0x40/0x40 [ 1191.295093] ? _copy_from_user+0xdd/0x150 [ 1191.299410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1191.304988] ? copy_mount_options+0x280/0x3a0 [ 1191.309528] ksys_mount+0xdb/0x150 [ 1191.313101] __x64_sys_mount+0xbe/0x150 [ 1191.317136] do_syscall_64+0x103/0x610 [ 1191.321135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1191.326354] RIP: 0033:0x45b81a 03:54:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1191.329570] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1191.348506] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1191.356337] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1191.363638] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1191.370929] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1191.378229] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 03:54:54 executing program 0: mknod(&(0x7f0000000180)='./file0\x00', 0x2, 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='0\n*:d]:.,[:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, 0x0) 03:54:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1191.385525] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:54 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="b7f2288a933d559166593ae164c990a0", 0xfffffffffffffce9) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1191.488759] binder: BINDER_SET_CONTEXT_MGR already set [ 1191.494118] binder: 16754:16755 ioctl 40046207 0 returned -16 03:54:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1191.537983] libceph: resolve '0 [ 1191.537983] *' (ret=-3): failed [ 1191.544454] libceph: parse_ips bad ip '0 [ 1191.544454] *:d]:.,[' [ 1191.573343] libceph: resolve '0 [ 1191.573343] *' (ret=-3): failed 03:54:54 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:54 executing program 2 (fault-call:2 fault-nth:42): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:54 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x3, 0x4, 0x9f}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet6_int(r1, 0x11, 0x66, &(0x7f0000b67000), &(0x7f00007d0000)=0x4) [ 1191.607553] libceph: parse_ips bad ip '0 [ 1191.607553] *:d]:.,[' [ 1191.619940] binder_alloc_new_buf_locked: 23 callbacks suppressed [ 1191.619950] binder_alloc: 16774: binder_alloc_buf size 13824 failed, no address space [ 1191.706848] binder_alloc_new_buf_locked: 23 callbacks suppressed [ 1191.706899] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1191.735530] FAULT_INJECTION: forcing a failure. [ 1191.735530] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1191.761979] CPU: 0 PID: 16781 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1191.768972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1191.778365] Call Trace: [ 1191.780984] dump_stack+0x172/0x1f0 [ 1191.784642] should_fail.cold+0xa/0x1b [ 1191.788551] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1191.793670] ? ___might_sleep+0x163/0x280 [ 1191.795177] binder_alloc: 16774: binder_alloc_buf size 144115188075868160 failed, no address space [ 1191.797838] ? __might_sleep+0x95/0x190 [ 1191.797860] __alloc_pages_nodemask+0x1ee/0x760 [ 1191.797878] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1191.797892] ? pcpu_alloc+0x144/0x12d0 [ 1191.797908] ? __alloc_pages_slowpath+0x2870/0x2870 [ 1191.797929] ? pcpu_balance_workfn+0x12a0/0x12a0 [ 1191.797950] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1191.825491] alloc_pages_current+0x107/0x210 [ 1191.833874] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1191.835277] get_zeroed_page+0x14/0x50 [ 1191.835296] mount_fs+0x210/0x331 [ 1191.835324] vfs_kern_mount.part.0+0x6f/0x410 [ 1191.845288] do_mount+0x53e/0x2bc0 [ 1191.869508] ? copy_mount_string+0x40/0x40 [ 1191.871453] binder_release_work: 43 callbacks suppressed [ 1191.871460] binder: undelivered TRANSACTION_ERROR: 29201 [ 1191.873776] ? _copy_from_user+0xdd/0x150 [ 1191.873802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1191.873821] ? copy_mount_options+0x280/0x3a0 [ 1191.889375] binder_alloc: 16774: binder_alloc_buf size 144115188075868160 failed, no address space [ 1191.894441] ksys_mount+0xdb/0x150 [ 1191.894461] __x64_sys_mount+0xbe/0x150 [ 1191.894486] do_syscall_64+0x103/0x610 [ 1191.919519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1191.922719] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1191.924725] RIP: 0033:0x45b81a [ 1191.924742] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 03:54:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$selinux_context(r1, &(0x7f0000000040)='system_u:object_r:src_t:s0\x00', 0xfffffc19) read$alg(r1, &(0x7f0000000100)=""/38, 0xc4f606fc8ff394d1) 03:54:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) chmod(&(0x7f0000000080)='./file0\x00', 0x190) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:54 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000000)='./bus\x00', 0x541, 0x1, &(0x7f0000000100)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x18, 0x40040) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000080)={0x200, 0x1f}) 03:54:54 executing program 2 (fault-call:2 fault-nth:43): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1191.924751] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1191.924768] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1191.924777] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1191.924791] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1191.946115] binder: undelivered TRANSACTION_ERROR: 29201 [ 1191.955780] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1191.955791] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:54 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1192.054593] binder: undelivered TRANSACTION_ERROR: 29201 03:54:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$TCSETX(r1, 0x5433, &(0x7f0000000080)={0xff8b, 0x9, [0x81, 0x4, 0x401, 0x3], 0x1}) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:54 executing program 0: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000040)) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000000000000000004c00000000000000000000000000e0e51532000000000200880126000100000064000000020127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) [ 1192.156531] binder: undelivered TRANSACTION_ERROR: 29189 [ 1192.171727] binder_alloc: 16811: binder_alloc_buf size 14080 failed, no address space [ 1192.200887] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:54:54 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1192.242829] FAULT_INJECTION: forcing a failure. [ 1192.242829] name failslab, interval 1, probability 0, space 0, times 0 [ 1192.275421] binder: undelivered TRANSACTION_ERROR: 29201 03:54:55 executing program 1: r0 = gettid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r2 = socket(0x10, 0x3, 0x0) close(r2) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) connect$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @broadcast}, 0x10) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r4) close(r5) pipe(&(0x7f0000000100)) splice(r2, 0x0, r5, 0x0, 0xc0, 0x0) tkill(r0, 0x1000000000016) [ 1192.285844] binder_alloc: 16811: binder_alloc_buf size 14080 failed, no address space [ 1192.338289] CPU: 0 PID: 16812 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1192.345295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1192.346515] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1192.354663] Call Trace: [ 1192.354693] dump_stack+0x172/0x1f0 [ 1192.354719] should_fail.cold+0xa/0x1b [ 1192.354742] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1192.354764] ? lock_downgrade+0x810/0x810 [ 1192.354783] ? ___might_sleep+0x163/0x280 [ 1192.354808] __should_failslab+0x121/0x190 [ 1192.354828] should_failslab+0x9/0x14 [ 1192.354841] kmem_cache_alloc+0x2b1/0x700 [ 1192.354858] ? lock_downgrade+0x810/0x810 [ 1192.354882] alloc_vfsmnt+0x28/0x780 [ 1192.354904] vfs_kern_mount.part.0+0x2a/0x410 [ 1192.392570] binder: undelivered TRANSACTION_ERROR: 29201 [ 1192.395312] do_mount+0x53e/0x2bc0 [ 1192.395336] ? copy_mount_string+0x40/0x40 [ 1192.395365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.417476] ? copy_mount_options+0x280/0x3a0 [ 1192.425269] ksys_mount+0xdb/0x150 [ 1192.443223] __x64_sys_mount+0xbe/0x150 [ 1192.447258] do_syscall_64+0x103/0x610 [ 1192.451188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1192.456421] RIP: 0033:0x45b81a [ 1192.459646] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1192.478666] RSP: 002b:00007f35c6934a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:54:55 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$P9_RRENAME(r1, &(0x7f0000000080)={0x7, 0x15, 0x2}, 0x7) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:55 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f000000a780)=[{{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000000400)=""/142, 0x8e}], 0x1}}], 0x1, 0x0, 0x0) close(r1) openat$cgroup_int(r0, &(0x7f0000000100)='io.bfq.weight\x00', 0x2, 0x0) readv(r1, &(0x7f00000002c0), 0x1a5) 03:54:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1192.487677] RAX: ffffffffffffffda RBX: 00007f35c6934b40 RCX: 000000000045b81a [ 1192.494974] RDX: 00007f35c6934ae0 RSI: 0000000020000000 RDI: 00007f35c6934b00 [ 1192.502261] RBP: 0000000000000001 R08: 00007f35c6934b40 R09: 00007f35c6934ae0 [ 1192.509545] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1192.516832] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000003 [ 1192.565245] binder_alloc: 16841: binder_alloc_buf size 288230376151724032 failed, no address space 03:54:55 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = dup3(r0, r0, 0x80000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x113, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000100), r2, 0x3}}, 0x18) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r3 = accept$alg(r0, 0x0, 0x0) recvfrom(r3, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1192.642037] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1192.692372] binder_alloc: 16841: binder_alloc_buf size 16896 failed, no address space [ 1192.701260] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1192.715748] binder: undelivered TRANSACTION_ERROR: 29201 [ 1192.723070] binder_alloc: 16841: binder_alloc_buf size 288230376151724032 failed, no address space [ 1192.736428] binder: undelivered TRANSACTION_ERROR: 29201 03:54:55 executing program 2 (fault-call:2 fault-nth:44): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:55 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a933d559166593ae164c990a0c09870b1b2f309385e10df91460e032a1eb8e448060000000000000099d3902c582b56fe97f99e1f30383adc4739a953cd509de46090d058f8733c33bc78a60c79293d4ed600ee834681100f641c0c60a74227c6b9daea1a7542d6d389f5eb351b256ceb68fad2209371c28d20", 0x7d) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1192.744209] binder: BINDER_SET_CONTEXT_MGR already set [ 1192.756092] binder: 16841:16842 ioctl 40046207 0 returned -16 [ 1192.768376] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1192.779027] binder_alloc: 16841: binder_alloc_buf size 16896 failed, no address space [ 1192.788090] binder: undelivered TRANSACTION_ERROR: 29201 03:54:55 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x80000, 0x0) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'veth0_to_hsr\x00', 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f0000000200)=0xe8) recvmsg$kcm(0xffffffffffffff9c, &(0x7f0000000740)={&(0x7f0000000240)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000300)=""/211, 0xd3}, {&(0x7f0000000400)=""/23, 0x17}, {&(0x7f0000000440)=""/15, 0xf}, {&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000500)=""/224, 0xe0}], 0x5, &(0x7f0000000680)=""/130, 0x82}, 0x20) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x23, &(0x7f0000000e00)={@empty, @broadcast, 0x0}, &(0x7f0000000e40)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000000e80)={'team0\x00', 0x0}) accept4$packet(0xffffffffffffff9c, &(0x7f0000000f80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000fc0)=0x14, 0x80800) accept4$packet(0xffffffffffffff9c, &(0x7f0000001100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001140)=0x14, 0x80000) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000001180)={{{@in, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f0000001280)=0xe8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000001380)={'ipddp0\x00', 0x0}) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f00000013c0)={@rand_addr, @multicast1, 0x0}, &(0x7f0000001400)=0xc) getsockname$packet(0xffffffffffffff9c, &(0x7f0000001440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001580)={{{@in=@initdev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f0000001680)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000016c0)={{{@in=@loopback, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@empty}}, &(0x7f00000017c0)=0xe8) recvmmsg(0xffffffffffffff9c, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001900)=""/110, 0x6e}, {&(0x7f0000001980)=""/253, 0xfd}, {&(0x7f0000001a80)=""/166, 0xa6}, {&(0x7f0000001b40)=""/31, 0x1f}, {&(0x7f0000001b80)=""/96, 0x60}, {&(0x7f0000001c00)=""/254, 0xfe}], 0x6, &(0x7f0000001d80)=""/119, 0x77}, 0x5}, {{&(0x7f0000001e00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000001e80)=""/1, 0x1}, {&(0x7f0000001ec0)=""/232, 0xe8}], 0x2, &(0x7f0000002000)=""/127, 0x7f}, 0x10001}, {{0x0, 0x0, &(0x7f00000020c0)=[{&(0x7f0000002080)=""/44, 0x2c}], 0x1, &(0x7f0000002100)=""/195, 0xc3}, 0x8df}, {{&(0x7f0000002200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002280)=""/137, 0x89}, {&(0x7f0000002340)=""/71, 0x47}, {&(0x7f00000023c0)=""/217, 0xd9}], 0x3, &(0x7f0000002500)=""/43, 0x2b}, 0x268}, {{&(0x7f0000002540)=@alg, 0x80, &(0x7f0000002780)=[{&(0x7f00000025c0)=""/172, 0xac}, {&(0x7f0000002680)=""/250, 0xfa}], 0x2, &(0x7f00000027c0)=""/61, 0x3d}, 0x1}, {{&(0x7f0000002800)=@x25={0x9, @remote}, 0x80, &(0x7f0000003d80)=[{&(0x7f0000002880)=""/236, 0xec}, {&(0x7f0000002980)=""/194, 0xc2}, {&(0x7f0000002a80)=""/155, 0x9b}, {&(0x7f0000002b40)=""/155, 0x9b}, {&(0x7f0000002c00)=""/218, 0xda}, {&(0x7f0000002d00)=""/4096, 0x1000}, {&(0x7f0000003d00)=""/115, 0x73}], 0x7, &(0x7f0000003e00)=""/133, 0x85}, 0x5}], 0x6, 0x2, 0x0) getsockopt$inet6_mreq(r16, 0x29, 0x1f, &(0x7f0000007440)={@empty, 0x0}, 0xfffffffffffffffe) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000007500)={{{@in6=@mcast2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @multicast1}}, 0x0, @in6=@mcast2}}, &(0x7f0000007600)=0xe8) getsockname$packet(0xffffffffffffff9c, &(0x7f0000007640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000007680)=0x14) getsockname$packet(0xffffffffffffff9c, &(0x7f00000076c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000007700)=0x14) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000007800)={0x0, @multicast2, @empty}, &(0x7f0000007840)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000007880)={'team0\x00', 0x0}) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f00000078c0)={@dev, @dev, 0x0}, &(0x7f0000007900)=0xc) getpeername$packet(0xffffffffffffffff, &(0x7f0000007940)={0x11, 0x0, 0x0}, &(0x7f0000007980)=0x14) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f00000083c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20004}, 0xc, &(0x7f0000008380)={&(0x7f0000004a80)=ANY=[@ANYBLOB="bc090000", @ANYRES16=r1, @ANYBLOB="10002cbd7000fbdbdf250300000008000100", @ANYRES32=r2, @ANYBLOB="7001020040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000100004006c6f616462616c616e63650044000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000001400040007000404ff0f00000300067dffffff7f3800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r3, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400030000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="fc01020038000100240001006d636173745f72656a6f696e5f696e74657276616c000000000000000000947bdf2d03000300000008000400010000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400f7ffffff5c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000002c00040001000500260400000700005420000000000008f90800000008000001ff0f0000ff03793f9d00000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b00000008000400ff7f000008000600", @ANYRES32=r8, @ANYBLOB="40000100240001006d6f646500000000000000000000000000000000000000000000000000000000080003000500000010000400726f756e64726f62696e000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400ff0f000008000100", @ANYRES32=r9, @ANYBLOB="f80002003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000100010040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000000000008000600", @ANYRES32=r10, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b00000008000400fc00000008000600", @ANYRES32=r11, @ANYBLOB="bc1e88f0c7276e6deb56282cc69e214aaf33d9ea890ebcee2a08d19e51f522341a7462899bcaf0fd4968a11f124417890380a2e7b508982b49b73e5da4737a7faa376b29621799047b8b", @ANYRES32=r12, @ANYBLOB="440102003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r13, @ANYBLOB="5c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000002c000400800a0101060000000080ea0520000000b28600003f000000050000a540ac000000000109790000003c0001002400014181c50e4feeca00757365725f6c696e6b757000000000000000000000000050cf0000000000000008000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400ff7f000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004000800000008000100", @ANYRES32=r15, @ANYBLOB="f000020038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000500000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32, @ANYBLOB="080007000000000038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400030000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r17, @ANYBLOB="08000100", @ANYRES32=r18, @ANYBLOB="7400020038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400ff01000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000600000008000100", @ANYRES32=r19, @ANYBLOB="6c01020038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400050000003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c00040068617368000000004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400ffffffff3800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r20, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r21, @ANYBLOB="08000100", @ANYRES32=r22, @ANYBLOB="f00002003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r23, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r24, @ANYBLOB="3c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000000c000400030001001624000038000100240001006d636173745f72656a6f696e5f636f756e74000000000000000000000000000008000300030000000800040080000000"], 0x9bc}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r25 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) syz_open_dev$sg(0x0, 0xffffffffffffffff, 0x81) close(r25) 03:54:55 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1192.802554] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1192.823519] binder: undelivered TRANSACTION_ERROR: 29201 03:54:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:55 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x141080, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000000180)={0x0, 0x0, 0x2080}) r3 = open(&(0x7f0000000080)='./file0\x00', 0x4800, 0x0) ioctl$TCSETXW(r3, 0x5435, &(0x7f0000000100)={0x10001, 0x4, [0x0, 0x7fffffff, 0x8000, 0xfffffffffffff801], 0x8}) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:55 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000440)) r1 = syz_open_dev$dmmidi(&(0x7f0000000700)='/dev/dmmidi#\x00', 0x3, 0x440) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000740)) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0xa01, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000780)=0xfffffffffffffffa, 0xfffffffffffffd71) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000580)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000003c0)=0xe8) syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x1, 0x9, &(0x7f0000000480)=[{&(0x7f0000000080)="41d19dd9682fbfa5593b2dfc62b9887619b33c370619f3e132a91006e4fd1e7fe2f9cd8528e73395e5b7f632218a9f635a25927e2518ffd3936a1ab68b1b4db04ecc563b69468b478b1b63a484152f56047a229fa280d2b836cc3e6085e8391cbfa5469e7418626f330c3ea1c12bba2f01a732b7bbf76ad7f42376a16756a8", 0x7f, 0x1f}, {&(0x7f0000000100)="c6485e5cba212298cf0d01c50391b88abe5b0f40f2482d334789363a4e30e89aa8c2575e70b0c80cccfa6dd7530682580953210611fd5f88ebff2a3ee9a2c41f026ffa49cc596a9459f04011132a99361f34677b132b6bbf578f2b303d47616d4f2a23e4a6ca726dd8cc7a229186870e714dd1d354e94a046a0db0e7", 0x7c, 0x3}, {&(0x7f0000000180)="23e171681d7a2e86cd1481e1e2b5974784d92046e614c955b90af6c8", 0x1c, 0xfffffffffffffff8}, {&(0x7f00000001c0)="77d783e4ed4d964ca3aeb6eefb578efcf59d2334cbe0a84c17d77c1fecfc2a0540", 0x21, 0x2}, {&(0x7f0000000200)="702f86b67dc5f316d967741000e92d6577cf4af58bfbc5d1f4b699c5bc7a2cc1fcd18461d6ef17fe309ad796b006231f36030d2575fb85112a34a6c29a8ad5b36e5cd5a72c3742ceb3df2320e24d60", 0x4f, 0x100}, {&(0x7f0000000280)="0413702f797aaf51a5b831b21f85de1eb462f52734767550328ce23daa15cdeb8991bc9e7b330bd6df9365f8", 0x2c, 0x5}, {&(0x7f00000002c0), 0x0, 0x8001}, {&(0x7f0000000300)="1d84ac56b57695ecd0a4b8c70ca4ba5e85fc3fcfedf90f91e4072eed", 0x1c, 0x5}, {&(0x7f0000000340)="9d7d435e56bd930ad0802126f3f8ef4bcea52eb279979e969b5a817a9e0a46e2f4c046b53aefb179cebaf307a751cb39da7066a251d36b9be1bade00cdb99cc8b73af580fae84ea8aa64bb78ee454749aa47112cdfedd48444a9ac5d8318364e6a308c", 0x63, 0xd2e6}], 0x1000004, &(0x7f0000000680)={[{@qnoenforce='qnoenforce'}, {@filestreams='filestreams'}, {@allocsize={'allocsize', 0x3d, [0x77, 0x6f, 0x39, 0x3f]}}, {@mtpt='mtpt'}, {@qnoenforce='qnoenforce'}, {@noattr2='noattr2'}], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@euid_eq={'euid', 0x3d, r3}}]}) [ 1192.934704] binder_alloc: 16871: binder_alloc_buf size 20480 failed, no address space [ 1192.965084] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1192.989823] FAULT_INJECTION: forcing a failure. [ 1192.989823] name failslab, interval 1, probability 0, space 0, times 0 [ 1193.028173] CPU: 1 PID: 16876 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1193.035341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.044889] Call Trace: [ 1193.047599] dump_stack+0x172/0x1f0 [ 1193.051276] should_fail.cold+0xa/0x1b [ 1193.055209] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1193.060350] ? lock_downgrade+0x810/0x810 [ 1193.064532] ? ___might_sleep+0x163/0x280 [ 1193.068719] __should_failslab+0x121/0x190 [ 1193.073165] should_failslab+0x9/0x14 [ 1193.077114] kmem_cache_alloc+0x2b1/0x700 [ 1193.081319] ? lock_downgrade+0x810/0x810 [ 1193.085624] alloc_vfsmnt+0x28/0x780 [ 1193.089377] vfs_kern_mount.part.0+0x2a/0x410 [ 1193.093910] do_mount+0x53e/0x2bc0 [ 1193.097484] ? copy_mount_string+0x40/0x40 [ 1193.101785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1193.107358] ? copy_mount_options+0x280/0x3a0 [ 1193.111894] ksys_mount+0xdb/0x150 [ 1193.115460] __x64_sys_mount+0xbe/0x150 [ 1193.119563] do_syscall_64+0x103/0x610 [ 1193.123663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1193.128968] RIP: 0033:0x45b81a [ 1193.129888] binder: BINDER_SET_CONTEXT_MGR already set [ 1193.132185] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1193.132195] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1193.132211] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1193.132221] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1193.132237] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1193.141453] binder: 16871:16875 ioctl 40046207 0 returned -16 [ 1193.156653] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1193.156664] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:58 executing program 1: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) capset(&(0x7f0000000140)={0x0, r0}, &(0x7f0000000240)={0x0, 0x0, 0x20000000000, 0x0, 0xfffffffffffffffe, 0x4}) r1 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x101, 0x84800) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f00000001c0)=""/116) r2 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)={0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r3 = dup2(r2, r2) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r3, &(0x7f0000000280)="a3e446fb1a861232f2f5aa683f842f5a012da7e1a457b8fed446c353a7e32d702541280d550277549f588a895463db335fb723219679b383a45cb89c093a1e9b63053b7a7ae74777883b35b4310376ed0dc5ef363cd70f836327a64ae58f35ba1b235680b7191c90dc49241c0505d4de2202811e8bc819c10359e977cf1a18d56912684429707ce5b622feda03e2a46f4905495347022ad13ec35639297d9bce297edeb7aca1875736607333026c991cb200666f48eb28625205913190e0217cf19e406b3a557199bd"}, 0x10) 03:54:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev}, {0x2, 0x0, @local}}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f}}, 0x20) write(r0, &(0x7f0000000140)="150000000800080000000000c86b6525000010", 0x11) semget$private(0x0, 0x3, 0xddab12a8c4e04e49) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, 0x0) 03:54:58 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:58 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) syz_mount_image$jfs(&(0x7f0000000080)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000140), 0x0, 0x2}, {&(0x7f0000000180)="dd91ef054e0629651359daba684631ed3a8d69492c97e279bc53c19d8c3dc076ad4852a52fcd81118c36d3a95917cd0e928065917395698ac4ed2f848b5b26cff1fa5b07f72bea10008269adc2334ffdfdcf35215d810ecfe7bd86a1a63a74696346f7ab02e7a64874e2d142ca", 0x6d, 0x4}, {&(0x7f0000000200)="b942b2cf40404e725f1f8c7a1a4d43cdcf8cdd3a82c26c17d746f34e724dcde3c9191eb0733322129430", 0x2a, 0x5}, {&(0x7f0000000240)="952a4d06c220c14c06a53fead41662bec3d754fbce463cef46a36180f2e59404b97f7b4f8e1659540cb5adfbded780b231a580d37e6613eb0a771a28eed0c12c1dbb0848d34ae513869e9f81be1f001027c07db0ae3f7a85b7a0975810dae4ddac0c9e6a14cd3a173e0f651458995a95c4a97f8c5d6f40cad9558978ce064c9c8b9bb07e7f248669e3af5bef2a62ff348301cdfab913f8c03cdb510a9dd6f2a6c2af1848568b0a25792d468528bf67401335a1909942021e73e64307352d4501efc71dd311db3f85efd195d7de9331f3418179d8a13bfd98c82ea1964c72bf65968aec7893", 0xe5, 0x4}, {&(0x7f0000000340)="7246b709034955e18e3b9554261df43cf5934ef4d97e3bbcd3da643a5beafedcea09e1824d8ffc6e9933e24e6c6324c924b8fe5d144b38420247b83e37eef14555dba90a46905304447a4c", 0x4b, 0xfff}, {&(0x7f00000003c0)="42d5097b538361f3ed09b2a37a0692a64d2a2989adc527f93ffc9f344462b17859894037258f694e3eb96b6bed67a9b4a03a208daf9260543ff82b981b05b0189d5b68b42c5178ab766818eb4f19d7469870846efc0772800e97d338466723c7e5b4323f6cb5ecb88d0dc52b9fbae881d59a638dd698ee6896e60bd8752e0e6d6a7949fb6b54", 0x86}, {&(0x7f0000000480)="7f59dce368847095af687c46657fdd2a83c2fe75530dafab4b941466d7c121fcdde655cf204ed9a81898fa36137117a7793de2f4144ad74b3cfec8a4231ac37117f1cf02a965f84375809eafc54d44d3950cc9289503df40dcfd7af5649066514e72400fe38c789075a6d7cbb2083f89", 0x70, 0xa6}], 0x8008, &(0x7f00000005c0)={[{@quota='quota'}, {@errors_remount='errors=remount-ro'}, {@nointegrity='nointegrity'}, {@nointegrity='nointegrity'}, {@nointegrity='nointegrity'}, {@integrity='integrity'}, {@nointegrity='nointegrity'}, {@nodiscard='nodiscard'}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'mime_type/{'}}, {@seclabel='seclabel'}, {@pcr={'pcr', 0x3d, 0x2b}}, {@measure='measure'}]}) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:58 executing program 2 (fault-call:2 fault-nth:45): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1195.639770] binder_transaction: 20 callbacks suppressed [ 1195.639789] binder: 16896:16900 transaction failed 29201/-28, size 12288-12288 line 2970 [ 1195.653432] binder: 16895:16899 transaction failed 29201/-28, size 432345564227567616-12288 line 2970 [ 1195.687942] FAULT_INJECTION: forcing a failure. [ 1195.687942] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1195.727267] binder: 16896:16900 transaction failed 29201/-28, size 12288-12288 line 2970 [ 1195.742858] CPU: 1 PID: 16898 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1195.749861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1195.759269] Call Trace: [ 1195.761993] dump_stack+0x172/0x1f0 [ 1195.765660] should_fail.cold+0xa/0x1b [ 1195.769592] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1195.774723] ? ___might_sleep+0x163/0x280 [ 1195.778894] ? __might_sleep+0x95/0x190 [ 1195.782895] __alloc_pages_nodemask+0x1ee/0x760 [ 1195.787590] ? check_preemption_disabled+0x48/0x290 [ 1195.792663] ? __alloc_pages_slowpath+0x2870/0x2870 [ 1195.797732] ? rcu_read_lock_sched_held+0x110/0x130 [ 1195.802781] ? __alloc_pages_nodemask+0x63e/0x760 [ 1195.807653] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1195.807671] ? pcpu_alloc+0x144/0x12d0 [ 1195.807686] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1195.807706] alloc_pages_current+0x107/0x210 [ 1195.807736] get_zeroed_page+0x14/0x50 [ 1195.807752] selinux_sb_copy_data+0x2a/0x4a0 [ 1195.807770] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 03:54:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev}, {0x2, 0x0, @local}}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f}}, 0x20) write(r0, &(0x7f0000000140)="150000000800080000000000c86b6525000010", 0x11) semget$private(0x0, 0x3, 0xddab12a8c4e04e49) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, 0x0) 03:54:58 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) recvmmsg(r0, &(0x7f0000007640)=[{{&(0x7f0000000100)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, &(0x7f0000001180)=""/226, 0xe2}, 0x2}, {{&(0x7f0000001280)=@xdp, 0x80, &(0x7f0000002680)=[{&(0x7f0000001300)=""/99, 0x63}, {&(0x7f0000001380)=""/127, 0x7f}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/101, 0x65}, {&(0x7f0000002480)=""/132, 0x84}, {&(0x7f0000002540)=""/141, 0x8d}, {&(0x7f0000002600)=""/119, 0x77}], 0x7, &(0x7f0000002700)=""/45, 0x2d}, 0x3f}, {{&(0x7f0000002740)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000002800)=[{&(0x7f00000027c0)=""/30, 0x1e}], 0x1}, 0x100000001}, {{&(0x7f0000002840)=@hci, 0x80, &(0x7f0000002e40)=[{&(0x7f00000028c0)=""/27, 0x1b}, {&(0x7f0000002900)=""/43, 0x2b}, {&(0x7f0000002940)=""/170, 0xaa}, {&(0x7f0000002a00)=""/184, 0xb8}, {&(0x7f0000002ac0)=""/67, 0x43}, {&(0x7f0000003f00)=""/4096, 0x1000}, {&(0x7f0000002b40)=""/209, 0xd1}, {&(0x7f0000002c40)=""/225, 0xe1}, {&(0x7f0000002d40)=""/238, 0xee}], 0x9, &(0x7f0000004f00)=""/4096, 0x1000}, 0xff8}, {{&(0x7f0000005f00)=@nl, 0x80, &(0x7f0000006240)=[{&(0x7f0000005f80)=""/165, 0xa5}, {&(0x7f0000006040)=""/77, 0x4d}, {&(0x7f00000060c0)=""/174, 0xae}, {&(0x7f0000006180)=""/80, 0x50}, {&(0x7f0000006200)}], 0x5, &(0x7f00000062c0)=""/124, 0x7c}, 0x9}, {{&(0x7f0000006340)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f00000075c0)=[{&(0x7f00000063c0)=""/77, 0x4d}, {&(0x7f0000006440)=""/110, 0x6e}, {&(0x7f00000064c0)=""/61, 0x3d}, {&(0x7f0000006500)=""/169, 0xa9}, {&(0x7f00000065c0)=""/4096, 0x1000}], 0x5}, 0x6}], 0x6, 0x2, &(0x7f00000077c0)={0x0, 0x989680}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0xfffffffffffffffe) r1 = userfaultfd(0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x6000, 0x100) ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) [ 1195.807792] security_sb_copy_data+0x71/0xb0 [ 1195.807811] mount_fs+0x236/0x331 [ 1195.807832] vfs_kern_mount.part.0+0x6f/0x410 [ 1195.822858] do_mount+0x53e/0x2bc0 [ 1195.822882] ? copy_mount_string+0x40/0x40 [ 1195.861283] ? _copy_from_user+0xdd/0x150 [ 1195.865458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1195.871031] ? copy_mount_options+0x280/0x3a0 [ 1195.875553] ksys_mount+0xdb/0x150 [ 1195.879114] __x64_sys_mount+0xbe/0x150 [ 1195.883117] do_syscall_64+0x103/0x610 [ 1195.887219] entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:54:58 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1195.892426] RIP: 0033:0x45b81a [ 1195.895634] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1195.914565] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1195.922328] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1195.929634] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:54:58 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="7e1b039b4a81ae7f22f9b7b71800000000970300599339b7cd09ca", 0xfffffffffffffdf8) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0xab7, 0x410000) accept4$nfc_llcp(r1, &(0x7f0000000200), &(0x7f0000000280)=0x1d, 0x0) r2 = accept$alg(r0, 0x0, 0x0) recvfrom(r2, &(0x7f00000002c0)=""/4096, 0xc82, 0x0, 0x0, 0x0) 03:54:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1195.929644] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1195.929651] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1195.929659] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:58 executing program 1: clock_gettime(0xeffffffefffffff9, &(0x7f0000000040)) r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x8, 0x581680) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'syzkaller1\x00', 0x6}) rt_sigreturn() 03:54:58 executing program 2 (fault-call:2 fault-nth:46): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev}, {0x2, 0x0, @local}}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f}}, 0x20) write(r0, &(0x7f0000000140)="150000000800080000000000c86b6525000010", 0x11) semget$private(0x0, 0x3, 0xddab12a8c4e04e49) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, 0x0) [ 1196.089000] binder: 16926:16927 transaction failed 29201/-28, size 504403158265495552-12288 line 2970 [ 1196.089699] binder: 16933:16935 transaction failed 29201/-28, size 16128-12288 line 2970 03:54:58 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1196.150359] binder: 16926:16927 transaction failed 29201/-28, size 504403158265495552-12288 line 2970 03:54:58 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x1, 0x2) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xe) setrlimit(0x40000000000008, &(0x7f0000000040)={0x484b, 0xfffffffffffff001}) capset(&(0x7f00000000c0)={0x100000019980330}, &(0x7f0000000140)) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x400400, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000080)={0x0, r2, 0x6, 0x7f, 0x10001, 0x401}) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) mlock(&(0x7f0000ff0000/0x10000)=nil, 0x10000) [ 1196.204989] FAULT_INJECTION: forcing a failure. [ 1196.204989] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.222660] CPU: 1 PID: 16947 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1196.229657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1196.239123] Call Trace: [ 1196.241762] dump_stack+0x172/0x1f0 [ 1196.245430] should_fail.cold+0xa/0x1b [ 1196.249353] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1196.254605] ? lock_downgrade+0x810/0x810 [ 1196.258791] ? ___might_sleep+0x163/0x280 [ 1196.262966] __should_failslab+0x121/0x190 [ 1196.267240] should_failslab+0x9/0x14 [ 1196.271079] kmem_cache_alloc+0x2b1/0x700 [ 1196.275264] ? trace_hardirqs_on+0x67/0x230 [ 1196.279703] ? kasan_check_read+0x11/0x20 [ 1196.283895] getname_kernel+0x53/0x370 [ 1196.287825] kern_path+0x20/0x40 [ 1196.291315] lookup_bdev.part.0+0x7b/0x1b0 [ 1196.295592] ? blkdev_open+0x290/0x290 [ 1196.299510] ? __free_pages+0x72/0xb0 03:54:59 executing program 1: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000080)="2400000020002551071c0165ff00fc020200000000100f000ee1000c08000b0000600000", 0x24) tee(r0, r0, 0x6, 0x1) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={'nr0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1c}}}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000040)=[@in6={0xa, 0x4e21, 0x3, @ipv4={[], [], @remote}}, @in={0x2, 0x4e21, @multicast2}], 0x2c) [ 1196.303370] blkdev_get_by_path+0x81/0x130 [ 1196.307738] mount_bdev+0x5d/0x3c0 [ 1196.311312] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1196.316462] ext4_mount+0x35/0x40 [ 1196.319953] mount_fs+0xae/0x331 [ 1196.323360] vfs_kern_mount.part.0+0x6f/0x410 [ 1196.327918] do_mount+0x53e/0x2bc0 [ 1196.331499] ? copy_mount_string+0x40/0x40 [ 1196.335855] ? _copy_from_user+0xdd/0x150 [ 1196.340496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.346069] ? copy_mount_options+0x280/0x3a0 [ 1196.350606] ksys_mount+0xdb/0x150 03:54:59 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x9) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) sendto$inet(r0, &(0x7f0000000100)="c8e57c24ca62911037c596abd3cfb7", 0xf, 0x8080, &(0x7f0000000140)={0x2, 0x4e22, @remote}, 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1196.354361] __x64_sys_mount+0xbe/0x150 [ 1196.358378] do_syscall_64+0x103/0x610 [ 1196.362307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1196.367529] RIP: 0033:0x45b81a [ 1196.370923] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1196.390115] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1196.398343] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a 03:54:59 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:54:59 executing program 4: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x80, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000001100)={0x14, 0x1000, &(0x7f0000000100)="2919d404381e28bbfec8ffa4f4c32420c3ca14aede4fcf559cca213115644867f10dd8f29198a05038ca5b9057abc4bccfbbad49a61d06b2e2222a99599f8a13194d007ffcfe0e6b68a72470b2e4307333069c912a7c82e79e0a7a75f21da9c8ec000437e7810f4c0b646b4d1cfa76872d5017d3d42f0e7ad9dc322d05167e0f7d59d819ebef99271a9821e0d4a8126d54595da4bdf0286edc1aad03b22003a57e5d65ba71356679267ebe813b4da306540f54bcc627ffbbd5fc9133e388af7a015e1402a1b752b4bd448ce904b177fdce47dfce50ee8194d0f296c5df8bb9930fcf09fcbc56493484aebe8e5aec300b91301f252d40872be32a9b63f167e00441ef1f13befb8142947fc9b1e53e686c6a92bf39b8763050389762d6b2ae143db768ad2efc39c17e3cc81b12e82e45df876e83ac748c081195d5f63395e0f90f5e3d60c8861be3af49ddfe03aa0da7540e756d86ae82e865536521aab1df92b0b096a7ee98daf532455e08edef566551a89b1d1b3988f58b63c7260a48b0332d55361a376091aea03d22e75f77094c3f976de02f508ba5370c01295ada615905f4752887943c0c2b0a279b5c83d51abb6c18dfcf37a561f24e5b89cccff3e0c3327e76729ca182f57ab85b863ca35983429ce884ebd632b0784d97c9983dea47abcffce989b6dea7386409ffe7c7ece712ad0102df13eb36eb4ad8c63c5ea0870894152b2cca686b2abdc6acc7e305da36c4aa9cc11a945ff87700e2935499abd4ded1fd8dd44a28838da62bbc2fd3df9f4879e5f492e4954df464eb5d7b2b8efb177faae974cdde01b89ca5ce99df9b68af575078d8f8811a01d3b8c21190d06ee37aa5a5d63ee72e530a156ed600557ac445863d672f91fd668f1d5137be565e818daeb4dad92d56bf577eb50c6c02e80280c054674390c267bc41fe011d658c98eddd2d5ef60dde3071db3e0ad48d0c910652031724ab36859d8d792d9d06bb704fc75146f26c57b9a8a5c6457b0d134a524aa2ab1c5cd1ade6609cbbb3d7dd1bb5d37385fe4c49992d6b71aaaa3ea10874badab225bbc1e667bb20eb6d6b4578677338468d11b4a9cb1414df65f5975d50db532c863d67bbf1aa35765d06384bc74b5414cf51a4846005930a5267f3b4ad22eb0e691a1b195385b675c2e2aea944353b3dc769430b82bed78e87bcbf1b3cadea719fb0099c1b8d0daf9d218a87c2154cf91b8c00e3b3b9f72b7dfa632d1d321cd626767e9129bdc48313b7be28f341bffee56c591878774b961745c4e22e013bbdeb6e034cf3ed5faf1bcb3f48ca07dc38178c6dc16a674ea6562cdafa1e9b6016c44a7300da23bbd1bb8524b37f9e2df84a69093e728ce4de7f45a1d88c894f46d255337ec3f056fa73d0442d82b2db504c597fb90c5d6ae9fa4a44be4b055f19bc0b4e72f407cdcbb09fb3c98f08f6e7de2fe35d42eb903aa6da8324489f199939dc6c3d769b07f4a397740dcfec7dd52100f6c3422d4d8efaa0a220cfb32286c5479e3b4df8427e52fd36ef9e37d9c9b6a27e24183a4da35dd590afab24492673b2b31cd1be1d78168f50d546697852dcc96ecf49e3711389d4e63523842fe059130300c6460e90d652d9342aaa0766ffaa0324bce6ec9762b3ff370de7d3a3933260be03d6f27625135d448d1775089bed279ff1c1873e4a837a979942e0d4b9318e41792d79de77c40f55a0c4729efdf29d7d1649f9bb273649693abd065c8a48cf985bc4c4a235ddc72f874163287428148bfc79fdc2fc5bd2c5eed6191fe00ec13bfa0b5e874e87e2319c796356269b3bbf4e3211a158bc30ba1b93201b9214b481ebbb182e41624bd3eb99e50b05909514e33ce18202b6e2c65872989932f3addc23dfe80065d7bb58f4433821d30fe1cca7bea3edbcf305aaa978e9fe847789e6e03926ba0ea24ef823e36ad637275c7e30e69e826dadeca0b09995fe9043855f7a7e5ace1ac21fad807799ff32fd9864065a5160f8c906865716b971811ac357aa735caf7a105c446c48249a0dd73ee27cdb657a33e52e9af2788815b9a48a422dff702560d50b3cace53cfb61ba1541fa7058f7d9daf22d87bc9b99147c83c73bdacc0d72e55e3daaf9bbebc9e3604810a75adce8fac0f530c3fe4e97777407795b28188d3ca49dcccb0f30ab4ecf2ba349b2b4b3298101cdfc9027a09a9b16e30904cd277c70b059498b6a859b53260dcf9a9773e33bd85c3be0b760390e59053936545246e4647934c2e4f3b1acba3a8ec8e34baa96075d535cf52c2181d5d3748a548c70bd95b3a060c82d68d4ccd17174cc9592c796973c7ca3b2a365d21938da411ae2bbbc8d2e6fb7ff8707c78dc70d556fbde2ef61a2fe5e46d139e65d48d8a35d2fb8a4bd30e06f13003edc92f816b9840ac00868b56f984dc1f310a199537b0983ba74036acb64de2874d3269e12fafa460a2ec0dcc6950f65bbdb8808012f49b20f1dd78f239a4318a140ad27722ec0721c6c257e9d4f1e29a1641f031e80ef453e4d0ca6cc993bbe1766c9009a739c08d33ddfaca0c9623a8f49591d282979c37e21c63f9a8d1a3d18b15fdcc52b0371e6aa6d5fa615b25434aeead272cf753b12c219bf6455e075c40bd302fc33af250bd33b9353a3f3b4eda7c69916166a2edc3280c1aa839067e0d008e516e210bd2ad928d3bbf2dce2e9c087ea9fb52fe066b2307c47823448b8490ffbbbdcf8fca9142e26c7a1aaad642aa776c8732d2b15d73299c3d16e289de0a50136959763da611da72f65e79de61f15b8b2255cd302e3ebd38ca6c0a94024f6401bc129f6246b0e99695ba86488ee52806d2cbc19f48aa65adbf893a8c9c136da69f9f84f3867349100a4b406704bb30ad6ec3e1db689b54919aa275c0c1e3f847d51661ddf31c695bc853ec50144653926fa48a74480221ba70183777c8abab21401046cf006dd61d8ae0a9e05538c2be9371162ae90a3294a6ff9139d445645af5bc935304385170efbcd547c3e66fc1b8a6f53c2d89e4bc4fff1c3e090f0784ec940eb30aa2e10e94a1d2b7ec4da0db23d5f816e8322b43e408e2f09f78f228113996ab8c3ed1034a8bb43a2be83454f0e23dc612248f10abb5257679eb96f59141ec332732b8f8eeff2effd71552f55c30554f98d017d705ccdbc69b890898547b82369991f68763f4a267c5a5dd08235a3e5b3b2997e5068e3af2c15b660d5dce99f09552da4b922cacc8e270a0e7ec729b1f4f698140113a5f3e30244cac35bf7ff251f3f24e2676c1a6caeb7930086d42192e39b91f99aaeb39928e27734204153d6055ce9b1b7673f530593bbe15db3148ac89500fb1cc7abdeb27bff5aaaa92dced30f417968999b78bc4874c69ea108833dea52b14abae4ba453f006fb7924390a2843f14263a810c3aae18a2c78dbe0df7e9c89e038836dddda09f38b6ae452cdbe3c8c9f195c3def4c902f1f64eac2cd1835165141d804e75c18079fe332faf9cb69c94fe6f40fe2d38cf86c443faf5b235d5121e57d3c006576b116681302d2161bd704c3fb67cf0a22f3fb4281ed6991667ebab87026f8b5518ad7a324cf9e1d86120fb1547dad38c7fd30207ff763ceff176274a68ad332840a4152b0313119ec779e9b08b12f9baf6ef202ef9e210f2cccba210ac3f62eed3542a7df98da17c05eda2ff37a1eba950a3f03a35dd7d5f37e1445f30008adffcb5d9acec7bbe5a95a5b02237f792bc51eb98c760b7841d29eca0c4a5b9b841c5c52dbc813a49d2a6d8f010bc281f7f65fbb85fd7c3b3be2c41989eb60cc7ecc219a7347ec5ea59c277a8a28d8a6a098ad649185dd6d0052d37c3043207353a785ebb2c7ef0b2e9914d336999bfb471dc0ae852f6074ee77a9c86c150d1eea68699c6b073a523c21e20304ad5979a1309a971e7efb44fd5a0fdfe7c48ad0c122442d91ee0e2c4aa4b0fa6ee29c1f3d1a426d057936f42d2e31c73527de69342e594f1c63972a1cb7de1681648d902627e04a96a2491148f0e2447a51944a283403ea84498930279690b15c98d069c327009f70f30ab261fcc6dd0512b4d584c7f2c8d8f438b0b22185aac11ed580a995dc4de8aa1e314d35ba84aa306393b5d80ade298ec7ff6a9ff9058bb3154714b414c9a4f4e64d5dbcb4186a3a9e40b96b3853c0b35dc1f9c6fe4a8d7f2bba083cd1fcdbbbe475aeb54de3e548040056963348077e630e6117e96d15e7def50a90117ffc4b0bbda059adc081723dffeb5e1949d2be3988c8dfca1d608ce8a7f07484d2685bd6b8eeb6122a96628b338394cbf58b614cb97189f9293c15b3c770f041b90854bb1651510602c273c9f82734aa35a00063025df67e18cb351aa1e62c9a9d7ecbbeca777dd9c393bd74f306e74e485da9746f3d2ff5b63fd220ae7d2c2f467c71a32aa696414921838185bb4e0eb3c440812848840c883182bfed9d81f82348d067f7afd983fa414be21814b3d73efe29db282db4c4559d6b6fff4324da1dbdc7afd72c374a2a104fa9342459f6bc993dcefe0dbc86e40bd45958d5c3aa4c072e9b23c577eb443d9d77c9b9d38a6ccba377da1ef900501764b13fd5655fcfce02e6b4e0ffd1e5b76173530156e2ed380fefa8d81dd8aecc440435f64b19af374ef9757b8ce943f8d1495764120ef82a54aa8c4516209c436f192bdc21096d7b58ce4d0c5506296c6c99076f06dc0470f75fe9bf76343c9c6e6f1115f7e32f550085518a07ceda2dc844051a4fc8f594b91deafc6970de70fd371623a17e5cc748fe71c93cffed8acab2e1d0b149c1247a9dedcf6780b02bcd92ce9ffdbb142cfb44be467a5b31b00ffbf41be6c11486effa84af8de0056edeec183ff4fe7dd1373b24290ff94ea731a58823471f5e574707c77dbce896b2e0a96c6b34e977bfa3f030fad4899bf6c0b9de10c89c83403fdf5d454b12bc63131e215f86117316d9e4b50fd98dba907b086707d033894e86025144e9f55da8ccb88807261097d21e5d4d559c2642e96a94cda12e9eea529510e33c79d776b3249b5184361eeab41eca493192fa15d4577f6fc21f7900dbee673f54e5b21c114b5193978076d84f8ca500335d36b5beca6e5a7f2f31b5ed9e995e3144153f57167034799f2231517b620ca10e940740fc20baaaffa6f9be04027ffbc2563c033e8223e2226a5225ef90ef4ec56a5333e5b5b9f33a236b149ffda2a4b4831666cab1d220a6844fe035aa71f2895173c2d3c1f2ff7e4d4c1755a668541ec63910d7e012b4529d8bcffa61ae6dbef61a2a447654ba69f8adc830cc48b4f75cbb1eb6be476018ebd553a8378f26c94563f8552b22d526c50f9cf2020269d42f2b15f07a5b9bd1fdf150fe6d2e888f14059d4200dce20de2b9d5a11c5af9ec70322732b37a814b7aa608fdb8d65b27be05043afe45251ea2da8e2be8e94241e3117a959744d521df3713c2a3482f26db698d849e62fa8a6daed82f258d1e0c0bf309c300549588ce78f4d70404eb1a881e00a07dd45688975c860bf7b712d19ad7765a280ceba45d22528c410ec501ebc298ac45f13ace26db4985c940657301f6c1a306cba1d669886ba9e177aa639eb0eebadfcc21e9ac28f90e2096eb7357c260f9e9f5a46dcb149505d76fa5540c40f3d3c9b0c3fe13b2065de82105fe7f11e7bd030652757e15a90cff12b300390ccb0abaca3e213d72c55e3cd70d06deb442e46d5b27d3a49646d8262b026312d65ccb889d92ab20454858c5dadb7125c6f646be6c11cb75925dc5d"}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) keyctl$session_to_parent(0x12) r2 = accept$alg(r1, 0x0, 0x0) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1196.405647] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1196.412949] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1196.420254] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1196.427671] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:54:59 executing program 1: r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000100)) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="726177000000000000f1180400000000000000000000000000000000000000000400"/104], 0x68) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x8912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_emit_ethernet(0x65, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa8baabb86000000000040000000000000aa788000000000000000000000000000aa2c000000fbf6727bcec4833a48a1575dc4a758dc4165da443d6e88c2c7254cf7547b646d43b2bf5f1a84108b52505d0da76a00d014839ab903f3fcae66f1a317b79094b83fbd87957d6b9697346039467f2b42f014114bc82ba369debf9c60635945e9a89f76", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="69d8dd0a7465bd682380a798f5"], 0x0) [ 1196.457355] binder: 16933:16935 transaction failed 29201/-28, size 16128-12288 line 2970 03:54:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev}, {0x2, 0x0, @local}}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f}}, 0x20) write(r0, &(0x7f0000000140)="150000000800080000000000c86b6525000010", 0x11) semget$private(0x0, 0x3, 0xddab12a8c4e04e49) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, 0x0) [ 1196.547909] binder: 16969:16971 transaction failed 29201/-28, size 720575940379279360-12288 line 2970 03:54:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:59 executing program 2 (fault-call:2 fault-nth:47): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:54:59 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a933d559166593ae164c990a0", 0x10b) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1196.595632] binder: 16969:16971 transaction failed 29201/-28, size 720575940379279360-12288 line 2970 03:54:59 executing program 1: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @loopback, @remote}, &(0x7f0000000100)=0xc) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000080)={'br?\xf8\xe2\x04w5^\xfa\x00\x00\x00\x00\x00?', &(0x7f0000000000)=ANY=[@ANYBLOB="0d0000000000000000c07000000000000200000000000000f7ff00"/36]}) [ 1196.690831] binder_alloc_new_buf_locked: 10 callbacks suppressed [ 1196.690842] binder_alloc: 16985: binder_alloc_buf size 28672 failed, no address space [ 1196.730243] FAULT_INJECTION: forcing a failure. 03:54:59 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1196.730243] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.756977] binder_alloc_new_buf_locked: 10 callbacks suppressed [ 1196.756993] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1196.763233] binder: 16985:16986 transaction failed 29201/-28, size 16384-12288 line 2970 03:54:59 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x40b5, 0x5, 0x8, 0x6741, 0x3, 0x400}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f00000013c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}]}}) [ 1196.793222] CPU: 1 PID: 16989 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1196.800222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1196.809638] Call Trace: [ 1196.812264] dump_stack+0x172/0x1f0 [ 1196.815967] should_fail.cold+0xa/0x1b [ 1196.819885] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1196.825012] ? lock_downgrade+0x810/0x810 [ 1196.829203] ? ___might_sleep+0x163/0x280 [ 1196.833383] __should_failslab+0x121/0x190 [ 1196.837642] should_failslab+0x9/0x14 [ 1196.841462] __kmalloc+0x2e5/0x750 [ 1196.845030] ? __list_lru_init+0xd5/0x6e0 [ 1196.849203] __list_lru_init+0xd5/0x6e0 [ 1196.853216] sget_userns+0x81e/0xd30 [ 1196.855569] binder: BINDER_SET_CONTEXT_MGR already set [ 1196.857032] ? kill_litter_super+0x60/0x60 [ 1196.857052] ? ns_test_super+0x50/0x50 [ 1196.857069] ? ns_test_super+0x50/0x50 [ 1196.857081] ? kill_litter_super+0x60/0x60 [ 1196.857094] sget+0x10c/0x150 [ 1196.857113] mount_bdev+0xff/0x3c0 [ 1196.857131] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1196.857160] ext4_mount+0x35/0x40 [ 1196.857183] mount_fs+0xae/0x331 [ 1196.864458] binder_alloc: 16985: binder_alloc_buf size 28672 failed, no address space [ 1196.866738] vfs_kern_mount.part.0+0x6f/0x410 [ 1196.866759] do_mount+0x53e/0x2bc0 [ 1196.866780] ? copy_mount_string+0x40/0x40 [ 1196.866799] ? _copy_from_user+0xdd/0x150 [ 1196.866821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1196.866836] ? copy_mount_options+0x280/0x3a0 [ 1196.866856] ksys_mount+0xdb/0x150 [ 1196.866880] __x64_sys_mount+0xbe/0x150 [ 1196.881393] binder: 16985:16986 ioctl 40046207 0 returned -16 [ 1196.882011] do_syscall_64+0x103/0x610 [ 1196.882034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1196.901424] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1196.905504] RIP: 0033:0x45b81a [ 1196.905521] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1196.905530] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:54:59 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus640\x00'}, 0xffffffffffffffb4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:54:59 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000400)={'\x00\x00\x00\b\x00\x00g\x00', 0x20000005005}) r1 = fcntl$dupfd(r0, 0x0, r0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="330000000600000000000000000000000000000000000000000000000a0000000000000073656c66776c686e312700"], 0x33) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0xff00) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="3210e05ca40757f7aa8ce91b494e54b6928aeb2814b42ac02021a65634b6b5057064075d092b5a6bf93d5394a1b6e7cecdb70b2711da87fd02f506e8a9f3ee5c9fa1c64a52910b9bba5f4871e0d0dea3fed71a1966667fe860cad9c38b0c12ffd7", 0xfd6a) r3 = accept$alg(r2, 0x0, 0x0) recvfrom(r3, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1196.905548] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1196.905558] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1196.905567] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1196.905575] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1196.905590] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1196.976408] binder_alloc: 16985: binder_alloc_buf size 1297036692682715136 failed, no address space [ 1197.047836] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1197.058733] binder_release_work: 14 callbacks suppressed [ 1197.058740] binder: undelivered TRANSACTION_ERROR: 29201 03:54:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:54:59 executing program 2 (fault-call:2 fault-nth:48): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1197.124773] binder: undelivered TRANSACTION_ERROR: 29201 03:54:59 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000040)=ANY=[@ANYPTR64=&(0x7f0000000200)=ANY=[@ANYBLOB="88916657a4098f97c7d401ef5668ec38e29d16347d24c78d79e7f5b8d1ab5b6218b475032cda53b08d5658a81b2dd08ac2ceee0ebce5ef5126cd7fcad6ee72f6a03562236b6511f25f", @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYBLOB="f99e3629251602d15f2dde39065772519e3e7534bb8f5f4dd040707dd96e2b9a9e6391dc05bdc81a5f3ad4783745fb424ff332709f057c3c74574c7ec3e072a618c6afb4cacefe9e9a8b0f9bbbb9fd5412a2b28cc0fb64048d4329eba1a218c996342fb683ed6f2fabd69a008f48d001d554ef5104a263817ea9e90e01c35627bbbf65fc8343910641381eb8dfbda1c5623526525348d5cea0553457db", @ANYPTR64, @ANYPTR64], @ANYRESDEC=r0, @ANYRES16=r0]]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc0c0583b, 0x20000001) 03:54:59 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x400, 0x1) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f00000003c0)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(r1, 0x29, 0x1f, &(0x7f00000000c0)=""/150, &(0x7f0000000000)=0x96) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000002900)='/dev/null\x00', 0x80000, 0x0) preadv(r2, &(0x7f0000002700)=[{&(0x7f0000000480)=""/148, 0x94}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000000380)=""/45, 0x2d}, {&(0x7f0000001540)=""/149, 0x95}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/204, 0xcc}], 0x6, 0x0) r3 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) r4 = signalfd4(r3, &(0x7f0000000140)={0x6}, 0x8, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f00000002c0)=0xc) fcntl$setownex(r4, 0xf, &(0x7f0000000340)={0x2, r5}) r6 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) r7 = socket$inet6(0xa, 0x400000000001, 0x0) r8 = dup(r7) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r7) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000300)={0x2, &(0x7f0000000240)=[{0x1000, 0x0, 0x9, 0x9}, {0x100000000, 0x80000001, 0xc6000000, 0x10000}]}, 0x8) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000280)=0x7f, 0x4) ioctl$sock_netrom_SIOCDELRT(r6, 0x890c, &(0x7f0000002780)={0x1, @default, @netrom={'nr', 0x0}, 0x2e55, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x15876230, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r9 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r9, 0x2007fff) sendfile(r8, r9, 0x0, 0x8000fffffffe) ioctl$VIDIOC_ENUMAUDOUT(r6, 0xc0345642, &(0x7f0000000400)={0xe72, "8b4871a8f6f245b3074a1750527b787f2a12e992939a259eac8450e472ce1ef9", 0x3, 0x1}) 03:54:59 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) socket$bt_bnep(0x1f, 0x3, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="b708298a345317490463ebbc933d559166593ae164c990a0c77362a21c63702fe937bb4f7f0e9805667a9866618110911fcfdda7c1dce18abb577326a0a0999cf6ae7aeb6dc25683cb7957630e12710cd4ff1775449978b2d3e6214c63a9f1bfbabc8fbb401eadccfe09b81ac5d3a07ef507e958d8ba408b99f3273c174930ec95c812e1", 0xfffffffffffffca2) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1197.223994] binder: undelivered TRANSACTION_ERROR: 29189 [ 1197.253200] binder_alloc: 17020: binder_alloc_buf size 30720 failed, no address space [ 1197.262266] FAULT_INJECTION: forcing a failure. [ 1197.262266] name failslab, interval 1, probability 0, space 0, times 0 [ 1197.271157] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1197.346859] CPU: 0 PID: 17023 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1197.354027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1197.363413] Call Trace: [ 1197.366032] dump_stack+0x172/0x1f0 [ 1197.369732] should_fail.cold+0xa/0x1b [ 1197.373656] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1197.380317] ? lock_downgrade+0x810/0x810 [ 1197.384495] ? ___might_sleep+0x163/0x280 [ 1197.388675] __should_failslab+0x121/0x190 [ 1197.392940] should_failslab+0x9/0x14 [ 1197.396765] kmem_cache_alloc_trace+0x2cf/0x760 [ 1197.401465] ? lock_acquire+0x16f/0x3f0 [ 1197.405597] selinux_sb_alloc_security+0x46/0x220 [ 1197.410473] security_sb_alloc+0x69/0xb0 [ 1197.414559] ? kill_litter_super+0x60/0x60 [ 1197.419012] sget_userns+0x210/0xd30 [ 1197.422840] ? kill_litter_super+0x60/0x60 [ 1197.427111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.432855] ? ns_test_super+0x50/0x50 [ 1197.436791] ? ns_test_super+0x50/0x50 [ 1197.440741] ? kill_litter_super+0x60/0x60 [ 1197.445008] sget+0x10c/0x150 [ 1197.448140] mount_bdev+0xff/0x3c0 [ 1197.451714] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1197.454210] binder_alloc: 17020: binder_alloc_buf size 2305843009213706240 failed, no address space [ 1197.456850] ext4_mount+0x35/0x40 [ 1197.456892] mount_fs+0xae/0x331 [ 1197.456913] vfs_kern_mount.part.0+0x6f/0x410 [ 1197.456936] do_mount+0x53e/0x2bc0 [ 1197.471251] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1197.473443] ? copy_mount_string+0x40/0x40 [ 1197.473464] ? _copy_from_user+0xdd/0x150 [ 1197.473487] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.473506] ? copy_mount_options+0x280/0x3a0 [ 1197.505748] binder: undelivered TRANSACTION_ERROR: 29201 [ 1197.509721] ksys_mount+0xdb/0x150 [ 1197.509741] __x64_sys_mount+0xbe/0x150 [ 1197.509762] do_syscall_64+0x103/0x610 [ 1197.509782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1197.509794] RIP: 0033:0x45b81a 03:55:00 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x200, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x2985, 0x400, 0x8, 0x81}, {0x6, 0x25, 0x6, 0x80000000}, {0x3, 0x7fffffff, 0x9}, {0x3, 0xfffffffffffffc00, 0x3, 0x9}, {0x101, 0x9, 0x10001, 0x80000000}]}, 0x10) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x4) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:55:00 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000025c0)=0x204, 0x4) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000003c0)={0x1, 0x100000000, 0x1, 0x9, 0x1, [{0x8000, 0xc6, 0x4, 0x0, 0x0, 0x200}]}) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x200000000004e23}, 0x10) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f0000000300)=""/187) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf011, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video36\x00', 0x2, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x3, 0x990001}) [ 1197.509811] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1197.509820] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1197.509836] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1197.509851] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1197.528325] binder_alloc: 17020: binder_alloc_buf size 2305843009213706240 failed, no address space [ 1197.532060] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 03:55:00 executing program 1: r0 = socket$inet(0x2, 0x200000003, 0x3) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x1, 0x170, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, 0x0, &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'n*0Ek\x88k\xc2\x16[A\xfei\x00', 'yam0\x00', 'yam0\x00', 'lo\x00', @link_local, [], @link_local, [], 0xb0, 0xb0, 0xe0, [@quota={'quota\x00', 0x18}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}]}, 0x1e8) 03:55:00 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1197.532070] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1197.532077] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1197.548195] binder: undelivered TRANSACTION_ERROR: 29201 [ 1197.570005] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1197.576419] binder: BINDER_SET_CONTEXT_MGR already set 03:55:00 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x10200, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0x40405515, &(0x7f00000003c0)={0x2, 0x0, 0x20, 0x0, 'syz1\x00', 0x3ff}) getsockopt$inet_dccp_buf(r2, 0x21, 0x8d, &(0x7f0000000100)=""/196, &(0x7f0000000200)=0xc4) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xe}}}, 0x100, 0xf5}, &(0x7f0000000300)=0x90) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000340)={r3, 0x25c}, &(0x7f0000000380)=0x8) 03:55:00 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/pfkey\x00', 0xc00, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) fchdir(r0) unshare(0x8020000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x33be, 0x5}, 0x0, 0x3, 0x9, {0x7, 0x1ff}, 0x6, 0x8}) r1 = msgget(0x0, 0x203) msgsnd(r1, 0x0, 0x0, 0x800) fsetxattr$security_capability(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0xc, 0x1) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000080)) ioctl$sock_bt_cmtp_CMTPCONNDEL(r0, 0x400443c9, &(0x7f0000000040)={{0x0, 0x1f, 0x0, 0x0, 0x7fffffff, 0x81}, 0x8}) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/ipc\x00') setns(r2, 0x0) r3 = semget$private(0x0, 0x2, 0x2) r4 = geteuid() getresgid(&(0x7f0000000000), &(0x7f00000000c0)=0x0, &(0x7f0000000200)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getegid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000340)={{0x4, r4, r5, r6, r7, 0x1c2, 0x7f}, 0x4, 0x7, 0x800}) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000740)={&(0x7f0000000400)={0x334, r8, 0xb00, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x54, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}]}]}, @TIPC_NLA_LINK={0xbc, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100000001}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9233}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4c}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffffffffff7}]}, @TIPC_NLA_SOCK={0x44, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4a7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc0}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xbd}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1f}]}, @TIPC_NLA_BEARER={0x74, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @empty}}, {0x14, 0x2, @in={0x2, 0x4e22, @local}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'bridge_slave_1\x00'}}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x79e}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_LINK={0xa8, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6901d4de}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x426d833e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_SOCK={0x30, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000000}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x334}, 0x1, 0x0, 0x0, 0x850}, 0x0) [ 1197.801562] binder: 17020:17025 ioctl 40046207 0 returned -16 [ 1197.807970] binder: undelivered TRANSACTION_ERROR: 29201 [ 1197.821014] binder: undelivered TRANSACTION_ERROR: 29189 [ 1197.862416] binder: undelivered TRANSACTION_ERROR: 29189 03:55:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:00 executing program 2 (fault-call:2 fault-nth:49): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:00 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:00 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x7ff, 0x3, 0x4, 0x15dd, 0x8001, 0x3, 0x4, {0x0, @in6={{0xa, 0x4e21, 0x2, @mcast1, 0x2}}, 0xa6, 0xfffffffffffffffa, 0x100000000, 0x0, 0x9}}, &(0x7f0000000340)=0xb0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f0000000100)={r2, @in={{0x2, 0x4e23, @loopback}}, 0xffffffff, 0x7}, &(0x7f0000000080)=0x90) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value={r3, 0x6}, 0x8) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/checkreqprot\x00', 0x101280, 0x0) epoll_ctl$EPOLL_CTL_DEL(r4, 0x2, r0) r5 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x3, 0x385000) ioctl$SG_GET_ACCESS_COUNT(r5, 0x2289, &(0x7f0000000380)) 03:55:00 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) shmget$private(0x0, 0x1000, 0x1008, &(0x7f0000ffe000/0x1000)=nil) r1 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0xe4, 0x103241) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000000c0)={0x7f, @local, 0x4e21, 0x3, 'lc\x00', 0x0, 0x277, 0x49}, 0x2c) r2 = msgget$private(0x0, 0x4) msgctl$MSG_STAT(r2, 0xb, &(0x7f0000000100)=""/72) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000040)={0x1ff, 0xffffffff}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000080)) [ 1198.063121] binder_alloc: 17069: binder_alloc_buf size 31744 failed, no address space [ 1198.112531] FAULT_INJECTION: forcing a failure. [ 1198.112531] name failslab, interval 1, probability 0, space 0, times 0 03:55:00 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x100, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000200)={0x9, 0x8, 0x0, 0x1}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000180)=0x3179, 0x4) r2 = accept$alg(r1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0xb) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000080)=0x8, 0x4) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1198.161394] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1198.207850] CPU: 0 PID: 17073 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1198.211868] binder_alloc: 17069: binder_alloc_buf size 5476377146882535424 failed, no address space [ 1198.214850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1198.214882] Call Trace: [ 1198.214911] dump_stack+0x172/0x1f0 [ 1198.214937] should_fail.cold+0xa/0x1b [ 1198.235071] binder: undelivered TRANSACTION_ERROR: 29201 [ 1198.236153] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1198.236174] ? lock_downgrade+0x810/0x810 [ 1198.236194] ? ___might_sleep+0x163/0x280 [ 1198.254831] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1198.258799] ? kill_litter_super+0x60/0x60 [ 1198.258818] __should_failslab+0x121/0x190 [ 1198.258836] should_failslab+0x9/0x14 [ 1198.258851] kmem_cache_alloc_trace+0x2cf/0x760 [ 1198.258868] ? kasan_check_read+0x11/0x20 [ 1198.258889] ? do_raw_spin_unlock+0x57/0x270 [ 1198.270283] binder_alloc: 17069: binder_alloc_buf size 31744 failed, no address space [ 1198.272316] ? kill_litter_super+0x60/0x60 [ 1198.272334] sget_userns+0x11b/0xd30 [ 1198.272351] ? kill_litter_super+0x60/0x60 [ 1198.272371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.272392] ? ns_test_super+0x50/0x50 [ 1198.281361] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1198.284797] ? ns_test_super+0x50/0x50 [ 1198.284813] ? kill_litter_super+0x60/0x60 [ 1198.284827] sget+0x10c/0x150 [ 1198.284850] mount_bdev+0xff/0x3c0 [ 1198.291477] binder: undelivered TRANSACTION_ERROR: 29201 [ 1198.294527] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1198.294549] ext4_mount+0x35/0x40 [ 1198.294571] mount_fs+0xae/0x331 [ 1198.370014] vfs_kern_mount.part.0+0x6f/0x410 [ 1198.374665] do_mount+0x53e/0x2bc0 [ 1198.378255] ? copy_mount_string+0x40/0x40 [ 1198.382615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.388170] ? copy_mount_options+0x280/0x3a0 [ 1198.392710] ksys_mount+0xdb/0x150 [ 1198.396395] __x64_sys_mount+0xbe/0x150 [ 1198.400407] do_syscall_64+0x103/0x610 [ 1198.404341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1198.409567] RIP: 0033:0x45b81a [ 1198.412787] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1198.437192] RSP: 002b:00007f35c6913a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1198.445034] RAX: ffffffffffffffda RBX: 00007f35c6913b40 RCX: 000000000045b81a [ 1198.452334] RDX: 00007f35c6913ae0 RSI: 0000000020000000 RDI: 00007f35c6913b00 [ 1198.459800] RBP: 0000000000000001 R08: 00007f35c6913b40 R09: 00007f35c6913ae0 [ 1198.467092] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1198.474392] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000003 [ 1198.485656] binder_alloc: 17069: binder_alloc_buf size 5476377146882535424 failed, no address space 03:55:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1198.505467] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$media(&(0x7f0000000280)='/dev/media#\x00', 0x100000001, 0x90102) bind$inet(r1, &(0x7f0000002480)={0x2, 0x4e23, @broadcast}, 0x10) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x42}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000140)={r4, 0xf8, "7fd3ebfb80d3c52ac536ceb68c4ba4fffd3da3131724d3dd6bb1f39bc0dcd5a6e0db0fa2c0b75ccffdff5784fd372f04473439475abe98d09778051df01fc485299d5c8c327dc316251e0bcff78cfae927ff5a0854ae97bfa44140b3b4a7248949d8a29aea2b3984d89aad06ad89183aa8aae523d5f335373bd462bdacb9e1d4291e3f38f5a0aa5b7d1f35d3cdb4cd2467e09752a80340b61818c1abc0a6ecf4096b8b41d485453653296eaa885ad2e91fef24ad865d9203a138d40d1a9bb1e0511cf89340655351a1cc1dec87ab138f5d14ed2b360031e60ddefbf0106480066000b7941c244f77258a1531b82fd7f294d3e343aeaa5323"}, &(0x7f0000000240)=0x100) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002380)={{{@in=@broadcast}}, {{@in=@empty}}}, &(0x7f0000000000)=0xe8) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000000300)={0x0, 0x0, 0x2080, {}, [], "29ddca96fa77bf9b1f21c11b15fa25a8b9598df9c2e4380c154a96c66273baeb8e78a713eccc73409639844dc91e9fd0bfa4f7dfeaa9e09534c6baf45e50b4b63bb49ccaae53eb98e4df293d27abd79fef7582fd602c3a2c42a73420d8ddf8bd6999e9f97f46734f04ce163fb471a8c9e42914365c9ea677dcad6f15721638ed5eed4d77c359d0a31b03fe6c1b987a670970fb75a770a8ff1c7e6f18fc017c5a9f28335276d552fc3f3d58fa30bdeeb4c74f4fa71f61e1d1fae51d77c20624e5a8087cb670d6de3d6ad68ed9d56f07e7900a5e153ce77f050d68800be772f72c12f152184c96e0d48ddf9469335aeee74ea209f4a3cc2ec35f5bc4b06005bede2657f76f25a7db861208216bb9fdde4281ca81d9b41a262ebc50d0110e7dc22c6c5391bb7233e0c3e6af031905a6f7670b42d84bf6b383b451457543453a8e441a4107025c70bfc49acc549475fd656fbfb903d4fd2634ea43dac6ecf1b5102af6b2ada0e3d5b7c3884ecf55c07b063d3e3ec961f55d62a81d5cbcbcee9d09f0b677eca4c8767b44d31343d65c17e0362291ba7abf876c175379d7c8b495ac8e3299d6144cef1ca34d8a70b47ee4ab58617014bc2dae4f282d3f1982e1630c13671db2af1df7fe2b350a02d8383f656550a0e7bf1a8b84927190c442507e260d7ef775a7bdeb4668f93e251784fcbe30723f91120b6ee34d9a5c52eb70130568c0741ed5aac9c5679c4276bbbe577eab93f7178eecc3a6caa29637b61410d9bb2d12a09e8854dc170280ef6b8116daf28c4ed68ec32331530273494503d1612788f2f06de9379b9840dd45e05f71d279ad4210457325e757e8381e36cbf5aa8e4c8950fe4bbdc2530c05f5dce6175ec98383ab6f841be1cc0d1e1432c97b6795b5e651b52d689df8e2a2aa86db8e6ec894ae56d74ea80bb00b8e08a22611cd1bebbe5c68ceab2050f67db6fe738c349c04b4973641861b5e4a82ab489177a114f24a6a9303a0fe54f6437ecef3892df13d7c540f4ec46edad8a51f75ef702dc4539d17aa18eb2ea09570fce0dbcbe52f7e7a6c1c1865eb62e66857221800565e58a69207e75d6a238bf25682a85ec8cdb8101c3d378c9bbf4dbaba39c1e23c27b310ad8765ca0010a131700d261cf76ac58b27dc86075aea7f838bd6dd7842ede4de662224a4f8be3297dd7d9ff2b8afc992e6943917fbfbf4048da5e51e4ff8d0a4b235ed4eabfa5f09a4d734aa382c58cd63051872ec7fa4dc16045aa943cb1c153f1da265dfc87c11381ad8c1e372d88d324869b11def3e57e5f0c16ad2880a9cb0b2470d6ca67c5f227da08b808cd5ef93598f0296642bbd69a8b483b72a4eb1557a0cf84aa3ac1ad86cc398b4e053bcac60f165491cb1b3006d6bfd7ae4682a211c86ca0842ee1c7b7c8ccfa74f560e18d732840282196d38b175875918c9548eb80b340939ed561dd507c359b8cf6c63c0b536869862a47437e6b5722fea6abf393436b7d0c94f92f37927488dc79bcfc813ea5c72a06673c08b4c2976613a33e4c8cc6f5328a59b10d39ca8b52d76f0729008f1921b85834e90a45b7924e868915dfe7f983d6ac04bfc64cae3efe7339ef893194e9197bfb8e70e65653ef86ceb5af589eeff9448971a359cd019f3a30341d3b8e23cc6563beb3ae86b64c8fb1b7f044a5ecd8337456193e380cb1be124d72f6554de9b96ee734b19cc1626eddf165156a369209950bf124c3baefa21da96edc557c2c14ca1e72b2e69c7a571dac88f5e2bbe5b39dcfcdac60f92bf016fc5917a14d0f7bfa18d5aea920eb276e68353d5f9ffd06cac3ea9235ecc608bd03f279253bb999eae4da9d84c0239006660b38b7cdce17268c113a7afac3f7a0efea2119076e9c58163a6ec9c2adf46e7b3418af2e39d464f8b717ca8f0ce574c4ab42f55bc7fc7b4112afb015bbf7dd8cffb2b7c8571072cad5872138a40259f1df9becc52f7a3812e398b7df39d6f9869f9a4ba7f01a4e6d4df782af166d5f3f3b4df09728b6a25105d2281af8015c8a73992ea791943f52ea3eab2fe4b5c34337bff3f635a281d64b08bb3247e50ce72832ac55e8273ca98ab77729a792b065202d0fa7f8024f3f903dd6950ee18c33f76b54168fadb2563ca9e06f7faeddb8ce67e9c82a34cfa46ce63d0ac4371497d3237f773f2745f2c0de7c081a20b06e91ab700b66878212ff5d4710f21db97c889ca3f6e9305624701892b08af99f1ccaacf3c30dc4fde663cf710d9cd5b00d807e400acf26552510bf642aa43b6796cb5c3a4601b4fbbd6e58a45fd7f87638053ed1dacd955ce786be2ca6dbe7f330f56938e21faa9eee11f885c7e4a7a5ad6d5c9881ce5ea1da977c65319c2658383c66c4521f3c23032fe55da65254b9ec0620708af0d9b3ec1b9134ff7a0f2a5d099ccad6ffc67d49a891d0e9a66dcba33b3133ca923a625812e937b9b571d49628bd1bb5c1d3a5ad8fd11b66b076585fbdcf1d08ec7183f2896d4f75cf4f25997f758f108bf35c65f4c3603cff2166ddfd6444b20bae9ad8e294e2fec8e674978e28616920ae1e8aa46dafde66f8122583fbd212150b838337c30826b31fb71858de18d01ba35ec8d756b51d07a8962812ad58e986ab94bb92c4c8acfdb3c2092531bb5f76b94f2ac3c9d05f5212a3acc42afc375cdc88e65f94456a6884fc68a13a7a8b64a88a27750b7e5046d25e0e79ad36f6f94626b0189ce359bf85878fde7654071e1674ec39514f13260aa18c50eb84fe367424ea2afa646a8bc719552f0b8c38876c1ad68bcba6e0f7579c2a0fc15511f7728142c0c9ca74ec006f9b3f17f66344da5d55e0dac86190bf08643064650bd01030e3a5128031c41fa5839dbe5635bf9ed289d4b17837772bc9a9329e2d10b4bb5646a49fe354e2c2749e8df15a7a649d74d5d1add73ad3c5ddacca2a7e59805d4799322b975771175d32528393da14644b23c11e6817184f43be83acf4a87dcdf98b72b7c634bbe55154800c75832e465ff1a1cfdf8ce4124ba52ca4a8fa86ccbc00093fc1fa7012813548442662beeeef884396b5378811f17505553153bbbacd0a4017cc0949d5ff18ab7d7034cbf72c9a8f999a802f7f9307fe1e81232d634b859bad7be35e9d916ce88b2196b322318342cf4a3c5301ff2e93f0d649dde453a184a87282d8ea88918348a374bc9650a34b5691bf1c81addcf7d799b4b1f6a4e4c2560c5497e8f734caf4c67438031360d902b8e2867dfbbbb40e39471f737afe2b09a0e246a188c335fd752ce731f4fed8857999b2ae65afdfc1cbfcb4d6f587bf19579cbca86bf659d5e0402d360ad77a5d8247ddd9671af16f8c805b9866c481008437563dd8c33402cd709bda33fe4ee2e4b55612b35ec8d4be8121b91f329694be987358a9d9cd9e0dc9989547607db91e28e2823805211a564b6e4262174b4bcd78574f3a4a532e254d071a83a450f534d3b1d00e11c60456f6d050a2cf5f48469843f178b839b97df7ec6c9e1f5f7bfcde05f23a5587d4c28e633c1891278839b2b14f7aa0691e8c3af2581bc8ad02f8b95536f9024eba3facbae34679303ea05144a4117c435beeb7db36e2ee361179325f397548205ff2fcf86ced4e5b3d6d44a9afd32ab74046c0b33a4a06c9c1faa839d2cb88849b1f6c9f7884c5c8a2fa659a2249a4c7c63500d7022ce662777ae85bb51c9c6acee1c0506e29bffa0a9f5657835cf4c957a54c1f2e223b75f9480b531fd71b615123723bf210d89e3237d777dab14140235f232ea69ee0d07dcf926e40f574043be79e26e03e898c05008f303fc49a98c4e46aafa9663335b362e5b7aafdcdf757c6930af096066c1729f0b903349e1e3b87853d2042548f3ed52aaa8f96a56ce2a3f4c4987c974f11666ce087378299be47816d42c45c37dccfb1d4b2c47ff59a6247f5cf525be0791c429f544f947fbeff0b93e77dc612dacedfc0d7bc1f9ad47f0c1b16cc8e8bb1f4c7dff0966dd341f6a62f39e0300da579b046a8de672b8d9a14a506dbdebf3c44d392c2645ed1380fcbf2f01bc01c6a5216e737ff417c518af7078be6ff3c6edc12d142f9e791213329c373def2b2b2ed25d4533f110302aec4bf9a1c4d4526eb8eacdbe30d08d67e0ab420e0e95e17cbea85ed8a81030c10040a142e5dfa380a7c4aca375f49f47c14c431b7a8e71e5cde58a75ac5fa25453003067df743b9eab913906e21c0c4d8627d3efee4e950dc80037c620d62dcccb93e5c62e8e94dc74883545954336abc3c9a0c08fa506d4a58ff289c689ceff9a5c3cf6a0f98054517011f0d27ae1ad769528963b351155cce229d661598d6a5cf5c46a6dd1e696302c1499ff5c908dc5b78b9261bfa78800aba1a562e4295c059e237cb07b847583b0fc1493785a7c88c7cb0df88d1b7f5aa0a8bc4a31910d4babf49795bfeccbb96cb08b4429d6b09662dea6a2d00a5a13b4c568b1a37841e3b86b0b23a30200796c5a78de65149d3620ef990d61f4fcf2561786477a818331d8338f6b99c587d661cdf824257481cf70626fa80d5751066315766a21e3bb4dc82ede1b1b37674a451b59c241daf61646e2541f3f08bb54dd8eaabcf82f44704548e178d171128546ac4bda220b1ffeb5fdd3d3356a8e0359988c86d902af8d31cc895850f50fc8a98b3b3252d815aa95f39f2afc30aeafcb20edd047f74bde269f88fcfda7b0615c1572b8451205be2ffae9b360bf3941d8257eefcd86d0d90f3f550752d60e56091e19cefec8a172daca68402d477f93cedd4313ec1e7ffce4bdf1cc001edfa850e5a204452181c68a23d1f9c26bd9c8c7e77184f171c67247cea68f5df056d712be2c45e6c3e3a4d6576e0cfdfa9e05e4f941ea973fb6e8868ead85012642351e7c5d745afa7e4361d9ef91313ee7f649e0c110ea3d23f1472fd2636ffb187f1b93b3f07c35155884051e09464909c490790d69f36cc6410fe7a72972adc1a6229bbf7a496010efb3545777594e30bae31e555c0be40c609ff8e2b376b61253affd0e812521c3fcd14d4717ca35c3f4521e379ad4a72c15dbfcd213659bdb3fe8d20309dc957d72b2168dd7920a70b198233549e511dd99a3f52877483d33c1761ebbc226784a997acfcefa0d267b9d4992e4a39dfe63fdafd16b62c08299f0a4bfafbef59a9514257bf826dd56eac1d22746fc92b07d768af490a2df599c06dd60e6cd157e367efeda2f6637e5f10278b820106f43c881c75207ea90737d4e01f88db94513c77db394863aa08081e3dedbc78e0567462a37f86faf7dfdf853a6d525eae69bd385d0eed1a36dca0ecd4584455768be18cec39028c10c46c3751f0857727e90a2e631a9f5081e6e9f18bda9e339fccd91e82243c0f03de0249188dc427ad08cb37cc20fa1ef0bc8bc756826673064e06e8b2baf68624e327f0910abe07975cbbe72f8301c121c21efb8ce928efb382006c3bb948e5f48a490b65de4fd5855050f939677c85ee1d7408d5a02a494c4d6067c6503281ef01dee242884c5377bb3a8f8f14ffb67926e316410918ff7b54178bcb3ad78f5ce8eb747d744df8b0e986fad7174a8f161189a742b5c50b354e65846bd53e2823c453cfa2192871fd910b6a24c3092353110074c2b450c79d8c410ac3ba56087597f29d1c880df0db0862ed04d08f2321b57c6bf3a175a175bad0d1b53777e2e94c4a1218b71c92b1a4b63ee25329c26bbaa4ba76f61f2eeb135782974de2ef62f60a4bd951a1d3d347b10f3c212d4f22f24d76e", "2cb8f37efbac957211ea2448d8091c16e4657a39f3904ab9afac57f60f821d15d3e63b0dce599f5a8ebfdec712548e0dd85b490fba18120be8ad795f73d4b340083c6165af8b792b3f14f42af08a6884cab687d3d7caad1bf353b3124142601f9adfa7c884f5c46361026eae1a36139b6c8c33b32bd241850a003f40506a0d8ec59dec3112a299ebf12e95da1193e71e772c9e7fd2168c4ef0a9b8e2858d0635241d3c0e6674b79253b8cb00ab0bdb0302146ed9352833cc3edd4341fbf80f7c72be2dfdb9c5ddabd18bb75da42021e56f96922c0cf683ddb51485c61ad9ac82386fe3cd2a412d1c2d9a39f84ca0fd1b380279b32cbefb19cf77b04482995ca922a57ba548ec31c252ef27787d439834d4c78b784fe97d39dfdbf9f18d5c4e747fa37d48fc83b90bc5f56fcd1618da90946488223e784fa879fd5ef685bb37c709a5ed3132fdd90248c9d10ae750172d1095efde28be2d683707d1699217f198e8ab2513fe87320f6925d3bc22ed23da94659d19c0b511d67f82f2267cadc50fd48d92f66ebf61a0ceaf90f59e346865e3caac80c88a6bf7cdc86e233414387ce34d321be5d63eaa3e0d98dd0b0a533db0d8c635ffb56f1f25c1e92f113d9bd2b8438d2b8de3a0299acd958b1940d89b8b0a2ddb6e2d6ece0de9262c890070d53955eed9e95fd8051afa5180e8ad60cb5b492586195ad4634e3ea1852491ac76f3fc1226eed21e83724fa0810d03796a59a9d44bf251de63dda9b6e6b3959daf9081d5a7ccc668accda47d1b7dff26798fcb066c6e2e20e0c76f40173d770ac842c9dcb2971da646d7daa21c8ba0d975fc84b6e1f344d1cb316da0407d313d44e50314ea8abe303e535b4fa972af2dd6fe63e418a44840e1bbc11ce33f4002f7c0d0726c73600fa0965e4a057b0bba9d6a1d9d4c0f81ca494e470e04ca517571a245305c0b41b5ab0cc1f25ead9d9802326b200ae592f132fef21fd9206b29ed1d58a14a2ac419d0229370046625d8085eebf7b8fece68ab29da0de6f626ce9d38773c407e07195ffca3c438c0701fe701d8d5c0ef75aec9aed3ddd60eeee285e898578cfad1ed271b193e4d90ff94af8b62d6484e219e5d60b6909c7a1c7feb2887a68d11cffcafef95075a06d47a0d4523aee19d50a41dc0526b98f529815fe9739930ae9c4b4e7b00688db73a9342cbbc7c0970933776bd871e25b6e849fc1a772afecd240624bb59e51e831565110c717c64d408f710194d4ddd05c024ad797cace09c5d5405d72b8f32fb19d0975b49f3b1e4c208889df454d0c1b2d3c443584ecf4ae88313132052f655e27e85079123581a39aaedb3dd2b85769f3681ae577e1f9118a15b57d1af42c64346be53bb7162003c9a985215baedb12c34ad95f1e265775f6f365abad0ab1b5e8cb268e5f705caeaffe7276bc6f84cf8ec023534f3ba962e20ecd647b0e8e1612c935eaecd574169f012e90549508a2cd14df2188d632bee4a392af641a9dc53b80af6556214bb7f9e0a9916c1905a77a9b46333fc97417656be1811d3534555f5dca80ff9b38b82ff998c1d868c1f64b1863fdee26adb8f16a9c55e092b282f52a3a5eec31c4fac88e4ce713f98b421c4f593e119492b3cb4c4b49768cadc2b3ab4787fe91b0fbd3e1b751843cdaa06e2136037fb8acf8b08e0624011e0709b27cf49f93942141bb4b580b360cf27922664891b7cae174b77fe4803869e35a37534e592702267d1fa5d1c73b5ee82c93a078ec627e5c210dc30f79d1a35f86cc99fcb323ef2e642a9be7d69bf9afc90cf2ef79841034680950ba819ca7396e5fb1e6e553ed94d88601edef520d0540a4f49ebfff9f71b5b3a13a6590ab07563343038e9d08b329399741337dc37d0abf0f0823295e11cd5df9bad5d4e81017a5eab8c39f4ec0def3f0591f5e8e14127dbdd75009bf48479aa1bb2cb6a168cb3133de91626308b79ec775f55fa8447a81a7a2a4c7cd4ec4c5b7879d5cc466d2e2f0a1942c3b699cf5a7517202f5df45e8a242712b097b75b0bb91cdda5fa083d49adcfdd416c1d0601c6688165c7c8b997424673f707671b406f0f66d2e4e58da432d5068051b60e5b914b96e08c5f5951efb191730c80bcd7d189aca6b0075360955081770ba7cb997a254b6ddce8cb310df7190288db6a56bcded05f147d7a16d6c01af15c3cf16d48e9d49f4013cd66a976ec74d0f1efe3b8f08d38e6149ac9a2045d61fa34b6f38d286047bbdca910ca211b4f48eba2caf42fe3e2f7965c5d59d6793760cb1bbc060774569b7aed7d93e080f38b1a2edc154c42deca426eba398c4257dd5e758b9320fc1bf5435d0106557779511fd6b3166da1ffd7d7ffb310d08d6038548a56f58e3b6627bd17e2933d15da052def8e7386ea7374b3e93a333321c53c19b7f497d6a26ac55fbac4898cb2471cfb34b0c62471ac8ef71b5d3d31099047b3ef000ee14efe8605aa823814ef4fab8e6bd31029b461bdb89a0dca6f9aac83c9bfd84deacc7951b6e966c0cd4c0c4796b0abfbba372cdd77109a7a06315c16a48f20d6703f9f87a6a3df9ff23dc908a7b4efb64b7073d4e489014c3ce60fdca2eb4cff2ca57bbaaf4fa157692b42240a11e7eb2a43963f28a648dbfd600d368b9461485dee7ede88658b54f2187d7ee060276520d1e7ed80760cebe91f5941137b4dba0b6c1232d492b7a639863a7338988832ed2aac9158788e3aef2602ace5b94bc64e49d9cf82c8f03543666e7c0d33260453ddbd67a11cc26fcc3102e7f56cf41f686fccb59c8ec7af33ce1549b5c4d2a76341b9f67973f7ae9fb2e2d396e8ab101b1ef5f43611968789adde7c930f687ae4ad956bb435b49b7ad8a5e97ae9e0eb315811551b43be35dc203164ded578f42b90c7828eff97369d0fb82a4d9776137d20fff4970e52e1eefe39c332e4fe2f3c422385144bd6b5a6728e801703463b4c2cfcd22d3578b3ddaff390987abdd6acd256830d10e5f2d9e136eaefa38b0c36981f7f0b59b340f5ffe8e8a0e1513f18bd02fb599e3c4c6fe374ba6f4ea81139bf12fbbae72082d85eef4a30f6333e48435227cd9d35bb039a806e292c25b19334e6883a6943b0553e6fee4fb0ad7aaa30416f2cdf21c6af7bc63998c93a2d78aa7838551eb0a2efbfbd1d16d182416147390f2357c854f28bab73bf4158f3a37e36fd547a794c25190402aa49fe18b11bf5cdf3e9226615e9e53306ea05f6b54bd5538397c8f2b154ded3d9085c67d5a5cdc53f5676f156a15c4b1bd26d4f979555263c538823e8e52bb45efe5d9b8529aef610f44c83eb7e45ecb332f2e07e3bc8292f9784eba4f61d1debea146ff0ade9b56d3bffe84d8a32bc4f70c7a7a226230c6d74d0b33ee528cd9a9b9f46446376978fa5d4b97251168c77c1b8c17eb845a99f393e2e8939ec1c6e5f05f481ac93f684bc335c69e83a91357cf65fe3c4fe02766ff59ee745bf8a7f101750f529740f2f834540106275fa83b0f80b68280fc9d4b83413df2cf9a79ac02e5afe6097f8af620a9ac14800d098638c8ead747a0ea1dbfd01db2cfee40c4873451e4f0f8f75e2b4687227c5eabcf5104d628beb7895e41f65cd8466f3672dee58d373b2767045079424b33cd340ce28c4d7a25b6a540606aac06bea120fed7ad091518cce99330128d5cbb9c29c090e79b97b1de408a67cd531cafbd9fc1bacd78e13a77d5ee433fec34adf9806cbd546c8010304f82b70dc087eee1092c865f33769a8b20c04aa6ec2f70f766411ae1c6644580da6e287c3b7ab15497076f0f504a23d59f576eee4a118b90320b59b51207e7fc12cfc6f110b5c78d30cf352a2323a480c125b61ce7f1d30ae2d0b1d4ee815a97f68e2c43b40f84b15dcd4ef11c96a2469671104a4f753e769f643d16819115b51e0cfe4e2f8b19330c6cca1d5d2009b47acd696019c5b9a271032f9067a05d84af8b99209a7e216149a696fba7ea3fa1858b7abcfe094bdffbda15a67024bac089520e8f654e1d152a5c20f8a0c10b17fc11c5af8356bdfaa5367e11d4fc74ee048127f2641dace630b9b21c094af4811ce2a0d92bf17fe02c40112622263672a1526d6e453a21db9a06233abeb95c7425a6f1dc67d65ca09e3ff18fd898c90e40595279354edac6d74c2ac3445153a6802f2657242fd98c87b63576e30cccb6df0796293dabf35a4ed35258bff0a33ecfc2ce4bc9b3e19c844d49af5c85647b580e30ea0b4a8ebcb49cd5262b15fac38253d9b368c5784c3d694966ec90e14c4a3a53f8ddde37056c9fb375315ad08df0d132b4eca3243c9adbd2c859ad10311b7a2757e475be61a382782ee30ef1407ce3df9a26c1cdc99c49375d7e38d6ccfd08cca8afcda3c58c0ecfc59c79a445b6a9fbbaa3f54b169b63151bcff861f525abf1e35243350ecf2c7adff6d5f56c4c3fc7bf24e06c48a581be8834b8027def5ee90da16260a652fb259e5d6d5dad7701cbafa9890755d87c9270a4d46ff1b496119dd326877daf75dcfa94e155a2a1707bdfd5f0db04877823c66af62fa420e7fc7973d3dd794e4283ae582d84a2951237826ddba573c70c37bed8d030e2c186d08ed3b894eab90a9c7d15f710853b92b52d098c31e4fdcf8e9b8a6096c521aad0053e1a2a0f53ac78a9a110667093a918ae1a597e6910b644d58d1946e34dc7d2437aa43064fbc005f5fc0e2dd156d1971f49c770a142556756b04d96e7dea9278399ab832b96eb4a43e4207f7d4e0d431c2dee344329b9254166a22ec242a4f82b35bd3857836580724bd9acdcc29f1c1ba91bf5b601eecce280446a94f7d550623d4641b5ff4c7d6662746987f95a1bd716fd325c807891a5c3182dd6ff858130fdb69e31a209754331bffc5c138a4594e491212cb42d87b1e719cf6a23c972dfed72d70bbe49843d115f774c96d1c1187ae3b3f9b95f68b5c48e9025f502708cbc8fb73f89ea46e67835445699b35338552069331aaa9a7515def550ee9e1bfa7be45319212892c2ecee0716f45801f4251796b1c589135bb67dc7358829d2465a0db3cd4c630f04d6205816a61c139bf75c30b4a2356f628b507975df97bba259c874253e177b827cab01294ba85c805901f7b094d04236d4d56cb9a7a20620fa54e390d2ed2e56ac37202f937569d4de69e9c333562dea1f5c0ac846e9e6f081678d99388a0dbfe17184e788c76f87340b1fee0f2699fb9f49316680c602bba4bab2ce5b403e2e1f776dd480fb30252638dd3994c725453b93b51208157da7e8299fe0493f0d7e97dc861ba9fb8897c059cb7c9d7cd1c8f513dd56ab7fdf727adb9a06e4eefdc613123c0737c0b21a15c3d59fbc1c6aebcad82708fcab41266eec9e08a8f7a53f566b8196d16a7de1eb46e8da8154eefdb91c82380ee0d175d7f280e4f449376b893b206c47cfac3021ff717ac97421e7d50713199d769ae7549c46f9cf4eb28559abe5b51894c4b52e8bbd71f4cca305e3037032c41bbd9aaa83114b5d0d79f3574b460062c040108a68cdf45727b2bb7ff32a6de775c8e4891eced593495c19e83d2d61a9edf930b80208cffe9fe0cdfd88696380a05b0932b736a6c9597a8e2c0ec68f63d3e220a9d8fdec778081a4c04e39a079792665d25e90609f2549711ee87077b1142126b3dddf91cf16118dc2f2717de10a6dc5ee020fbab91ad3444d5e9bd6b0b756f66fbd381a8f7684b0de30f93b9cb8f1afd0a3f587a9215facabb7344a83324035b78009522630a98c4925d5b560443a5b6"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f000003b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 03:55:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:01 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:01 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000280)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="020000000100000000000000040000dba4ecfa605f8f58170010000000000000002000000000000000"], 0xfeec, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x2, 0x200) ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f00000000c0)) 03:55:01 executing program 2 (fault-call:2 fault-nth:50): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:01 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x2d0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a933d5500d4ff317e432507f0", 0x10) accept$alg(r0, 0x0, 0x0) recvfrom(r0, &(0x7f0000002f00)=""/4096, 0xfffffffffffffe03, 0xfffd, 0x0, 0x349) 03:55:01 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x7, 0x200) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000280)={0x8, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {0x0}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f00000002c0)={r1, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet6(r0, 0x0, 0xfffffde4) r2 = socket$inet_dccp(0x2, 0x6, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x9, 0x10000) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e20, @multicast1}}, 0x6, 0x200}, &(0x7f0000000140)=0x90) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000180)={0x4, 0x72, 0x8009, 0x7, 0x7, 0x7, 0x6, 0x100, r4}, &(0x7f00000001c0)=0x20) setsockopt(r2, 0x0, 0x7, &(0x7f0000000000)="03", 0x1) r5 = socket$caif_seqpacket(0x25, 0x5, 0x3) accept(r5, 0x0, 0x0) 03:55:01 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000080)={0x8, 0x18, [0x3f, 0x80, 0x3, 0x447a, 0xeb, 0x8]}) fcntl$setstatus(r0, 0x4, 0x60fc) ftruncate(r0, 0x48207) r1 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1abe9319}) sendfile(r0, r1, 0x0, 0x80000000000400) 03:55:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:01 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1198.836224] FAULT_INJECTION: forcing a failure. [ 1198.836224] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.884845] CPU: 0 PID: 17122 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1198.891931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1198.901321] Call Trace: [ 1198.903943] dump_stack+0x172/0x1f0 [ 1198.907699] should_fail.cold+0xa/0x1b [ 1198.907723] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1198.907750] ? lock_downgrade+0x810/0x810 [ 1198.916858] ? ___might_sleep+0x163/0x280 [ 1198.916879] __should_failslab+0x121/0x190 [ 1198.916897] should_failslab+0x9/0x14 [ 1198.916910] kmem_cache_alloc_node_trace+0x277/0x720 [ 1198.916936] __kmalloc_node+0x3d/0x80 [ 1198.942204] kvmalloc_node+0x68/0x100 [ 1198.946053] __list_lru_init+0x4aa/0x6e0 [ 1198.950147] sget_userns+0x81e/0xd30 [ 1198.953884] ? kill_litter_super+0x60/0x60 [ 1198.958141] ? ns_test_super+0x50/0x50 [ 1198.962056] ? ns_test_super+0x50/0x50 [ 1198.966088] ? kill_litter_super+0x60/0x60 [ 1198.970358] sget+0x10c/0x150 [ 1198.973486] mount_bdev+0xff/0x3c0 [ 1198.977045] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1198.982239] ext4_mount+0x35/0x40 [ 1198.985720] mount_fs+0xae/0x331 [ 1198.989114] vfs_kern_mount.part.0+0x6f/0x410 [ 1198.993648] do_mount+0x53e/0x2bc0 [ 1198.997233] ? copy_mount_string+0x40/0x40 [ 1199.001496] ? _copy_from_user+0xdd/0x150 [ 1199.005760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.011332] ? copy_mount_options+0x280/0x3a0 [ 1199.015864] ksys_mount+0xdb/0x150 [ 1199.019429] __x64_sys_mount+0xbe/0x150 [ 1199.023431] do_syscall_64+0x103/0x610 [ 1199.027352] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1199.032591] RIP: 0033:0x45b81a [ 1199.035803] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1199.054816] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1199.062550] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1199.062566] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1199.077270] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 03:55:01 executing program 0: syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x1, 0x800) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000001fe8)) r0 = socket(0x40000000015, 0x5, 0x0) fstat(r0, &(0x7f0000000040)) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f00000001c0)=@ethtool_regs={0x9}}) 03:55:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0xba21, 0x0) ioctl$SG_IO(r0, 0x2279, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000000)) 03:55:01 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000001100)=""/191) recvfrom(r1, &(0x7f0000000100)=""/4096, 0x1000, 0x20000000000000, 0x0, 0x0) 03:55:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1199.084560] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1199.084576] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:01 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1199.150030] audit: type=1804 audit(2000001301.820:278): pid=17145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir098719244/syzkaller.KUPM7L/1404/bus" dev="sda1" ino=17313 res=1 03:55:01 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x4) connect$pptp(r2, &(0x7f0000000100)={0x18, 0x2, {0x1, @broadcast}}, 0x1e) [ 1199.262305] audit: type=1804 audit(2000001301.930:279): pid=17155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir098719244/syzkaller.KUPM7L/1404/bus" dev="sda1" ino=17313 res=1 03:55:02 executing program 2 (fault-call:2 fault-nth:51): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x200040000000015, 0x805, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000100)) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$PPPIOCATTACH(r2, 0x4004743d, &(0x7f0000000140)=0x1) 03:55:02 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:02 executing program 1: socket(0xfffffffffffffffe, 0x802, 0x0) 03:55:02 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x4000, 0x0) r3 = fcntl$getown(r2, 0x9) r4 = getpgid(0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000001900)={0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000001940)={0x0, 0x0}, &(0x7f0000001980)=0xc) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000019c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@empty}}, &(0x7f0000001ac0)=0xe8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001cc0)={0x0, r2, 0x0, 0x9, &(0x7f0000001c80)='skcipher\x00', 0xffffffffffffffff}, 0x30) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000001d00)={{{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@local}}, &(0x7f0000001e00)=0xe8) r10 = fcntl$getown(r2, 0x9) fstat(r2, &(0x7f00000022c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r12 = getegid() sendmsg$netlink(r2, &(0x7f0000002380)={&(0x7f0000000240)=@proc={0x10, 0x0, 0x25dfdbff}, 0xc, &(0x7f0000002240)=[{&(0x7f0000000280)={0x10, 0x23, 0x0, 0x70bd2c, 0x25dfdbfb}, 0x10}, {&(0x7f00000002c0)={0x12f4, 0x24, 0xa00, 0x70bd2c, 0x25dfdbfd, "", [@generic="93750982760a584e89067dcb54fd300e4f4355fc8cb19c298be69a330261e8aafbd8951dd27c57083d68cd36db5e60505c5c0282806cd5413ba02fc7e49ed515ac15be6705ac0c036923c110af254bda7a7402e1f9555e7d11f0baacb33ea779049eefbe8096da1d9a8139c562ff99d4a787107e2cdd", @nested={0x144, 0x2d, [@typed={0x8, 0x37, @ipv4=@multicast2}, @typed={0x8, 0x1f, @fd=r2}, @generic="3da93ec798a632bbcc427263d7807a5c365d84798bb924cbb591b65585bc172af736a000932d7cda4bf3aae67e6c6e14827a8201724b3ca6ebe057cb114080ad5d2be84b855923e429574d022bf0173050fcd21d40966d5d", @typed={0xa0, 0x2a, @binary="f3d552e2c928b1eac38280e5eae1853773a712b82e89678aa74ebb6ce0853820553cb64e67ffbd815aa78ab96bdd225b9986cf4f74a077ba766553790971ddf7c7be46f7b65e6d00daeddf05ea195abf059728a4dce4e359711a351da0612b5d5e5239acdd3dcccd3822c24369290635d1a919d8dc4942132d2a07f18caf3f349b18625c556aa5939b53323910ec984a2259c5a35d2f6083ca"}, @typed={0xc, 0x60, @str=',[(1%\x00'}, @generic="ff69d8747e85b34301e65926", @generic="f49818c744170a47ff30adac6429a56d2cbfd5ed34e41603", @typed={0x8, 0x5b, @fd=r1}]}, @nested={0x1128, 0x57, [@typed={0xc, 0x62, @u64=0x10001}, @generic="0e55901e9f39a7c83cf102ae59ba49247090389ad9387b85beda073bb0f0eb14847320d8203622e4a1ca8f3182e965be587a9b6d02e29345aa7cc56915cf5fd0b562e138c46bec6734016a00712868d98a4c8dd0537aa0aa1be63d31e3779801719e9239aca2a836398f", @generic="1fbcf646cb11b130aa3f36ab59a14b5195f83dccea0f8f90f81ae5dcc240e6cf3c83fa1eaec2aef738172da90a3c64eded7688e771c8cf68940371733f4d5533937f04759c7a5b888e344469c89c3f45a744071b0da6d4105f84fdb1914085ff31dfeb2ea842ca7a52d58e38fd248d460b1afdb3e7883cf84f3d54914f0bc985d4e92a44e1171a01bd36d3d88903d3fbb4a5ab0a79a9a3e8f4045a7a2c266f56b914aea1af55234b1b14f2bbe6d8811bc8cfcb9ef292aae515de666516a6187c309d483f6cbea532441a4c3befccbb219919b5bb2a98dc046f40b158702b6b71d27733c9a3fbd50e174eb590e6eb2d83f20e52bb0f8401786533ce348271e57f9ee37886aabee77562f00f35f611359ce3d927d36826ab3700f9b3d7231417b0a40e02afa9e2d74ed6efd0434ac31ad4ae416d13786ec7451fdcf4128c64ad7e220a17e913ce2722a240e1ae400c8577f6d6e82d7bd14b04a167118eacdbc96a4c98d1b65b4241ec73bcda685625dcd9316aefd7c6f3652340f533be9981ef43be426679a8d5a73d88c927436971ad8ddd9648fc2665075f87a66794f93429de3e6db3b70ae38117667ab89d7b1280963b042da339c71c6863255bf1ec9485e5446d3df85ec87fdfca2ce24829c7f9aa69cb4198c1c74a2039da31ec3769070495470fe5d3596815a858b582420acd56283d858859c19a0eb5df8aa7939544e8cc167ee2f3a95d3af4eaf1a93cbe22d56ab268eba783df1e984792dac528931e01a231a16ed6298dcb45a3309c8c29e71074c46491e2a7433b3e24d2ae4a34433c88cbbaa148c142e5caf7da50bd472516247cb57b4c7ac9cad87a70893566a533ec1db43e2d02f544d7126b30f72c5e628a65bcc6ead2390759989ca83df4185c2c899d9974ea9d3b6d9e3efafd6edcba462ad742773d3c40f93d6690bfa4400ce10be57681ed9694cc102f31397ad0234588c15ddef4e19c642b49dd0111b2752632d6e504416e3ef15e59167ada90ff422024809ac0ce1d1ebd3153f34ccd94931023b0dcc808560db2bbf00a65bba94151888e77415c1a03d2e2a9b261866ad7de34dd7d0db522a79b718014b00cb798b571749e8f73185b50074f543a5373b3f2d5aa4db52439e58381a780492d38b75d5c394adb98ce7d9e145c08fefc5e433d675f67f0bf91f0ce0abddbcd27518f43db3ea2c12775b4ff794b353ce5088faa267463c2ddbada0e7081bed24a7e5bbf86dbe96503eef8af367f48a7d16d643a0f9e9d39a929d79de260c212a359ca3f010b61b90a792f7f2aa2a87b91e7d1303da56999e07d21a87e7316369a17f50e87b6c1868ffda65bbc0bfaa4c669f5fce3039fca679d76cc826eb9da431d64fef9c94a28826472aff7da05bd99d365bbc8f928d84898446227a201802a64dc903689b83c4faebea2acf019e9a3285df85b6b108fa8d7d2a04df429499c8b987b18fbfae570db7e99870505f9f57af5901339f47d59a0fba37acf48ffa41eb54cb49cf46deffe6ad1baebae84df74479c31b5a16083f184ffe11f295e2739e3cb9729fa75a59e1c9861a002c49a3dd07137849cdcb512675d3b386e0ba798717a52a954825b244cb4d39915ddd4ecaffd2e5c0477314992284bc3a82fb84531c9ccf146e074e74da94b2d95054f2c2584e149cda39fd5700acfe8e9cd92b56387ac8a203264b9f79232b3dabb6a8635aa4db5b9b7ca6710118bb338580651cfb1c2ced6d9d1c1361374c063d1376fa602986eb4e764ef03b0aaf549e278dffd3dfe4037641842d6abf2e647428d0c6fc106b7764ed01cbfeed3e66aea0de9b11e56395ff12b0d031c7e4f06dbbec3be6e601c3d6924623ad8b002e095f9379b1911aef9c39a785e2df66d1c1693372fd8fc9165fcc4fdb126c1c550692e20c6d02aa8f6fe7a87c366a89480afc9fe1817a91537b0984d3a8e1875500f7c32f241e6d51410f510626fac9073c17e5b8b46259f5f78bb40a8ce5b53e342168b490c3779379d45aee8a68454c1a48dfb83992933e2057265b6586727fbbc57de6f00c3840bf41953d5ea560524ced6216089fb0f4dfdec3ec76813f0862439c545bb85371abca5c2164690d45b09c56b8cde4f60087f03a95e197337d3072b02afa70ef928bf61936f2d525271daca4a103be267da17e13aeb541f081de15a831af778c83e064b77777bf9cd8a315402e59522f604c78fa2d9858b382949f923c1b737ab45bfcd961131b2b6c079685ef364123986425bdfda85d0f8ee467b6fc76561b4cdb4ab83a05d17dbaff4928c19213c3b389fd64c27115ad2dd1d3a617a3013a3fba88b17e7c1931e6f468a71c2067adb536db0f0b3dc3ef58f17e034a73fe3190d4f76251262ba0ad7c3b75d277bc1d9d9bb8ec9aec9c6adb2e9de71c71bc223a988a38ffd18f86aeb95f92750a7855f60c00681b01022c410cc67479cb2334f91a82239f29a0128ce5a10e9c3741889af4c0637eb61093904134ff73558d095417c675053a947083d2233508691f1dc9dc795d19e3f153b20038f2dd1bcc502993ed1d8cc1d08f9c488678f2d68ac327f086d5b88032f3126918223b3a864f8d0d688c6b64e46ee0961b99f265925ec93a9afd047bc26fb983859659cf1a5499e9f84328acd6c173b7b52ea31ce1dd8029ed16a71734481c6bcdd44ab705b9b2c63acd968a66061ae9ce0f8cfda4d510d1f0ac5ef97c474b3687d258ad4b5749eede60e1eaa4a5a0c224e0f0da3d04816d24c284cd4280a7306e37d2e5224b8d853435130575e465d7ce8f6897130f9d341d6de1d168d497a68c7ec68367d997056d169f05da195858f27f28ec15192c84ce9ca084eeee46be4e55af5faed5026f5faeede70b6cbdd920ed3905e8bb39bb3e11ea9bad042c49400a3504a15fcd0b71a6abcf4453a0af625f0b7cdcc1300867c9841e00e8f1efd4dad4bb29fc7ee24cb83a118d78a3becfc0e0103096c77d380e7df298619f63463694635534dacf43d1efe990e97d6638269a17e587f6180da7087aad689f895ff6de1a9965bdf4e1548e66b41ceb21abfc2d9cd666063bc06865ff3de8aaba7c0a2b007869210dab61cf7a24d84ed1bc7718a9d0d3cb6facdc093eea338a1879216756f579efdc255ec8663b0d7fe0692fd9f6a8d5c57aea06a638b293b6497de62269c152ba15f59bd9fb034fd8f04da8af3e312d007204784462f5330ac65c3ce3171db5ee13e72fc2dc258c6a822420dd6b7d3c60cb4bfa8b7a41d69b4bc03d6ee5282343b3f42df36a125bcd8bebc504ad6aa75bdd738cb7bdeb85506713ec1a2ea1c5ebb22c06f334209dce92fe71121643c4f13f45cb6e5ab52dc9d8ae33267d2994ae8df24d3902632c33b2985eafa3811f01541c6db5e14d42f9b669054266681f2bd3258a78d90a49a115f252cd58edb16644ca99e4b159d675f353d726b3dc53737ec82bcd4a5e2e8ec6546e6fbd5f4193cc0abfdd81e9de6bc478163622fe7acdb3b2c588d0005deb4f372c3e493485a3dce2dc760cae57693db4a3d6dfb06bac003870911c3ecd7d84490ad3d74ed224bac2548546424e7650d2a655ea857b0beee2e652f90895f53fb74d07202b9f1312e67bfd155cccccc8c9f705ffa6fab1a4f06efff16eb7be59cb28c471f4c5676121d5ff5c3ea9f259fab2587c7701acc8e4128281c743ee52e63cc83f47de4aba5edc8bd222774c0cf89dd0b0eb462440de33b279b77306eac5d7390f28534fecafdcd8e6169f7583cccd6350f35e2a72fac82d0a34edf25c1564821f27982793acb9a879b1fc2985f0d70df7555ca3b30cf4bb7239fd8545c443f7674aa3d0ab7d362e65bbed81c50ce8d1b4f23a00e7adfa996e7b674493fb123e1bbae492cb6abb4026489fd74b361546d7bef27a853161332a1989890529e240ad45c6976c68ae6fdef4d977f98e740b5c306fefc02c81deaa2e812032c7eb5026ce40eaa8baec253d3c92be7e511ea40caa1b6b3861aed23812ccbd25f893edaed56c759baba697a29514f13c3ffd9295c4beeb5cfcfbd102ac07aa4ff2a9e089998783a131387577c4d20a3a9fd953d5e535e231ea21a8a15e8cf9603dc5f94ded5c01703b69adf44042bec72834cc61327c17340a9336eb31e41b6158c17acdf85f2badffb276188f955506382f8333e5135a439a9ffdc907808f17f702ed51bc468bf97e7b5f709ff3d63378eab110fbe931d2e8a6488181ffa02a23bc9c62d3f38e2d5553dbd6b1651dada93d78963ad6c7b855d3844a7fe9b5d99e037e24891537352f16229d009f8cecec50a62d00b9356f9825f8cdfd73afcc67fe316aadd43bea8ffa03b8888a559858fe1e4ea18c049d7e33cc258b17e1f59a8f57d8824de85e14d7ab709f7c0a71d9cf73ae1a717cbe1c4cb2d67012a94a3713c4d167e969adb18232135122687ce6488476049566669784318e1dba01b187a6f97f74f848c8add737057e2b55b35733c5a038af0101ef2b6b1cbc0eac89efeca6b13699dd390a09ff7595344e0613a14df1cf95180fb082344d5c6de83b32f05ecb023fcdb92016721040439d87b5d7c3d897e0875a2d30e506e396deac0aa1f9e9744bc5d1afb18c6f1107736ce7870d8fb0fe6688f5725e10c4b3c123022b4ca03e527a6471fe4d4636996fb6a0abfac3713cc83439da985c9a95d55120e3b7e0c0d154a295b68ba4bb8f48acb539a32394becbd9d529687f1fcd1e40ba8719c93334476f48be6a04c56253180ad15706cafcd319bf4801c50a188134641a7cb964a1edd55c7c1ba7bfe80c27be427ff53157b9862f803c509481652068367f42b6ef4e2152bcc16e10cc3862d02ba3938ad030aa77801f49c23b414e5744e2ab0cbe4aaca886ddf031bd3adc7772727b6011f6da24eb1c9b8d4f7440b0043ae779434659482609f92f66a8781486d643f0f461a7dad8c7d09d39a3cb4daf15b134a960b2c3db353559a25e06d0d7132c558b8fd074e6acce533c68dc3e6244f5eedc9c663b7b8aeda629b9f952956f21b398a605046fb744c6b5b166b98dfda719fd3646af995b284060c95e3be204b3d9f2a44d58ee481d945ba96c59419c871722ec113db10029e42d6ab78e332d54affafc9d32dcf8d9fe7b3bf11b78f5e02c0232023fd1d5126496f57d850a377d729a01860b454a092b5fb46415efad1dc97d3239803338b4eaea29be2e868520debb7cbc651ee25c85f2b1c2f2280425e1733e45822300aec5dcad2b0dcaf30d2c896c56e95b5d4e12daf771f03c43ea64d9cfa85c66fe7dcde5cc5a99347a4f7cdfa9dddd79a427b32128301f0e064b3c49cd1f8f01de35fbe2fd0b0f135f5e5035ab4fee2ee7e133f62c4de3878849b632b499ea645c41f291428c8d7c54149b06ec4cf86fb8e75b9e54fcf9b16071518141c62b867ff798543d673e8d6685979157637794903ecf2f1cd40035cb790fafc453fee54d692517c890f356d14d758dabd1838bc1c4dda5507ce2dad36ba72a6f6e8b70132f736e31dc9d164c772ce4466becc83e7fa839e826614cfaf85ed74ca73c96e9f58863fc69adc91341cc95471752e8b25882093ad445485fc855161ac56acf23b7bed91acca4493ecf12c49cfd9d93e80ac7570111357a8457af0a5eb8d305031d261f02b5b4603185321e5fff3898c792ff231634910887313ecaf0fc9aaed7c4f3eb93f86bb2a1912b7ce434afae5ba0614d31445ff1be6c0c9ae243d6bc2f199e6ed2a3b065f2e86bbd0cd975070fe98166d1f290b", @typed={0x8, 0x6f, @fd=r0}, @generic="3dff56175c3392c9ef3671d314c2f8b16543e9b3ef8541b3eacc9f9d11d25edab135211048f80393aabb3a0958de3f6f3485cb02a11f3d74d1e7977ee87aeb30251fc96f45d2f73ce42c4e9e524c4fb6a9abd5674533af5f537f07ed0618824087600c4faf314a58584b47e5131d045bb4a402a64a8a674c85312a685fcb0c907729cffb341b35d9253a92232fada3645aa395ad144c6ccd", @typed={0x8, 0x3d, @fd=r1}, @typed={0x4, 0x2d}]}]}, 0x12f4}, {&(0x7f00000015c0)={0x90, 0x27, 0x200, 0x70bd27, 0x25dfdbfc, "", [@typed={0x80, 0x14, @binary="04d117d1e683f0f42fedae568f1dbaf340a31f495d0d2e0044057c22b5569406374cdcf4dc17b270b07d0ad01af3d9e171a2c09663425778a1b31ab32e2c83e7d3953002e472eae65a29ed0da48424a269dfdf00d5b1965336d1843b9196aad96eda641d81a6173475ce7c7066eec4705f5d5064384a86462c35"}]}, 0x90}, {&(0x7f0000001680)={0x278, 0x2e, 0x400, 0x70bd2b, 0x25dfdbfb, "", [@typed={0x8, 0x36, @u32=0x1356}, @generic="a2a009a27e04bd67", @typed={0x8, 0x2, @pid=r3}, @nested={0x6c, 0x6a, [@generic, @generic, @generic="546de3e57dcf0d80296a2595430e1b8b35a90499bbad8e4c9dfabb7ed369d0aee8e8c0770d2254f34ca36e27252df5f3efb479147500a5fab04688e2fadb9839aade54411c4d0b2413050f75b953311898266122a9df207f663f0e5726283be3c369bae0e39dc7"]}, @generic="79d5e9fe8191b36ae8f7782668a1d9aa03162a7106cc1bf29b32e1f0e69403c6cd2a11b7f582bc8c550929e61ad707f1d23caab29d714b4b9173ad1debfde33d91cbd087859c439215172b24e615b8ba95dbd9257a76c5f4d5be6f56f449f37ccd3dae0abbbd4e39ff4f891cf4e7373678a10b61c094cb1e7abe7c7488a021677fa897bf59081d29149a67e91929f6841555041f209e895b97a0db5db858cc2b01eadfbabe3db6039e2d3ed51b55663d872af0f7b31e3280336be541deb8b4fdc6c70f4a93a0aa1d03f650335de6167b50118b80d08aa00400e6e16d2b0ac4cc13", @nested={0xfc, 0x51, [@generic="0ae1ad41ff106c12c8c06ce025d0f4faa737cd23a3d88bd1428e212f429b6d7d3a3b3d6137f0fc09c1f906105df22a39b9ab9187071ea0f47a7182b9edd4308ab44c24da5911fcfbfede42ab9d2f1e67b4fccee9ef1b621b7b1c66844d8f8f8dbe7aa1d423482838b6f6c0419a13f77c46ba9f08c5c080a463d39859e312bfd328f3527ed301408d428acb96f9638ace4c54b71fb840d68e103c846982ecd4e5f085a0ca2fdeec8eeaa28b4a4a0ccdbffdd9acd58c913225ed051702c884b42352abff5b707bf9af4502f91066ec03f8efc7d9b465b8c13079b388d60ceee35dbd726461014ef877e14d4808e22b", @typed={0x8, 0x1b, @pid=r4}]}, @typed={0x4, 0x72}]}, 0x278}, {&(0x7f0000001b00)={0x148, 0x2f, 0xc, 0x70bd2c, 0x25dfdbfd, "", [@typed={0x8, 0x3d, @fd=r1}, @nested={0x11c, 0x6b, [@typed={0x14, 0x29, @ipv6=@dev={0xfe, 0x80, [], 0x26}}, @typed={0x8, 0x56, @pid=r5}, @generic="8535fd4a2215ed506f38508ad2a4dadca39fee396702b4d1264ad1c979cc8c9b97ff067a49ca", @typed={0x8, 0x3a, @uid=r6}, @generic="d156b222daa1b031876eeab82382517051b47b2f2100b9b76e3022857993b486fb0708f719c2c48758bccea8a01fe8ae652c3948e84551822c5ad43a2e6768e515254c8d4ef471044b948f04c53d1afc205a5615a1f6e7b0f1fc558213c471cde7", @generic="4285315a69d88a187bf5174a00eeb3cf0224b9ea3a4544e585e05b66e80339cd21ee383f696b6cd090bb", @typed={0x8, 0x5b, @uid=r7}, @typed={0x14, 0xd, @ipv6=@mcast1}, @generic="3c04c1ed9a9cf2568e4026bb80b856bc74e6f7cd9cfc41b4a6653fe59093288cad99877a"]}, @typed={0x14, 0x58, @ipv6=@dev={0xfe, 0x80, [], 0xe}}]}, 0x148}, {&(0x7f0000001e40)={0x2c4, 0x3d, 0x300, 0x70bd2b, 0x25dfdbfd, "", [@nested={0x218, 0x2, [@generic="17fca932c45674b97aed3226e14153ca66ac6840189b7a477bab6bcab21ca89a1890f69cf39ebcb0a6b97cd2b3dc4be5b729208ee5862126ecb45cc9d25df4f11f7a7f8a650749da0de840b72c4031bcbebb525bc09afe5e19cbdf305a88fadf1dfbdcc37a5087c5f99df8d1fc3420d63d3d33ac5e95c01ea933b380a9c5442e4cc92a42f41c2c14e397f57edac5dc82ed3f2dc1fe3a40438546a51570cb4121358b01df14d94247570c3d8dbc2053831c6d41349b2d54dc883c58bfb0b6cdd9d7", @typed={0x8, 0x3e, @pid=r8}, @generic="0b443478416593d6c0b7bfed48bde31ed19cfe02a0c7e6e2dc48cfefd32022b3e28318aa7b5bf6633c8b4813ae676be1824f2819935790d1151ba9567f38d3b212e11546d316426bd12c667242da2aecba57d48634a3d41366a7595f2049ea3e1f475878d80f8efd7a04e562dcd79d01dcd559fe553c094071e4af62df4434e50f4795056611e5a2f5e2e1b6adc59cfcac28b6b4ff41863d227e607baa786c9a1544abe66b3681a7f2ae10d9bd518e", @typed={0xc, 0x85, @u64=0x3}, @typed={0x90, 0x29, @binary="2b47cb3419ab4d06f6f65eda30fb260e6147a65a99c701f2228f01165715565d47f7f01f3946a8a369e53900927e85a2733f0f3668541980268adff3886ce2ab2cf9d30ffc5dcc174fc3de82413142764eff5554e4d54be120239289999f921e752202044fa729dd979ada50b5a6bd0f9cc97c71d9a6d6f4187a0acaf7c7302d398161473c92edb58c"}]}, @typed={0xc, 0x45, @u64=0x5b}, @nested={0xc, 0x26, [@typed={0x8, 0x88, @uid=r9}]}, @generic="c4ae160f47854d808a8e10b1d2dc98be9e7df947a4628f9a69d95c6d7b14391a6d6418a5ca065221376a979ac7005405e7a02f533ddcf36fa7cc4a6eabb1652c9748759429ca138b302b3bb215e0e4b441aa5215881181477e24d4cef3f70a96687c98d7fbad51b74f20bf8ac8d7070c3b1e6c0270eb9886114ee42973037d381b91"]}, 0x2c4}, {&(0x7f0000002140)={0xf4, 0x2d, 0x40c, 0x70bd28, 0x25dfdbfe, "", [@typed={0x30, 0xa, @binary="efdcdc6255e450ac0d44a4c65c03c9718153e5245aa7e429a3bf28b23407105f41b161ab4e9dc1d0b8640b"}, @generic="e413e3b2c39daabcba85bc346dce31985b7926879e16fec4bbfb5e4940e8e0698a5a6c8b7463ca668db28069222c7c5978062c1a2e4ee3fa982e96d06226f33eadc52410bfd472911ce76eef0dff418f7ae174cd85628f08269979af43a628c57b59ea497c07f13fb8c9c9a6228778ec2249dcfa27bac90fda5b2135924c98b8d6c695f85818b284beaafd32241654311a89f7e426104396c39562358bf60c70c9b61d14dcbd91d84989c397b8de625f69"]}, 0xf4}], 0x7, &(0x7f0000002340)=[@cred={0x20, 0x1, 0x2, r10, r11, r12}, @rights={0x20, 0x1, 0x1, [r1, r2, r0, r0]}], 0x40, 0x20000000}, 0x810) ioctl$SG_SET_KEEP_ORPHAN(r2, 0x2287, &(0x7f00000001c0)=0x9) r13 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x3, 0x4002) setsockopt$ALG_SET_AEAD_AUTHSIZE(r13, 0x117, 0x5, 0x0, 0x2) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODESET_CTL(r13, 0x40086408, &(0x7f0000000140)={0x0, 0x6}) bind$netlink(r13, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfe, 0x200000}, 0xc) 03:55:02 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000080)) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x4000000008) r1 = semget$private(0x0, 0x0, 0x340) semctl$IPC_RMID(r1, 0x0, 0xf) mmap$perf(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x50010, r0, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SOCKETS={0x14, 0x7, [{0x8, 0x1, r0}, {0x8, 0x1, r0}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x854}, 0x8884) 03:55:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:02 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x400, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000240)={@loopback, @remote}, 0x8) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r3, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4004011) 03:55:02 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x400002000, 0x0) pause() r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x101080, 0x0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0)={0x8}, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x1}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={r4, 0x8b}, &(0x7f0000000200)=0x8) prctl$PR_SET_PDEATHSIG(0x1, 0x3d) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000080), 0x4) socket$inet(0x2, 0x7, 0x80000000001b) poll(&(0x7f0000000000)=[{r0}, {r2}, {r2, 0xb0a1}], 0x3, 0x0) [ 1199.587462] FAULT_INJECTION: forcing a failure. [ 1199.587462] name failslab, interval 1, probability 0, space 0, times 0 [ 1199.688555] CPU: 0 PID: 17183 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1199.695573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.706337] Call Trace: [ 1199.708965] dump_stack+0x172/0x1f0 [ 1199.712633] should_fail.cold+0xa/0x1b [ 1199.716555] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1199.721702] ? lock_downgrade+0x810/0x810 [ 1199.725882] ? ___might_sleep+0x163/0x280 [ 1199.730145] ? kill_litter_super+0x60/0x60 [ 1199.734410] __should_failslab+0x121/0x190 [ 1199.738774] should_failslab+0x9/0x14 [ 1199.742607] kmem_cache_alloc_trace+0x2cf/0x760 [ 1199.742627] ? kasan_check_read+0x11/0x20 [ 1199.742648] ? do_raw_spin_unlock+0x57/0x270 [ 1199.751596] ? kill_litter_super+0x60/0x60 [ 1199.751613] sget_userns+0x11b/0xd30 [ 1199.751628] ? kill_litter_super+0x60/0x60 [ 1199.751652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.773842] ? ns_test_super+0x50/0x50 [ 1199.777753] ? ns_test_super+0x50/0x50 [ 1199.781672] ? kill_litter_super+0x60/0x60 [ 1199.786009] sget+0x10c/0x150 [ 1199.789139] mount_bdev+0xff/0x3c0 [ 1199.792701] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1199.797845] ext4_mount+0x35/0x40 [ 1199.801339] mount_fs+0xae/0x331 [ 1199.804745] vfs_kern_mount.part.0+0x6f/0x410 [ 1199.809276] do_mount+0x53e/0x2bc0 [ 1199.812849] ? copy_mount_string+0x40/0x40 [ 1199.817139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.817155] ? copy_mount_options+0x280/0x3a0 [ 1199.817174] ksys_mount+0xdb/0x150 [ 1199.817192] __x64_sys_mount+0xbe/0x150 [ 1199.817219] do_syscall_64+0x103/0x610 [ 1199.817242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1199.830811] RIP: 0033:0x45b81a [ 1199.830827] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1199.830841] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1199.874584] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1199.881887] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:55:02 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1199.889177] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1199.889186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1199.889195] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:02 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:02 executing program 0: inotify_init1(0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) inotify_init1(0x80000) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e24, @remote}, {0x2, 0x4e21, @empty}, 0x2, 0x0, 0x0, 0x0, 0x401, &(0x7f0000000000)='bridge_slave_0\x00', 0x1f0000000000000, 0x40}) socket$alg(0x26, 0x5, 0x0) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x800) syz_execute_func(&(0x7f0000000340)="c462653dce0fbdc52ecd8080000cc4e1ed64338a20d0d0f0408392300000002a6626f243e0ff0070e4c653fb0f450fbd27a95f5744be3c3b6446ddcb8f48508e307b8f69289bd19d670f381d6a2f67450f483bd1d97c7c63460f096161787896c401fe5ff666410fd7cae1b1c402010804f466400f38f556f6892a009f") 03:55:02 executing program 2 (fault-call:2 fault-nth:52): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:02 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_GET_FP_MODE(0x2e) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) syz_mount_image$ceph(&(0x7f0000000080)='ceph\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x9, &(0x7f0000002640)=[{&(0x7f0000000140)="e612ad69a9953a084ec55e079949f5f8e9f31fe7a80211549709589e91aaea646ee7f8f20a6f3f169064e931e76529307674438f40fd7a411e27835aa09f2a8e4b88ed0f89f11795b7fafffad053f76076b0564c681a9a8548f0550e066490c88c00506489935e0e003d77be636e093cf281", 0x72, 0x401}, {&(0x7f00000001c0)="d80515f867677f5461c49b1f94f05f9f23594c403a4b84ddb62c94709e45dad892ca362ce5085e6acc922ad923e2fde795fa3d027a583cd8b3c56ddaedc866c62d47041d3e560512d9199f8ffc1857bb222bcc51bad1ab3b5ad884ac44426cdaf0d94c00c1efb45ab16a8cf23c0c8557a42b665a69151c8bb013fbb9c64037e7045b70ef2e63452405a2811978e10b8321436b5cdaec0d9a4b80a75af604ac0f9ef07ab38052567e934b73689f06", 0xae, 0x101}, {&(0x7f0000000280)="012741ed6ad74526354b58dba3d6f59b850263b28e96298d16905ae22fa56fbf56737119f93d2f31a942a1f81972ba61fad354595a524f129777957f50b31268fb781e52a2396a2173090bfb26e003877aea961cad62b99a54d2ee594613f05e647b720731e32a53952b1966bc0af16899ba74bd6db927087291702c9596eef753d3608d9ee66f65ae40be537b41628591794554c37c77cc9de8", 0x9a, 0x6}, {&(0x7f0000000340)="b34b5dd89e7b7b263f8b5e0b9a791bd45edfde4376ceef0c9d19421c4399979e02b00f0e240028b182af8ac75c4d845a9aded69a196693317d526758a068cc0dac14214cf8c6f0615721301117396a83c914743db88b50c0ff9ce8f7e6871e9cb0dea3564a368290a4cd23c3de3db903ae42455de85b3eec0c89a32b054936a05d5f210edee5dd025054d85516b81d29ff09ac2248038d38438c96f00265d948a3d566adf15ca7b0292180e3be9a0a5b05e85e69339e53525a6e342c9d554717bae7115ecc893df5f47119e8929cde6eed6c899ce9dd2a4d657f10c633bb47b501d40e42b5aa7d1779f501f421963f5bdc", 0xf1, 0x3}, {&(0x7f0000000440)="12aec78f6dc3f403fca2ea63609d25a5a3fd270b3db56b81b54f6bf1c9fd1a9f808ccb", 0x23}, {&(0x7f0000000480)="4f7c8851a681d6d3462825a10464302d8a32f022e8beabc0b105209826372008b8c362802dc1788270a5afa57ba6264ba31d645082128d2373eae2c274c45c4ec1b87f2466409a4c9da9e79be2cf073dd0e062cf8e27bb0a288dd9fbc86a17aafc0b9d1f4243487d78d28f4b6e3b42de789aefe969fe45bbb1b341235269aaa763a226f4122c28bd3f164359e46c93163e05b30ace227a3725e34e599c319cf25235ae59d39fab35110b2139da497a6d76a88759a0cd4fd7a1be5751f251df0766c7cc1a876dee5d98838194b51a0a5b2f6191c841f5adf845b4068a92b8792f09f806bf97f02e0ed5a893f53dde9a18504c", 0xf2, 0x7f}, {&(0x7f0000000580)="9b19e7f3bd814e1c1c9246b9e649d68abfb81046bd5f09a491c338f20369dc171cf4d8c5becb71a256d1287cfe3cf367a52a9f7d74cb353b2f1e15f01d58a5bcce972ef283244298e077c19eeb2e0e63fe97d3a33b9137866e30035add69e0437f3ae480164bf5e18b8011d645d184da5d566349ed4416723150c095afd6193a5b591b50632b7160e04bc12075ccc9ecaca71c7d1ee41b2e77b512c810b5269d61f6954a366d883c369a72f09efa0421085d4b74e2503a91ed46e0294e60175558d937a99b7b548d645cf022282cb776757bf15a8c29aeca5953caf9854e9be85adc59f0700921bd39786a172ddc044f11e597a0d8983d965912f25e633a73fdda0cf7c6ab771cd65af0e66aace4d6d6da0907547c5a6a2b466af7c5caad7c91d275bae5550015b322a83d2ef3f88b735677d13f845a69958979e3d6448ea9b65ba8264267d82cd361d4c1131728955b27504d7e5d75ed3fb37ff74e6a85852dbad197c5f3b71a882df007d7a1058e8148e36b110a493c17c9492cd1884bf11c0095776b02b0a7969ff2c942055585bfb6027f67f4818fc1e2f3d8e49360af8b6170036a3ed6634094b7505e66ba9cc27f31fdd21b17cf58ca5d567c182bd400e97374f570eded5ad4308e5ea120f063c3941c1621356b3ef763a1acd4db6edac9de2599be2e50a3dd857b88399b91f4ccc670702e76bc2b8c5cf3a13d112b5eeb43818af20d47966af9be28706e5cacd82487643c53fe7676283fbe0b6a3c28c92ce90eba442685b3b359555d4d2e1146ed7f1514b792def518563574a7ff15050ef100497c60292d79a8f1acec229ff339433f92b4f528c55967be57522431750f430affac910ad2f938de97400f45e6ca175525fc5cac4b65e20a417e1daa7620a929dd7ceb92e9f1c62b0d7bb29747a013ec3737ebd6b5b4e2e69bab115457e4f4038b361a6f39a491c413a1c4ae2234143efc755dd27197122dc846fd1bfc64b1131e11f85bd8db349c4e9c0631564dbc613a875f1eab94c53e35bb5b4bbcdee4804293964b89b88417799dc81a81e55b447dda5cc759f04e8c3d6039f3ea6211a6ddb6b3f3c5ff4c929c413333bb37b863da2d9f34dd4b220c8988c3b48610cd22e091e163d2674a67eac2e1b1a4bb877538690f80d87daddea3f93588eda0ddf01e3575cc57602f841178f610fb9dafca998613ba3b1fd80b2c1fe9fcabebffefb6ae8a4f18abc314a32e28ff3a7c63c06569d8d874c9be038b14d1e1bba0af6d563baf7f548893d602ccf1732247602d834711750cccc80abab7320d406de27bc4630a4daa76c7fa0f300739a4a46351797976cdef30f2fc4999cf7e7fbafa07f616fd8ac3786fb33356c845ff6776bc5c5b29c1a505adbce740b906c7ceb8be11e21dff1175d7cb93bb7b124d3c45d802d155783e629d17782828298b854f991ae11af07fa94eb447da22b924e7342cbdac0e7d501c7c65bd70411ca72f2d2951c78773656baac42d79eb8748a226ef584bd0d9c774141e43599daa8fca5445a4880ced055405e67935ed024f5d100b67db6001284b016c953dd7e2547d27a1d8e01d7eb3fa47497988cbc220334f3c43b5250177586ace7fe056f22c248b1d048bee8b8bcd1e1c50ba2518ce3ab6c424e919a597abbe087d01e2f7821447aaaae3703eeeb4be74f6dc56264783ac752fb98cd0a612351f4c34627c48e8af62fe0b8348c7280e8a3c58dfb5499710200353c249f0a583b03250013f66a990533848ed12b36b30bb3899d700a7dabaeff6fdb8d3b3f45c7277a50fd2f7413fd10f1c418e1dd026b0b93dd74b5e9fc44b0f77b48c8891d716fb44f61e1ed6fb533eb608e75985b8ca01c3a29869639067b0b1e633072baadf8089c4a8652d236883ee9659914b8c8dbb0b741f8feb0ed21f004f65dd54e14346b329d8646104edc21ace260175dd9eaec87092190de001ce7715fbcad507d0d13d3c52d2ee552fce2419f769c2c055916092fbadb39ac386140bc70938abc215864313b8ac2bd5fa9ab57005c62fd0807412dd9432dee130be9dac5dc7bfea94e0d8021147726324ba09a47c6926d94d75349df8aba814ccd6e3f812852b9a9f0e3a9a56f904665bb3d217d2847b867c24c42386c6d6139b4abdfade7b76ea726ba7176e8a557e53014a634a7bee6ba37edeb4765a93b94a85ea31be0fcc6f4a88bc560659a7bb620d027704f7450a6dc38af685949358ae6777adec0741a00bbaca6a662222a249ceb0f8a8dff73d9afb9b12e4ab06253ad867d5bc2e6304b5e43500a4df8528b33af1ce0f2c08281d686c4dbf998ec29ad1971f437dda9a0ff0e517c2463632c956ea7b66749a3449bdc485f5f9deae7a9efee16b7de103ae2e0b22c501f93e4b9301111b0f1f25f803889271c9b792b15b9cdebc0733c50d5857675abbd3b6c14e3d50a6a510397360a3f9356184b51849bb80fde638a5b9a46760c183c9ad9fba616fc530a27c55c42609d50cbd294f755869c2908cf9885f1b4738ce7081f70b88acae9df06dc7c991ee9b1bff8538dfd1f1757f9b3aa005fb279c26bc91c4cdceb159cd9a08c8293e05ed1679aa0e2556f21d88a8775b6e02f09f16e8cca09c792a191dc27a3ae2bb7244211218a002a164ec05526ee3a9cd9254247c16427b6684a5e2df1d428d3094a0692a94a068c67960e643036c14878a24bbeccc78a3b8f1a4fc48dc5eb2894f7b53aee7e3af8af1a610531abe0e652ab31861619d11f88f2df70a9d0f234d9b0dd3d3183e9bf9de65fc5266d821dbedf475b77aad80829d5399a5e28e7eeb70743bbda22dd7490726ad75e277b0b275e88b9152da32402443bd3bc9064c9f14135b4750c1ab826aa871f3b70298d8dfb501e2b8c305e65e30f1600d6e9b3db07917afa13f94b8e6736e88844e9fcba3360d7e233f41844d5b9b58e9b0d4a2f3d3453a8868a8c5e0378568391603c494fff27cd55ee03d2877990f249b209289b7752983165d9658a68f0734e5e1fa29fc9a9f651aeb65ebdfdb71f5edc25e43ede8ddc69c2cad2594715229a5fee336ed47248da1a2dfcb71a5f1b0c7f70a0d1eb7139a33f050a5f8e69c5397291cef729df6f8b594a733d19d4eed155a204ad5b93e9c3904e6b4bd90fcc0814423f27a93fc87522f69090a6e2470cf446f9a868237514b459fc51b2e34b5d27396aeb7aa6e86f91752b07bc1e2bf9f3c35a76ec6390cf0d813aca124c1eaf8126e65160c9992e3c2bc9d79c796ebba8b2b49a86d94931360e3a26564b76e65c502986c4dcd71f07ce55e8c83a8fbe4f1990104bac3976cfac282339341128d173464779cf3da43ca178b11d901bdfe3d0c99a1bd1bcc4bb74affb903939884b768ca5728f6208f9f0a45f596fccffe76d09544fb1fd845ebdcda6b7b1611fbe8e9fb69a97aa1936add06f32f7a1b53e304d14c66f232b2f895fd53191d4d1ecae7a9230783b336ac1b6ac2ba60d636529b611084b696fa57f89438230b3297e2ed756e51cf8018a0898c979dae3f4db2d9c35ba5289cef19a9caf04d72918456cf9356734eb0f4043644c1640a93675cc31101659252368309f8c1cfdba1cd0566e9c0d028d61de96740a4abc1d00d45ad7c38ea25d82ddda12299cc2d6e0d95781fbe5fe7411395fd373c0b4645ec513676d329effb483a840c0c016520ac9766818c950c9dc9ad1f06406f5d485e2d2c48c0beecb485c534bffc05910355d61dc29a8375dfd131157af119110133c167e1e107ca36b547867db47e1b4a6ec91906a2c31e5e1aca393776c464c6e59edcbc41a432e24a594a148b5b69911e177803c3c93b5013ef200c96633eb96db1549f1f4c8b9a11cd04c1f9caef45b7307c97fbb0ead0826043d870a919f9f4f626da5d4c176badc5c61dfde9c7533e31e8c60b7f32ca3fcfe41b70e1fe39888e63ee4b690d81a045a92f2b5db8a2bc844b35aff75e47e6deb6db9610bdf0fbee4f3ba3ff6c62db049d25d1a16c43153138280f3472780897e6ac90be3cfcb37c30ffa1f6b13286b35a196670c019b982ffed2142b0e8139beb00cdefc0055ce23fd548c6a1fd76dc59c02a0159565acd9242545951d0774263ae8793f04c8e811fc52f2e178840b5d47bdea88877c73659d32faf78bab29ba612015c7a003b08ca1ec0665a8b59dd4d6dcbb8d7f1dd1a035359347e75ac61e45cee8d1967ce2bb119c1df9586075defd91029fbc270d67babc7166d1a391b12fa58f599edbc87c6c0931b8930bc5f3bae5386ba15e1def29084d8eeabd68accb94c78051a374202352cfdb2e5c2d4cc38358d2f1d04703786f5cf1c442dbbaf6ce98c34eef457e55cb9668e599fde73effea24255d3e963be8c72808502649035c37fe0b9f5eef493ce37d16191b161d6fa024fc05282108672efa6a636bcf81b7d710328757c940053b394e66c1d94accfa9908e0ac2cb00a5709cbfe6de1dfe6cecd2669b0849cb2d7a317fad1964fc7bb401fee207a0de25166f2a1d3ded108625ed74c8fdad2dfd1eaac0f537a7b213677c2697a28957b3cc03233878e38ddc2900351f0a62c31245e9043be121e1617f916f3eebed4c9d36bf67b81dd8e1f3212b2f83d7b75db2914c2361bf99c678734008b7d68d6983b17aa3fbf697b173b84ca0b3bd9b3334b6ba3804219f5715b5092332b046c6fe684dc5d5e3e1639b73469dce581057d3806a2e11317ca937d9d1eb1f70efe10da43710b9e2b7e398179b364bf9c3c10ba4de2d4ac9818e1f8ad31eeadeb400120101103175cdd1b8f83cd84fb6705cef807047ece0eb23793513bfacc1b243f8b1fb7ac523f82abd8d9a8c7c5afd6eff12d378c38403ee9fd92fe897d33158ff9ff23a1694c5f4bbb8b1b57a120641d5d748f5de78575381473ea7f7c8ebcf6fad07be5be03775a1d46cd908d677d21d55ca790092390e8f357f5b03b14cb71c631660469e90a87452cb1ff05eb11c7ab4bfff1c8d98b78a7c99f365ddabe60c2a4cffbf08d19a23f3747c1082f44ecfde3dd3814863636a4aaa2abab611f467b32b6799e97d8ee52f1dd84fe4ca07a694ef5522c4bdf18d9736b7734904d76d419ba34a232bd59fd1c78e73e53182fc97d4f370f4910b69532c7c153d8a4799f94fb5b81682ce0724a40b61ed13e1fdc4e6c4e5fdae025fe7164048873c662c0cc49e029b4cd5afae240817921e6caa860a9a593812f7ccffe26d75df198ae18097d5dc54b9c66e809225d68c67ff90d10184ec786ac0f70a7904388b9979317b7e7fb2d694d4c4846fb4238cc93e82049473dbef8d061e3262779bd4d71c43ba14b0571e90a6fa619c1b644c7d7a314ee3c37aab9b0c5c7650ae27903dd733eadfdd3d099d1edc78f061f0130aa805b7eb413667bae502a0190b1e9ad9a81bd202754c64d6408c6b80c9341c79233a50b76749bacadf0d769e5bc43d30673e65fba772fba5b013b9c6ba8e2ba7b669b964fc63e3eaa449dfd97e64014eb534763bcfea07a604c3b6f3e039b071befe543153d6586e98841048d7bba8b311494b8abba7c6614a76a684e49958de10e7963ad6cf7f4584af819a437906732c10e197c47c111caa0e67362e6739a0242ec0aee29e5ee3d851419f7d038b8d7a0192e232fab94a23b833e3c8baa9e789f9a2c26a5f9efa0e0ad8441c75d6d0c1ef7e7f5a97d31a4a93b9beded29942d72f1632d7355b0c307f2a4934ef96a57d192488f9583fa056c40d2bcbc02dd212af7ce0bd55945d1f661b1fe82adbe27a", 0x1000, 0x4}, {&(0x7f0000001580)="5cba6e7922e2956cf6fde54c0208867265750cc7837b81d3968750b1fe05d9623e31d9968eba765aab1bfe6518340bb22f2cacac2c973a12b3e1b6b92304357e0e97bd5bea00594f1e93714abc174d6a114f6de1ae974ba5d87229bbcb3d54e654c7a1e997bb85b059a538a0ad8064b7eee1ac5df82e9d304b51823a85fafb54e45576100d29aa8970c3e4d507b90e1c86fd3be44b6cf1813a1d7d7566f9212ceafdf64d006a166d8a3fe756c730a8bca90ace732c4ff7101396be40c506ac74aabc2fe05caf94427a48fa19d992a9cae64a762633beec242457c6ec0f2cee227bb0125020c15696354e1ba87572c20097613d1164565aa7048d2dfb9394ea6922a3d5d04275f31a657eea815037af74fb8e1ce615f6b9b2b0b11196a420982d6dc712272bd0f8fc05e56a142baaa0e6bfb48287bd1ff74d8d95fadba322d2298fa81d0e9c3fa1e2176acdf8f08abf1b80aeb0c97984da016bf195e79720ed8df67cd03616ca116edf29299005850733f4ca66fdaed4ecedeebfa1e013a82615caa7a866ec23d5549a05b67f9e68e49f9dc32ef5740f785fbde7feb4bf0e6013e03cf11c1efcddb07f8e4fd14cbe68bab0fb45cd08a81d28b6d5c9a3fd8d91f2324f8fb30d842e07f7aad1940f444b31232b5673596322c0525be0be96eaaf54d94e80a48e6d5f1052e405a98a6d0fc773bc4f8f53ac4ed097c7304da32ebce5b8ca4406cc0d3ee4a0a650985b318ef874fbe8f2461945b40ae3fd44182451f908b44cfbb8ae3990e1c6e3e9cb002dc8ac98104716c2757515296e646c6b4af7aacde04d48ebf209fd0976b831387ff18faac7063878211b3824df141a5d671cd5ef28d3ac0ff1d0fe503d98ef1d935303034354b2979ea7f630db2896dfe84665cd60f5b7242e9708ec24b9151e5a55427754d5fe2635883650bed983d3e7f2365b1f19f6cd5f96f32f31bacb0c7971624d1d9fb369a1b622a94a1a0fa0a5bc8152e4dd898e5876ceef767623614580d4dfac87e1aab5795879e4568f0b982f869a3b649c04ec93833730e777a40735511533cc1080ee992ed0596ca3ac9af9c4690950f96a19d90f7f1ef77e4bea65f0873e7055c31e527a5fe6159e08a538b4a3db44a1da5bbffd04fcd6d7c1ef38437edb80baa4d35de8a8b2f215ba22a879bfe831086d58abc431d2e3d62f6be158e7de45a4a392f7972a05094c1ba1a295657b0a7b2b93869a22a5304ccad263aaf2d53dca66c1a1810fe7e2b9884a011a162a6f24aa93a48d614507d237c5a8fbe7551e14af72bc2c03c8c7dbe748e9fe5f85f114a0084df30348ae6443ef67a1e724989ed0ceca888816c9dbb99a70ed3384346ac4d880df4c3a4fa017d49987e74f92b2757b47366fd08a1e497710287c4698abb7fe4f7e0ef882bf73aa36f3b590b0731564aa7a81ebeff6d7b7e771433151c8ee306d287ea2a52b0b664bf40a3712f81792d0afd8221b85103e1db57f3b4bf583ca15fc4cf3f659ea39c9640b1635a8c49aae1bddc292c08615c987c4236aed19b52541ed513d6024829665c84e3bdd563def73f47f7512921524ab9cedab53e287339de7c2603bda14169d7d58c123c1e09d6a9766bd559dc4da18f7ee8dec03f6a26865f8b2e2e650f7992b5d41319a20a9cdfcc5b2721c2e6f75dc359e0907b86fc5a3bbf9ff5bd9d894c566be6936bc4171d318630ccc5fc556c9bbd1a78fa1cd1bc52105e76e0d9e73308736cc096cceb1bb74d02e895d3967e8dc07b7e10c84345b29e5a9799fb9877c5144bfe03f35a03de87c56a666e19212ce867ed3ac57d9ac3cb7fc70481a348fe2e5bb69a452167398b246d0c8e89dd9e8c1a1518e60bf254f467dca9113fc61071cf6aafd238ee1a28301f219c064a06fb33a95571de64bc43a36c7bb67dfba9134eadcb3e3f69b59f4e9fa1e46006f1948a6f62f4d6e91ecfdc1fcf806ace90c436e7134029283fd6169e113c9b979c2fa9b7e80dda1676d3d7f45d60858f378a832bf61df4a1a580d6d058fcab6815c65ae8945e4da9fdf9be2defe86575421d9419cfe4f9acaac0815a1fd6e3e0fcfe2e9fdbd56631704642dde2f0ab72c068537693123dc02a8da8d316f27b49ea0ace160adfa2ff6c24707f3315920bc06f1b6299d3988fc2305cdf2629d190d6d66e4c82e3338e9eb4dc0460d08c9b7ab6c564d9d34e0f075177197e0364db9c44caa93ea849e50c239c91a694fd0ed6c9a361d99c4d090b06d90f4dab98f42fab3d3f5fa7b31876361f6ab290d75f451e3c89e3fd29fd13bbb12eeaf2dab110c59221a49db6299418400504613513882125f38c6df2691ad710eff19ad86e73502c73986314e8679574ba3aa78d4d0ae6bbf352d9bba64f92ec4950e5dcc7b5d65c2e7e5a3cc9b57b832ef9bf59305bd39bcec79b9d95915f12ef703a92345ff74bbc9cf9c375d2be7e229b79bec97d1f3a3ca9a27edcad55901f1b84702a6baf3892e0b9988d5b58ac1de29095212dfd14601097af6f4a935643663a635555a10f96f9963dc44f62360a6caf7637fcbd79da009a006504cf819200b64d1848853fcf81ab8fa02f65c867e355367d5ef905517629c401321f1c22653d138adf4237c43a2cd1ff97559e630ae6136e186b994132a9bb91a04ba075d8dbb1f447acfb675f6197edb89372b5b08e3bd8df6c7c3c76d604efa4b8755c838e3ec39f92363ed99860475d82b3c9f13160e8d042badc45c1512f1097b4965630f184383e900175313e77f9f30f67ffded185daf474175cbdc3e269041b351369c64ac4d6330ec3ae84ac557d6ee26fdb09330886de5f0cb611f34be95c8f6f27114af916c7224a73c8e5b08559ed8f9113b7a4fecb2ea0d55b4e1e3229051a9e08aae788e5a8ce5e41ad6908b1462bcbafa562f9cacf8bf332e894c0cc45e1509073361b5d45af66db70ab579d6492bc390d80abfbc2d1bf6bba2dc848ef6a6eaf10781d0f002129193025b29e5f380748d3f9eab4d1a7d2aca42fe424c49cec76fa3486b81c2476284a567c40015665773cab0d11c54aad709f4f3face0c91569c81daa15aae4c0cb1113415a1bf1809d059d43041fcb26a16b5e2691f1659a3580941d820a7408d9c765200277372d8036a274c873fe9f2e5223bb11ea5ada8fe24b7d2628b512d757fab9092fa6487d4e7bead9bf6cb607af83765d608d38397c93250a66c211ae7998b0a38736ec741c31a50a29fbf62a18889cceaad35c68d99e011d4978ddaf10c9a15112c463ce547e8357bd345bf3e2fc7bf83170ce0fff9cbeb657c94f69159712e357cfa01a0d826057f6f82e3378d64b66b8f902d694acb93edc7c7a4cb702d9d62b8fff8fcd1d8c8d2f97d08863c37bf5f489ab5cae84f981ae67d5a6ec0655fe9164132463a7be50b8b624db3d09d80e40c7a37dcfb1dacc9370ca4d9ff517979045ff92c8c1130b9bc4b8c20d202f63bf59050b6c57c5074e3cad1638c0fc99acd788f84dfc3d5ec4a42faa8a1305a5db42f911d7d39ddc27d5868cd6e5a670d27896a35f5eb7b9ad0ec9f28c1070058cbdd51c1ce0b229a357dd0d552237305e91ee2119cf4df150281330bf114d56f9b82860bc5ac1a67f5b3a7e241b97f4ce79b4d243de12286a073cc00814e4d6747c8abe833aa1821b5bc90849605b5e580c7a0108867b1db31ddb32b4fef3a2528ee0eb13145982926ac103f3fe2038f65a0cba8b8377e7efa1d7c85ae92bdef0c9889a774603354b8de97de17c84c221c02940cf984fc90da1aabe4bacc2abefe204865a8ef503f02f81a58684a74c90fcf0b10e6bbd9dae42dc747b583df701fef5100ad5d0133cb4ede8f7bfce8eabc691d8f5470ca6af20d941362ce5b126895e732cd4a459733adc79f0f653170c30ba25ccd4e56316c55625cc16929739f7e26ec1097462ae6dc9db15cd6a9bf70d4aeaa95ff4c1e4c9f9386b8bc438a5e8c76eb5275158756901ea95ef13b49e17485f13212345a51e798c91df2d825f9909a71dc0f43aed7cde94cac12e048cbcf9d92a7e1460fed163688bbfcdcbeb8045f6943d80d1dfd4cc54db75927ad93f030d2cb82e738e8894d99c80ccdb1c42b2e6489c90b150cd50e881fc4a3e935487ed18faadc079a771dc7a6d64b632ffc028dd7e4ea7824d1ab0555e902a7b800c0218bad6ebfc1e630a8bd1fb6035a3d3955dc7aa9a1a288f9387553e6976f18ec23d97630fbb1d3d51ac73b5b3084713306deed8bb1e84c7c5579c2b872539bdb22aeb256d0fa8161973c904a3deafbe79e797a188e3e112e61ad3be32dd398aab3fd4050037572fc70b353129e50c08a7427e67330e81e031f9582561102ed1156af276160ca5038bfdab94ff0787291032a10d4b2b2b9b507238400ffae64c6905d58a9139a77f6aa53ad6aac251c906b9ec97b7c8cbeec88ac2f01c5dc9b16fc5e22ee109e3057b6628dc8c3301afbf67ee6eadceb8f6b8e524858b54c12506b46ab50ab89d9d690d66d2bebb2e131b27ba8cb91c32afcb3cd5cbbcc2bcf0d8af589c01c56d8fcfbf48f0f2b95c7b1f26624d7956bd225708bc0ae1ba426e6f18d5bf9a3be1e0ea8ca3342f230f9c061840ccbe8da49b2ece2135d7733187e2d8bdb7d65cc93303722a380b6929c008411fef258c914dac9e2b15a5a0df50cce595355fcbc0658e3e58dab031d24995810ff741b515302786c9b3dce086d50dfe4f150653d7d3266eef195bfa6ea20dea0f4bf950d91ef48250c2913fc1bce5f5281414007151676704df89f7ed550d627a48290f038285381fd6ddb80d4c6266aebe7c81c1f44a545efb95f515387697174a944a1bddab6a79dd6aa37b60b2d08b2403bc4835989812a6d5245e6842c7b895a2779722582a2b7b5f7ba4f74d893c2b7b9a8f9b3b8afa91a74d08a39506302a6bd681b25b4551c3da21bc6997d744e5cc01eb96ced7c58717346d28b6fbb98700579cca62d6d6e1c783baeca500b60146560f71058c32e768d7335a656117553a13678998621244b39b752be8c3280bdb43ef9bd97e998b5b498464be94802f5f785b53ece37cb251b1c094872ce40fb25ef276ec9b3c8ccc1403c742ecc70a338b2bad2ab28a663e95a820cce91f6c5b9166f292cd86f4a130fe4b948d96a0f80513576c4b1547bcb3728884e1777a7f803eca9dca6949bbd9c0b48ee0cde1bd0e71f3fda279c01bc4c63a93690d2d47494da7cb56ff68e4f1cc9ba363edd64f3f4798a7d0e812a1cb60b77e184249df49f701d792f0d63db134bbb12a10f3e4378948260e7b06ef610e7869873511345edbfd187421edf6ebc16bc17635e2b47508a48be35d40ebe85963ed11b0c44fadf4f5d7d9b9859cf596c6146f8d7f2d7905cabddb47efaa25c81c09bdfd291aa7933738e163050e000694525b0091629866369485897b359db7e38d84442a6b315935e09017abe5514dc6acc7f9a29d56ea11351dc113fffdabe69ff0a4ad56fcce3f1f44fa95df6855b061ecc834e8ecef0380bde33c957091bb2139c2e67cc86aa195c515d5798efd080994e8b93f94c05641578e362a42beceb2ddf5c43594d19862ecbbc5ba7a66c414a2b5068e2058422a1c198098a6aeb280db87f1d6b080bf0fbca0620a8f207e29e8507b58d2cc7c39f769ce8e4b0da7126fd89d85a63bd39c750a00fc0499750f80c1d95b402c875792518c81724c744c5caa499efcba913c9e9a32753a509c3b95b7534be6c05d1ff34508f141ecd44f408b0909ad144145b87cff3cb2d96d1", 0x1000, 0x9}, {&(0x7f0000002580)="e7c9aa53d26ba79ae6b9730dc934e3f350e6a0ca0bfa2c66eef471b5482080bcc1cb771df2f904df2c752c930089cd7efad67f539eb33580147b745eeb0be7666913199ae2144944e7399f8a388c888b8822a393e7619d5505fb169126ed81c5785128777873a138424fd949b18220bace18de44a5a2e09f1bb89d8295f51320c5aed42fa5b62ab33ad241f00a7e512eb1fb110bac186e24340278c8006fa1", 0x9f, 0xe9}], 0x0, &(0x7f0000002740)='-\'\x00') 03:55:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:02 executing program 1: perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x10, 0x8000000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x400040, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x3, 0x2) openat$cgroup_ro(r0, &(0x7f0000000b00)='cpu.stat\x00', 0x2761, 0x0) ioctl$VT_WAITACTIVE(r0, 0x5607) [ 1200.057596] binder: BINDER_SET_CONTEXT_MGR already set [ 1200.062966] binder: 17211:17216 ioctl 40046207 0 returned -16 [ 1200.095917] FAULT_INJECTION: forcing a failure. [ 1200.095917] name failslab, interval 1, probability 0, space 0, times 0 03:55:02 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:02 executing program 0: r0 = socket(0xe, 0x8000a, 0x10001) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000480)=0x1, &(0x7f00000004c0)=0x4) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000500), &(0x7f0000000040)=0x4) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x800, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xa0}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r3, 0x220, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x48}]}, 0x1c}}, 0x8000) write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000200)={0x6, 0x118, 0xfa00, {{0x100000000, 0x101, "86501839b47798acf90e0f65e9b899a5695b6701803035ac6902df5e33272d532045bb3a2a570020ba0c444eb94b9878447c43805724a4226b6b2d93856408707c98fdca58186845b46e24c475ac84608ced16f867f320a1ffcee7fdd2f65d7e129dc3b3b3486edd9f507128c30642102fe9e6bf0b4071bd61773128c3d9fb8d5b12774ca1da50a41584013cb2131c75440b8d32895c474ed1db3b4ecd5aa55303ef410c1dc054561baa6c4be889588cc43abc2858628a34f2351d11fefc0b2108b2d90798dfd1e4c8ff0897b7cf8c1d4d5a0570b86c335c42de2b60f8393ecc5237d31f05569f0ad9ac2a984977094479acc219373f09525195cc6635062619", 0x73, 0x0, 0x5, 0x421ca76d, 0x4, 0x6, 0x4, 0x1}, r2}}, 0x120) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000080)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x10) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') sendfile(r0, r4, 0x0, 0x80000008000000b) [ 1200.107576] CPU: 1 PID: 17224 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1200.114534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1200.123904] Call Trace: [ 1200.126519] dump_stack+0x172/0x1f0 [ 1200.130185] should_fail.cold+0xa/0x1b [ 1200.134099] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1200.139360] ? lock_downgrade+0x810/0x810 [ 1200.143718] ? ___might_sleep+0x163/0x280 [ 1200.147897] __should_failslab+0x121/0x190 [ 1200.147916] should_failslab+0x9/0x14 [ 1200.147930] kmem_cache_alloc_node_trace+0x277/0x720 [ 1200.147953] __kmalloc_node+0x3d/0x80 [ 1200.147970] kvmalloc_node+0x68/0x100 [ 1200.147989] __list_lru_init+0x4aa/0x6e0 [ 1200.148011] sget_userns+0x81e/0xd30 [ 1200.148026] ? kill_litter_super+0x60/0x60 [ 1200.148047] ? ns_test_super+0x50/0x50 [ 1200.156313] ? ns_test_super+0x50/0x50 [ 1200.156328] ? kill_litter_super+0x60/0x60 [ 1200.156343] sget+0x10c/0x150 [ 1200.156365] mount_bdev+0xff/0x3c0 [ 1200.200029] ? ext4_calculate_overhead+0x11b0/0x11b0 03:55:02 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000240)=0x8, 0x4) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x101201, 0x0) setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000100)=0x5e, 0x2) connect$x25(r1, &(0x7f0000000140)={0x9, @remote={[], 0x1}}, 0x12) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a9346559166593a0264c990a0", 0xfffffffffffffda7) r2 = accept$alg(r0, 0x0, 0x0) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000280)={{0x4, 0x2}, 0x7}, 0x10) ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f0000000180)) recvfrom(r2, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:55:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1200.205171] ext4_mount+0x35/0x40 [ 1200.208652] mount_fs+0xae/0x331 [ 1200.208675] vfs_kern_mount.part.0+0x6f/0x410 [ 1200.208696] do_mount+0x53e/0x2bc0 [ 1200.220157] ? copy_mount_string+0x40/0x40 [ 1200.224415] ? _copy_from_user+0xdd/0x150 [ 1200.228599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.234345] ? copy_mount_options+0x280/0x3a0 [ 1200.238878] ksys_mount+0xdb/0x150 [ 1200.242444] __x64_sys_mount+0xbe/0x150 [ 1200.246439] do_syscall_64+0x103/0x610 [ 1200.246464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1200.246477] RIP: 0033:0x45b81a [ 1200.246496] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1200.277772] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1200.277793] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1200.277803] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1200.277813] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1200.277822] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1200.277830] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:03 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x84000) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000280)={0xe, "5677492c191e12901e63422ba7a4c2905f81357dc45d44f9ab6466bf69b648cc0813dbd3db58df65ecab4adc6beba5dd3e18c13697313a5bee89b615f7e3edab02d376758e845e3c0d2271eebdc7d9b5346372ece16dd616360cce450e70653a4dae2cafe3cda7722c59265381a9aae23cafec84345c395c5c243e0cf419f7ea"}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x4000000031, 0xffffffffffffffff, 0x0) 03:55:03 executing program 2 (fault-call:2 fault-nth:53): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:03 executing program 0: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r1) close(r2) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xfffffc61) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r1, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0x6f}, 0x3f00) close(r2) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={r0, r0, 0x9, 0x1}, 0x10) r3 = add_key(&(0x7f0000000300)='rxrpc\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000400)="3bdc7e96844eaa00a6e75c184f2ad0d7c7dda2cdc802c683f4b4ab6e254d6abfe26742812359b917838a1a83d6532b22bdfb5bca73b5ea789a491c45eed59ed4d22169a49bc27d537d5ecf51201eebdd47001aa3b1af5d042d1b94af5b31dc880ba9a14cb9e3a9528a9ce4657b5a3c5d729216e5275ee679b8c72982786270b03df9d12cca19a4283c03dd7bb3ad13edb265466b07d91ab63debf80c88ab112b6aeef81fc94f7278b05d0cfc618417483bf81aa891de52e4cd70c52fd2147795301bfb83bd37e1791e50290e7134830d06d2c416b9b3ad84b656ef9dabdb88127c70d4d9", 0xe4, 0xfffffffffffffff8) keyctl$clear(0x7, r3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x7eac8638, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x100000001) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x10}, 0x10) socket$kcm(0x29, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0) 03:55:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:03 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) fsetxattr(r0, &(0x7f0000000080)=@random={'system.', 'cfb(twofish-asm)\x00'}, &(0x7f0000000100)='skcipher\x00', 0x9, 0x3) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1200.514812] binder_alloc: 17239: binder_alloc_buf failed to map pages in userspace, no vma [ 1200.578170] FAULT_INJECTION: forcing a failure. [ 1200.578170] name failslab, interval 1, probability 0, space 0, times 0 [ 1200.590278] CPU: 1 PID: 17259 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1200.597252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1200.606630] Call Trace: [ 1200.609257] dump_stack+0x172/0x1f0 [ 1200.612929] should_fail.cold+0xa/0x1b [ 1200.616847] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1200.621986] ? lock_downgrade+0x810/0x810 03:55:03 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1200.626162] ? ___might_sleep+0x163/0x280 [ 1200.630372] __should_failslab+0x121/0x190 [ 1200.634731] should_failslab+0x9/0x14 [ 1200.638551] kmem_cache_alloc_trace+0x2cf/0x760 [ 1200.643253] ? kasan_unpoison_shadow+0x35/0x50 [ 1200.647980] ? kasan_kmalloc+0xce/0xf0 [ 1200.651894] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1200.656861] __list_lru_init+0x3d3/0x6e0 [ 1200.656886] sget_userns+0x81e/0xd30 [ 1200.656900] ? kill_litter_super+0x60/0x60 [ 1200.656916] ? ns_test_super+0x50/0x50 [ 1200.656930] ? ns_test_super+0x50/0x50 03:55:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x80, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1200.656942] ? kill_litter_super+0x60/0x60 [ 1200.656955] sget+0x10c/0x150 [ 1200.656974] mount_bdev+0xff/0x3c0 [ 1200.656993] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1200.657012] ext4_mount+0x35/0x40 [ 1200.664820] mount_fs+0xae/0x331 [ 1200.664842] vfs_kern_mount.part.0+0x6f/0x410 [ 1200.664866] do_mount+0x53e/0x2bc0 [ 1200.708749] ? copy_mount_string+0x40/0x40 [ 1200.713013] ? _copy_from_user+0xdd/0x150 [ 1200.717202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.722775] ? copy_mount_options+0x280/0x3a0 [ 1200.727329] ksys_mount+0xdb/0x150 [ 1200.730912] __x64_sys_mount+0xbe/0x150 [ 1200.734914] do_syscall_64+0x103/0x610 [ 1200.738866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1200.744072] RIP: 0033:0x45b81a [ 1200.747283] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1200.766211] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1200.774057] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1200.781365] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1200.788674] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1200.795978] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1200.803540] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1200.814839] binder_transaction: 46 callbacks suppressed [ 1200.814857] binder: 17264:17268 transaction failed 29189/-22, size 50331648-12288 line 2855 [ 1200.816906] binder: 17266:17269 transaction failed 29189/-22, size 0-2560 line 2855 03:55:03 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="614a9e250273f261d80514155831252b1131d207568f7fd96f89398f2edb62b6342137d031df94871abadb21ffa7ddc1285113a485aa264bbddeeb1b4d95b68572da26a8da4871a8d800d1631dc0f904c8653ef93133c296aeb1203f7d7a3ed1d00aebb602c09aa0995a52f1286cbcb2e541bb714f9385979af129f59ef57c", 0x7f}], 0x1, 0x3) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:55:03 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) socketpair(0x0, 0x0, 0x100000000, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x200, 0x0) sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x15, 0x8, 0x3, 0x7, 0x0, 0x70bd29, 0x25dfdbfb, [@sadb_x_filter={0x5, 0x1a, @in=@dev={0xac, 0x14, 0x14, 0x1d}, @in6=@dev={0xfe, 0x80, [], 0x1b}, 0x4, 0x4, 0x10}]}, 0x38}}, 0x80) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @remote}, @in=@remote}}, {{@in=@local}, 0x0, @in=@initdev}}, &(0x7f0000000540)=0xe8) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100)={0x134c50f2}, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x167, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x3ed, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) [ 1200.870961] binder: 17264:17268 transaction failed 29189/-22, size 50331648-12288 line 2855 [ 1200.874899] binder: 17266:17274 transaction failed 29189/-22, size 0-2560 line 2855 03:55:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:03 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1201.040492] binder: 17287:17288 transaction failed 29189/-22, size 0-8192 line 2855 [ 1201.077318] binder: 17290:17291 transaction failed 29201/-28, size 67108864-12288 line 2970 03:55:03 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) [ 1201.094641] binder_alloc: 17290: binder_alloc_buf failed to map page at 20002000 in userspace [ 1201.129458] binder: 17287:17288 transaction failed 29201/-12, size 0-8192 line 2970 03:55:03 executing program 2 (fault-call:2 fault-nth:54): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1201.148605] binder: BINDER_SET_CONTEXT_MGR already set [ 1201.153965] binder: 17290:17295 ioctl 40046207 0 returned -16 [ 1201.219846] binder: 17290:17291 transaction failed 29201/-28, size 67108864-12288 line 2970 03:55:03 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1201.319387] FAULT_INJECTION: forcing a failure. [ 1201.319387] name failslab, interval 1, probability 0, space 0, times 0 [ 1201.441045] binder_alloc: 17290: binder_alloc_buf, no vma [ 1201.457188] CPU: 1 PID: 17303 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1201.464272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.473653] Call Trace: [ 1201.476279] dump_stack+0x172/0x1f0 [ 1201.479948] should_fail.cold+0xa/0x1b [ 1201.483870] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1201.489193] ? lock_downgrade+0x810/0x810 [ 1201.493376] ? ___might_sleep+0x163/0x280 [ 1201.497554] __should_failslab+0x121/0x190 [ 1201.501839] should_failslab+0x9/0x14 [ 1201.505667] kmem_cache_alloc_trace+0x2cf/0x760 [ 1201.510361] ? kasan_unpoison_shadow+0x35/0x50 [ 1201.514961] ? kasan_kmalloc+0xce/0xf0 [ 1201.518872] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1201.523823] __list_lru_init+0x3d3/0x6e0 [ 1201.527911] sget_userns+0x81e/0xd30 [ 1201.531642] ? kill_litter_super+0x60/0x60 [ 1201.535899] ? ns_test_super+0x50/0x50 [ 1201.539810] ? ns_test_super+0x50/0x50 [ 1201.543725] ? kill_litter_super+0x60/0x60 [ 1201.547983] sget+0x10c/0x150 [ 1201.551116] mount_bdev+0xff/0x3c0 [ 1201.554683] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1201.559822] ext4_mount+0x35/0x40 [ 1201.563303] mount_fs+0xae/0x331 [ 1201.566697] vfs_kern_mount.part.0+0x6f/0x410 [ 1201.571252] do_mount+0x53e/0x2bc0 [ 1201.574821] ? copy_mount_string+0x40/0x40 [ 1201.579088] ? _copy_from_user+0xdd/0x150 [ 1201.583261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1201.588819] ? copy_mount_options+0x280/0x3a0 [ 1201.593425] ksys_mount+0xdb/0x150 [ 1201.596990] __x64_sys_mount+0xbe/0x150 [ 1201.600991] do_syscall_64+0x103/0x610 [ 1201.604902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1201.610191] RIP: 0033:0x45b81a [ 1201.613401] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1201.632324] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1201.640099] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1201.647509] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1201.654800] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1201.662202] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1201.669486] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:04 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000280)=""/97, 0x0}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r2, 0x6, 0x4, &(0x7f0000bfcffc), &(0x7f0000000240)=0xffffffffffffff3a) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140)=ANY=[]) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x0, 0x0, &(0x7f0000000580)=""/156, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000003c0)=0x3) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x0}) 03:55:04 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0xaede, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000140)=r1) clock_gettime(0x0, &(0x7f0000004200)={0x0, 0x0}) recvmmsg(r0, &(0x7f00000040c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000180)=""/82, 0x52}, {&(0x7f0000000200)=""/206, 0xce}, {&(0x7f0000000300)=""/255, 0xff}], 0x3, &(0x7f0000000440)=""/249, 0xf9}}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000002680)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/4096, 0x1000}, {&(0x7f00000025c0)=""/139, 0x8b}], 0x3, &(0x7f00000026c0)=""/122, 0x7a}, 0x4}, {{&(0x7f0000002740)=@ax25={{0x3, @bcast}, [@netrom, @remote, @null, @default, @null, @rose, @netrom, @null]}, 0x80, &(0x7f0000002900)=[{&(0x7f00000027c0)=""/142, 0x8e}, {&(0x7f0000002880)=""/101, 0x65}], 0x2, &(0x7f0000002940)=""/34, 0x22}, 0x9}, {{&(0x7f0000002980)=@generic, 0x80, &(0x7f0000002a40)=[{&(0x7f0000002a00)=""/4, 0x4}], 0x1, &(0x7f0000002a80)=""/126, 0x7e}, 0x37b}, {{&(0x7f0000002b00)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x80, &(0x7f0000004000)=[{&(0x7f0000002b80)=""/151, 0x97}, {&(0x7f0000002c40)=""/146, 0x92}, {&(0x7f0000002d00)=""/111, 0x6f}, {&(0x7f0000002d80)=""/200, 0xc8}, {&(0x7f0000003f00)=""/165, 0xa5}, {&(0x7f0000002e80)=""/118, 0x76}, {&(0x7f0000003fc0)=""/3, 0x3}], 0x7, &(0x7f0000004080)=""/60, 0x3c}, 0x5}], 0x5, 0x40, &(0x7f0000004240)={r2, r3+30000000}) setsockopt$RDS_GET_MR_FOR_DEST(r4, 0x114, 0x7, &(0x7f0000004340)={@isdn={0x22, 0xade, 0x100000001, 0x800, 0x9}, {&(0x7f0000004280)=""/107, 0x6b}, &(0x7f0000004300), 0x40}, 0xa0) r5 = accept$alg(r0, 0x0, 0x0) recvfrom(r5, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$SIOCX25SCUDMATCHLEN(r4, 0x89e7, &(0x7f0000004400)={0x13}) 03:55:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1201.720592] binder: 17307:17308 transaction failed 29189/-3, size 0-8960 line 2970 03:55:04 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0xc0386106, &(0x7f0000000080)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="b93c564b636700000000b4ce360000a2", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000006dc0)=[{0x1000000f0ffffff, 0xffffff7f00000000, &(0x7f0000000080)=[{&(0x7f0000000140), 0xfec0}], 0x1}], 0x492492492492670, 0x0) [ 1201.784518] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 1201.784530] binder_alloc: 17317: binder_alloc_buf size 83898368 failed, no address space 03:55:04 executing program 2 (fault-call:2 fault-nth:55): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:04 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x111000, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000000440)=0xe8) setsockopt$TIPC_MCAST_BROADCAST(r1, 0x10f, 0x85) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x802008, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB='HwfZ\ffdnp=\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r0, @ANYBLOB=',version=9p2000.L,cache=none,fsmagic=0x0000000000000005,fowner=', @ANYRESDEC=r2, @ANYBLOB='Zcontext=root,subj_user=cfb(twofish-asm)\x00,fowner=', @ANYRESDEC=r3, @ANYBLOB=',seclabel,\x00']) r4 = accept$alg(r0, 0x0, 0x0) recvfrom(r4, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) 03:55:04 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2500, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1201.911177] FAULT_INJECTION: forcing a failure. [ 1201.911177] name failslab, interval 1, probability 0, space 0, times 0 [ 1201.923913] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 1201.923929] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1201.941501] CPU: 0 PID: 17332 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1201.948475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.957860] Call Trace: [ 1201.960478] dump_stack+0x172/0x1f0 [ 1201.964127] should_fail.cold+0xa/0x1b [ 1201.964151] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1201.964176] ? lock_downgrade+0x810/0x810 [ 1201.977317] ? ___might_sleep+0x163/0x280 [ 1201.981491] __should_failslab+0x121/0x190 [ 1201.985760] should_failslab+0x9/0x14 [ 1201.989594] kmem_cache_alloc_trace+0x2cf/0x760 [ 1201.994291] ? kasan_unpoison_shadow+0x35/0x50 [ 1201.998899] ? kasan_kmalloc+0xce/0xf0 [ 1202.002821] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1202.007781] __list_lru_init+0x3d3/0x6e0 [ 1202.011871] sget_userns+0x81e/0xd30 [ 1202.012569] binder: 17317:17319 transaction failed 29201/-28, size 83886080-12288 line 2970 [ 1202.015612] ? kill_litter_super+0x60/0x60 [ 1202.015632] ? ns_test_super+0x50/0x50 [ 1202.015647] ? ns_test_super+0x50/0x50 [ 1202.015665] ? kill_litter_super+0x60/0x60 [ 1202.024911] binder_alloc: 17317: binder_alloc_buf failed to map page at 20002000 in userspace [ 1202.028610] sget+0x10c/0x150 [ 1202.028632] mount_bdev+0xff/0x3c0 [ 1202.028654] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1202.028673] ext4_mount+0x35/0x40 [ 1202.064627] mount_fs+0xae/0x331 [ 1202.068019] vfs_kern_mount.part.0+0x6f/0x410 [ 1202.072708] do_mount+0x53e/0x2bc0 [ 1202.076267] ? copy_mount_string+0x40/0x40 [ 1202.080550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1202.086457] ? copy_mount_options+0x280/0x3a0 [ 1202.090977] ksys_mount+0xdb/0x150 [ 1202.094537] __x64_sys_mount+0xbe/0x150 [ 1202.098540] do_syscall_64+0x103/0x610 [ 1202.102473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1202.107685] RIP: 0033:0x45b81a [ 1202.110972] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1202.129890] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1202.137624] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1202.144909] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1202.152274] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 03:55:04 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="6f73323e736b63696368659500"], &(0x7f0000000140)=""/165, 0xa5) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x27e008c1ae689fba, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="43128a4af6fb8afb4914bbeddf40dfc07bc69a09df595aa8f2bf7ded46fbee284c6873731bcbc1e64040fe403f416315aade89e3a76b0392fb3e7c668cb1", 0x3e) [ 1202.159547] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1202.166821] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:04 executing program 1: r0 = socket$inet6(0xa, 0x80004, 0x10000000003) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f00000000c0)=0x1, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000000)) r1 = syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0xfffffffffffffff7, 0x400080) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000080)) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(r2, 0x4010641a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[0x8, 0x0]}) getpeername$llc(r2, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000180)=0x10) [ 1202.221097] binder_release_work: 45 callbacks suppressed [ 1202.221106] binder: undelivered TRANSACTION_ERROR: 29201 [ 1202.230932] binder_alloc: 17317: binder_alloc_buf failed to map page at 20002000 in userspace [ 1202.236923] binder: undelivered TRANSACTION_ERROR: 29201 [ 1202.251433] binder: BINDER_SET_CONTEXT_MGR already set 03:55:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x404080) syz_execute_func(&(0x7f0000000640)="952c130f050520d0f807911441298f17955bf95b3ed3a6085e00000fc4014cf23e26220fbff6000000a0e5bee7d1c4e1f8c421fc7122c1d72121c481925585c3c36645430fef2e0fbb0198860080003f3fbfce0f73d539c481f8521f5726c4018df6a8d7000000f0470fbb7508a9c14600090c04c48299a66aa33e11bd110f0000") r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x80000000, 0x40000) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x2, 0x2a20c0) ioctl$sock_netrom_SIOCDELRT(r2, 0x890c, &(0x7f00000000c0)={0x0, @null, @rose={'rose', 0x0}, 0x8, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xb7f, 0x3, [@default, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) [ 1202.275780] binder: 17317:17319 ioctl 40046207 0 returned -16 [ 1202.289803] binder: undelivered TRANSACTION_ERROR: 29201 03:55:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(twofish-asm)\x00'}, 0x58) r1 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0xffff, 0x200000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a933d559166593ae164c990a0", 0x10) accept4$tipc(r0, 0x0, &(0x7f0000000080), 0x80000) accept$alg(r0, 0x0, 0x0) recvfrom(r1, &(0x7f0000002f00)=""/4096, 0x1000, 0x10000, 0x0, 0x0) 03:55:05 executing program 0: mkdir(&(0x7f0000000180)='./file0/file0\x00', 0xfffffffffffffffd) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x80000002000ffffc, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r0 = socket(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) fsetxattr$trusted_overlay_upper(r1, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="00fbf5000028a203c18007c2f03f1685475c4a2d5b3410a6df5e620042ee69b42794502d9eb0dbc7dac30ed0c89ac655480dfe787cf4a8d172b6d4e513afae3d0edc44866ed29197e33ca906dbe52feaa77f1250a5ae32a248a7fa055a1900a140979dfdaa854e35d808b6c101a52b70efd4b84a7eafcc5d204a9ef5753075bd092d03a1d8c2608b23c7d97b96b110132bee899122483f5bc2a01862f1fe64c07e957c044712bc8011104c59401256ca156d2043baac7fe3991e29346a97c26284f1c920a59f08e7fe0d1ddc50694aa2c898a4f1432e74923ca746f3755b632b5394d61b6e551d07b8ba923b5dc9ad370c2c547edc"], 0xf5, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000001240)=0x5, 0x4) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x1, 0x0) socket$unix(0x1, 0x5, 0x0) ioctl$int_in(r3, 0x800040c004500a, &(0x7f0000000040)=0x80000002) ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f0000000080)={0x1}) flistxattr(r2, &(0x7f0000000200)=""/4, 0x4) getsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, 0x0, &(0x7f00000000c0)) read$FUSE(r3, &(0x7f0000000240), 0x1000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:55:05 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b97000)={0x2, &(0x7f000048fff0)=[{}, {0x6}]}, 0x10) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x2, 0x40) mknodat(r1, &(0x7f00000000c0)='./file0\x00', 0x8048, 0x6) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000040)=0x17, 0x4) sendto$inet(r1, &(0x7f0000000100)="3ee5b3c24922ba31ccf7e75cc8b509a4348da52f041a6c2513e5eba262f805aa8e22a38092270eafa6e1b3c84e20167d65615800f770bce0f1e5845e700cea2323efb5db7bd1262fccfc04a539008525d4e70b75b770a543d5de604578b44d48ee78deff08a4682eac3aceb6df9fc3a0e086b753297152dd0fe65e741318b87925ed4c13ae08d6fbf751aa9f38", 0x8d, 0x1, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f0000000080)=""/1, &(0x7f0000561ffc)=0x1) [ 1202.521375] binder: undelivered TRANSACTION_ERROR: 29189 [ 1202.544118] binder: undelivered TRANSACTION_ERROR: 29189 [ 1202.575098] binder_alloc: 17377: binder_alloc_buf size 100675584 failed, no address space 03:55:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="78586ede3d6f66762c00a34b04fc9024f1910022736593b558802dccf7a80da1c278aa09fe506c381a5a58e4585c95726c4f9d2744b637b812dcff4dd3ae842b872803eca0d784e0e96c8d8ea161a495cb3772e80b2f84747cdff470879e35e9b91f700fa7d53782b5f69859a30a63f09a2b56a17ad8bf19978aed00"/134]) [ 1202.618914] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1202.654759] binder: undelivered TRANSACTION_ERROR: 29201 [ 1202.662418] binder: BINDER_SET_CONTEXT_MGR already set [ 1202.679074] binder: 17377:17385 ioctl 40046207 0 returned -16 [ 1202.703864] binder: undelivered TRANSACTION_ERROR: 29189 03:55:05 executing program 2 (fault-call:2 fault-nth:56): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:05 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1202.808510] overlayfs: unrecognized mount option "xXnÞ=ofv" or missing value [ 1202.859969] binder_alloc: 17397: binder_alloc_buf size 117452800 failed, no address space 03:55:05 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x2000, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x4}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000180)={r1, 0x9}, &(0x7f00000001c0)=0x10) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x80000006}]}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) [ 1202.919790] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1202.952639] binder_alloc: 17397: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f0308000000000000c2090000000000000000000000fb"], 0x38) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) 03:55:05 executing program 4: ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x3f) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r2, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x80) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000080)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x1000000000000, 0x3f00000000004000, 0x7000, 0xfffffffe, 0x1107, 0x2001300, 0x0, 0x1000000000006, 0x0, 0x6]}}) fcntl$dupfd(0xffffffffffffffff, 0x406, r3) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0xf735010000000000]}, @empty, @loopback}) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10) syz_open_dev$vcsa(0x0, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x1, 0x0) [ 1202.967786] binder: undelivered TRANSACTION_ERROR: 29201 03:55:05 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="04603f4421942095ba000000"]}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r2 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x6, 0x800) r3 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x10000, 0x204000) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x119873, r1, 0x0) ioctl$VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000200)={0xf, 0x15, 0x8001, 0x800, r3}) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0x8) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000240)={0x4, 0x0, [], {0x0, @bt={0x2, 0x6538, 0x1, 0x3, 0x96, 0x0, 0x3, 0x6, 0xec, 0x1, 0x7, 0x9, 0x5, 0x7, 0x10, 0x9}}}) ioctl$void(r2, 0x0) [ 1203.000522] binder_alloc: 17397: binder_alloc_buf size 117452800 failed, no address space [ 1203.013465] binder: undelivered TRANSACTION_ERROR: 29201 [ 1203.021487] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1203.032953] FAULT_INJECTION: forcing a failure. [ 1203.032953] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.060460] binder_alloc: 17397: binder_alloc_buf failed to map page at 20002000 in userspace [ 1203.072667] binder: undelivered TRANSACTION_ERROR: 29201 [ 1203.087026] CPU: 0 PID: 17410 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1203.094023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1203.103488] Call Trace: [ 1203.103524] dump_stack+0x172/0x1f0 [ 1203.109778] should_fail.cold+0xa/0x1b [ 1203.109796] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1203.109814] ? lock_downgrade+0x810/0x810 [ 1203.109829] ? ___might_sleep+0x163/0x280 [ 1203.109849] __should_failslab+0x121/0x190 [ 1203.109866] should_failslab+0x9/0x14 [ 1203.109885] kmem_cache_alloc_trace+0x2cf/0x760 [ 1203.139866] ? kasan_unpoison_shadow+0x35/0x50 [ 1203.144555] ? kasan_kmalloc+0xce/0xf0 [ 1203.148490] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1203.153438] __list_lru_init+0x3d3/0x6e0 [ 1203.157521] sget_userns+0x81e/0xd30 [ 1203.161260] ? kill_litter_super+0x60/0x60 [ 1203.165530] ? ns_test_super+0x50/0x50 [ 1203.169434] ? ns_test_super+0x50/0x50 [ 1203.173330] ? kill_litter_super+0x60/0x60 [ 1203.177593] sget+0x10c/0x150 [ 1203.180731] mount_bdev+0xff/0x3c0 [ 1203.184301] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1203.189517] ext4_mount+0x35/0x40 [ 1203.192986] mount_fs+0xae/0x331 [ 1203.196395] vfs_kern_mount.part.0+0x6f/0x410 [ 1203.200915] do_mount+0x53e/0x2bc0 [ 1203.204469] ? copy_mount_string+0x40/0x40 [ 1203.208717] ? _copy_from_user+0xdd/0x150 [ 1203.212881] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1203.218430] ? copy_mount_options+0x280/0x3a0 [ 1203.222961] ksys_mount+0xdb/0x150 [ 1203.226508] __x64_sys_mount+0xbe/0x150 [ 1203.230501] do_syscall_64+0x103/0x610 [ 1203.234402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1203.239598] RIP: 0033:0x45b81a [ 1203.242797] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1203.261706] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1203.269426] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1203.276874] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1203.284152] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1203.291440] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1203.299068] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x7, &(0x7f0000000080)='ppp1*$\x00'}, 0x30) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f00000001c0)='security-\x00', 0x0}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r1, r3, 0x0, 0x10, &(0x7f0000000140)='selinux}Zeth1][\x00', r4}, 0x30) write$binfmt_misc(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="04df82a7a81a23e400c2ea08e02f2669b4e7267f9867252257d16e55a5a610a09a68cde818b226be7f81fe50ee02fc7d40348f126cd43ba20ec7b31b6ee49a4c4b9ef598d343dbf38887931ba352a42fb5439fb6493d83c39c6c13"], 0x5b) r6 = syz_open_pts(r0, 0x0) ioctl$TCSETA(r6, 0x5406, &(0x7f0000000000)={0xfffffffffffffffd}) tkill(r5, 0x27) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0xdc}, &(0x7f00000002c0)=0x8) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000340)) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000300)={r7, 0x80}, 0xc) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x3ff) ioctl$TCSETSF(r6, 0x5412, &(0x7f0000000040)) 03:55:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:06 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000600)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$isdn(r2, &(0x7f0000000580)={0x22, 0x3, 0x0, 0x7, 0x1fd}, 0x6) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000140)={0xc0, 0x0, 0xffff}) ioctl$TIOCGICOUNT(r2, 0x545d, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x406, 0x0) r5 = geteuid() r6 = getegid() fchown(r1, r5, r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f0000000180)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x48c5) getsockname$tipc(0xffffffffffffffff, &(0x7f0000000280), 0x0) dup2(r0, r4) 03:55:06 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:06 executing program 2 (fault-call:2 fault-nth:57): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") poll(&(0x7f0000000100)=[{r0, 0x628}], 0x1, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffff9c, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000180)={0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0x1c, 0x1, @in6={0xa, 0x4e21, 0x7, @loopback, 0x1}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f00000001c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r4}}, 0x18) setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0f4a97b29d"], 0x1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:55:06 executing program 4: socket$kcm(0x11, 0x5, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x1) listen(r0, 0x8) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r2) r3 = getpgid(0x0) syz_open_procfs(r3, &(0x7f0000000000)='net/llc\x00') [ 1203.743386] binder_alloc: 17431: binder_alloc_buf size 302002176 failed, no address space [ 1203.761027] FAULT_INJECTION: forcing a failure. [ 1203.761027] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.781127] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1203.801399] binder_alloc: 17431: binder_alloc_buf failed to map page at 20002000 in userspace [ 1203.816007] CPU: 1 PID: 17438 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1203.822995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1203.832744] Call Trace: [ 1203.835368] dump_stack+0x172/0x1f0 [ 1203.839030] should_fail.cold+0xa/0x1b [ 1203.842953] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1203.848082] ? lock_downgrade+0x810/0x810 [ 1203.852253] ? ___might_sleep+0x163/0x280 [ 1203.856422] __should_failslab+0x121/0x190 [ 1203.860686] should_failslab+0x9/0x14 [ 1203.864509] kmem_cache_alloc_trace+0x2cf/0x760 [ 1203.869283] ? kasan_unpoison_shadow+0x35/0x50 [ 1203.873883] ? kasan_kmalloc+0xce/0xf0 [ 1203.877789] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1203.882743] __list_lru_init+0x3d3/0x6e0 [ 1203.886816] sget_userns+0x81e/0xd30 [ 1203.890537] ? kill_litter_super+0x60/0x60 [ 1203.894797] ? ns_test_super+0x50/0x50 [ 1203.898691] ? ns_test_super+0x50/0x50 [ 1203.902670] ? kill_litter_super+0x60/0x60 [ 1203.906906] sget+0x10c/0x150 [ 1203.910023] mount_bdev+0xff/0x3c0 [ 1203.913574] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1203.918684] ext4_mount+0x35/0x40 [ 1203.922160] mount_fs+0xae/0x331 [ 1203.925548] vfs_kern_mount.part.0+0x6f/0x410 [ 1203.930055] do_mount+0x53e/0x2bc0 [ 1203.933700] ? copy_mount_string+0x40/0x40 [ 1203.937949] ? _copy_from_user+0xdd/0x150 [ 1203.942205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1203.947748] ? copy_mount_options+0x280/0x3a0 [ 1203.952251] ksys_mount+0xdb/0x150 [ 1203.955805] __x64_sys_mount+0xbe/0x150 [ 1203.959790] do_syscall_64+0x103/0x610 [ 1203.963689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1203.968895] RIP: 0033:0x45b81a [ 1203.972090] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1203.991006] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:06 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000200)={0x2, 0x3, 0x9, 0x4000, r0}) readv(r0, &(0x7f0000000480)=[{&(0x7f0000000000)=""/43, 0x2b}], 0x1) ioctl$int_in(r0, 0x800000c0045005, &(0x7f00000000c0)=0x1) ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000080)) clock_adjtime(0x2, &(0x7f0000000100)={0x0, 0x8, 0x0, 0x9, 0x8, 0xffff, 0x7, 0x3, 0x5, 0x7fff, 0x81, 0x9, 0x0, 0xffff, 0xbe, 0x2, 0xfffffffffffff70a, 0x1000, 0x8, 0xbe, 0x8, 0x1, 0xb5, 0x6, 0x4}) 03:55:06 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000600)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/nfsfs\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$isdn(r2, &(0x7f0000000580)={0x22, 0x3, 0x0, 0x7, 0x1fd}, 0x6) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000140)={0xc0, 0x0, 0xffff}) ioctl$TIOCGICOUNT(r2, 0x545d, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x406, 0x0) r5 = geteuid() r6 = getegid() fchown(r1, r5, r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f0000000180)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x48c5) getsockname$tipc(0xffffffffffffffff, &(0x7f0000000280), 0x0) dup2(r0, r4) [ 1203.998752] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1204.006029] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1204.013302] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1204.020576] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1204.027845] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1204.059295] binder: BINDER_SET_CONTEXT_MGR already set 03:55:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1204.087489] binder: 17431:17442 ioctl 40046207 0 returned -16 03:55:06 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3002, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:06 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x101000, 0x0) setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000100)=0xf31, 0x4) getsockname$netrom(r0, &(0x7f0000000140)={{}, [@netrom, @rose, @default, @remote, @bcast, @netrom, @netrom, @default]}, &(0x7f00000001c0)=0x48) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000200)={0x4, 0x0, [{}, {}, {}, {}]}) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000280)={0x5, 0x8}) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) read$alg(r1, &(0x7f0000000840)=""/115, 0x73) setsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000000)=0x100000001, 0xffffffffffffffd5) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x100, 0x0) 03:55:06 executing program 2 (fault-call:2 fault-nth:58): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:06 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0xa95d, 0x10000) ioctl(r0, 0x7, 0x0) [ 1204.273466] binder_alloc: 17467: binder_alloc_buf size 536883200 failed, no address space [ 1204.290694] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1204.330972] binder_alloc: 17467: binder_alloc_buf size 536883200 failed, no address space [ 1204.353737] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:07 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_execute_func(&(0x7f0000000000)="f3e100def9575c8ac2c2c9734e424a2664f0ff064a460f3038082e67660e50e94d00c9c9c4625dbae5feabc4aba39ddf4507e50c420fae9972b571112d02") r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x669, 0x8400) getsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000080)={@loopback}, &(0x7f00000000c0)=0xc) fsetxattr$security_smack_transmute(r0, &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000180)={0x0, 0xe43, 0x200b}) [ 1204.381425] FAULT_INJECTION: forcing a failure. [ 1204.381425] name failslab, interval 1, probability 0, space 0, times 0 [ 1204.409073] binder_alloc: 17467: binder_alloc_buf size 12296 failed, no address space [ 1204.437154] CPU: 0 PID: 17475 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1204.446500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1204.455880] Call Trace: [ 1204.458501] dump_stack+0x172/0x1f0 [ 1204.459375] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1204.462345] should_fail.cold+0xa/0x1b [ 1204.462370] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1204.462391] ? lock_downgrade+0x810/0x810 03:55:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1204.462416] ? ___might_sleep+0x163/0x280 [ 1204.484481] __should_failslab+0x121/0x190 [ 1204.484502] should_failslab+0x9/0x14 [ 1204.484517] kmem_cache_alloc_trace+0x2cf/0x760 [ 1204.484539] ? kasan_unpoison_shadow+0x35/0x50 [ 1204.493996] ? kasan_kmalloc+0xce/0xf0 [ 1204.511203] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1204.516223] __list_lru_init+0x3d3/0x6e0 [ 1204.520317] sget_userns+0x81e/0xd30 [ 1204.524065] ? kill_litter_super+0x60/0x60 [ 1204.528323] ? ns_test_super+0x50/0x50 [ 1204.532235] ? ns_test_super+0x50/0x50 [ 1204.536137] ? kill_litter_super+0x60/0x60 [ 1204.540404] sget+0x10c/0x150 [ 1204.543544] mount_bdev+0xff/0x3c0 [ 1204.547220] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1204.552346] ext4_mount+0x35/0x40 [ 1204.555836] mount_fs+0xae/0x331 [ 1204.559243] vfs_kern_mount.part.0+0x6f/0x410 [ 1204.562175] binder_alloc: 17486: binder_alloc_buf size 1056976896 failed, no address space [ 1204.563765] do_mount+0x53e/0x2bc0 [ 1204.563790] ? copy_mount_string+0x40/0x40 [ 1204.563809] ? copy_mount_options+0x198/0x3a0 03:55:07 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1204.563829] ? copy_mount_options+0x1c3/0x3a0 [ 1204.589270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.594936] ? copy_mount_options+0x280/0x3a0 [ 1204.599750] ksys_mount+0xdb/0x150 [ 1204.603316] __x64_sys_mount+0xbe/0x150 [ 1204.607347] do_syscall_64+0x103/0x610 [ 1204.611354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1204.616776] RIP: 0033:0x45b81a [ 1204.620025] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1204.623298] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1204.638963] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1204.638981] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1204.638989] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1204.638996] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1204.639003] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1204.639011] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1204.742498] binder_alloc: 17486: binder_alloc_buf size 12296 failed, no address space [ 1204.755051] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:07 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) mount(&(0x7f0000000000)=@sg0='/dev/sg0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x118000, &(0x7f0000000040)='/dev/sr0\x00') 03:55:07 executing program 4: 03:55:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:07 executing program 2 (fault-call:2 fault-nth:59): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:07 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3004, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:07 executing program 1: 03:55:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x400400000000000a) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x80003f000000) [ 1205.275935] binder: BINDER_SET_CONTEXT_MGR already set [ 1205.293693] binder: 17506:17513 ioctl 40046207 0 returned -16 [ 1205.304276] FAULT_INJECTION: forcing a failure. [ 1205.304276] name failslab, interval 1, probability 0, space 0, times 0 03:55:08 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3005, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:08 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000001700)=[{&(0x7f0000000040)=@in={0x2, 0x0, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@init={0x18, 0x84, 0x0, {0x3, 0x5, 0x9, 0x8000}}, @dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x1c}}], 0x30, 0x43be9468feea49da}], 0x1, 0x4040040) 03:55:08 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000086000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000086000/0x3000)=nil, 0x3) 03:55:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:08 executing program 1: r0 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) [ 1205.546981] CPU: 1 PID: 17511 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1205.553996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1205.563641] Call Trace: [ 1205.566270] dump_stack+0x172/0x1f0 [ 1205.569944] should_fail.cold+0xa/0x1b [ 1205.573880] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1205.579121] ? lock_downgrade+0x810/0x810 [ 1205.583321] ? ___might_sleep+0x163/0x280 [ 1205.587506] __should_failslab+0x121/0x190 [ 1205.591952] should_failslab+0x9/0x14 [ 1205.595793] kmem_cache_alloc_trace+0x2cf/0x760 [ 1205.600495] ? kasan_unpoison_shadow+0x35/0x50 [ 1205.605108] ? kasan_kmalloc+0xce/0xf0 [ 1205.609128] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1205.614198] __list_lru_init+0x3d3/0x6e0 [ 1205.618854] sget_userns+0x81e/0xd30 [ 1205.622616] ? kill_litter_super+0x60/0x60 [ 1205.626970] ? ns_test_super+0x50/0x50 [ 1205.630890] ? ns_test_super+0x50/0x50 [ 1205.634802] ? kill_litter_super+0x60/0x60 [ 1205.639172] sget+0x10c/0x150 [ 1205.642305] mount_bdev+0xff/0x3c0 [ 1205.645870] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1205.651003] ext4_mount+0x35/0x40 [ 1205.654488] mount_fs+0xae/0x331 [ 1205.657882] vfs_kern_mount.part.0+0x6f/0x410 [ 1205.662413] do_mount+0x53e/0x2bc0 [ 1205.665975] ? retint_kernel+0x2d/0x2d [ 1205.669892] ? copy_mount_string+0x40/0x40 [ 1205.674244] ? copy_mount_options+0x208/0x3a0 [ 1205.678766] ? write_comp_data+0x68/0x70 [ 1205.682857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1205.688423] ? copy_mount_options+0x280/0x3a0 [ 1205.692941] ksys_mount+0xdb/0x150 [ 1205.696514] __x64_sys_mount+0xbe/0x150 [ 1205.700533] do_syscall_64+0x103/0x610 [ 1205.704536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1205.709756] RIP: 0033:0x45b81a [ 1205.712973] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1205.731911] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1205.739672] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a 03:55:08 executing program 1: 03:55:08 executing program 1: 03:55:08 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3006, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1205.746979] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1205.754274] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1205.761567] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1205.768958] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1205.890748] binder_transaction: 30 callbacks suppressed [ 1205.890768] binder: 17544:17545 transaction failed 29189/-22, size 0-12294 line 2855 [ 1205.910776] binder: 17544:17545 transaction failed 29189/-22, size 0-12294 line 2855 03:55:08 executing program 2 (fault-call:2 fault-nth:60): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:08 executing program 1: 03:55:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1206.036492] binder: 17548:17551 transaction failed 29201/-28, size 1275068416-12288 line 2970 [ 1206.085682] binder: 17548:17551 transaction failed 29201/-28, size 1275068416-12288 line 2970 [ 1206.104084] FAULT_INJECTION: forcing a failure. [ 1206.104084] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.125282] CPU: 1 PID: 17554 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1206.132288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1206.141783] Call Trace: [ 1206.144415] dump_stack+0x172/0x1f0 [ 1206.148091] should_fail.cold+0xa/0x1b [ 1206.152027] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1206.157186] ? lock_downgrade+0x810/0x810 [ 1206.161544] ? ___might_sleep+0x163/0x280 [ 1206.165740] __should_failslab+0x121/0x190 [ 1206.170008] should_failslab+0x9/0x14 [ 1206.173926] kmem_cache_alloc_trace+0x2cf/0x760 [ 1206.178720] ? kasan_unpoison_shadow+0x35/0x50 [ 1206.183348] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1206.188323] __list_lru_init+0x3d3/0x6e0 [ 1206.192424] sget_userns+0x81e/0xd30 [ 1206.196171] ? kill_litter_super+0x60/0x60 [ 1206.200442] ? ns_test_super+0x50/0x50 [ 1206.204357] ? ns_test_super+0x50/0x50 [ 1206.208262] ? kill_litter_super+0x60/0x60 [ 1206.212536] sget+0x10c/0x150 [ 1206.215672] mount_bdev+0xff/0x3c0 [ 1206.219246] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1206.224478] ext4_mount+0x35/0x40 [ 1206.227974] mount_fs+0xae/0x331 [ 1206.231386] vfs_kern_mount.part.0+0x6f/0x410 [ 1206.235932] do_mount+0x53e/0x2bc0 [ 1206.239517] ? copy_mount_string+0x40/0x40 [ 1206.243960] ? copy_mount_options+0x1f8/0x3a0 [ 1206.248515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1206.254095] ? copy_mount_options+0x280/0x3a0 [ 1206.258641] ksys_mount+0xdb/0x150 [ 1206.262289] __x64_sys_mount+0xbe/0x150 [ 1206.266310] do_syscall_64+0x103/0x610 [ 1206.270228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1206.275489] RIP: 0033:0x45b81a [ 1206.278699] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1206.298903] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1206.306719] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1206.314149] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1206.325101] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 03:55:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x400400000000000a) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x80003f000000) 03:55:09 executing program 4: 03:55:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:09 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3007, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:09 executing program 1: [ 1206.332382] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1206.339673] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1206.391654] binder: 17565:17566 transaction failed 29201/-28, size 1610612736-12288 line 2970 [ 1206.404747] binder: 17565:17566 transaction failed 29201/-28, size 1610612736-12288 line 2970 03:55:09 executing program 1: [ 1206.447435] binder: 17569:17570 transaction failed 29201/-28, size 0-12295 line 2970 03:55:09 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip6_vti0\x00', 0x8) r1 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) connect$l2tp(r1, &(0x7f0000000380)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x1000000) 03:55:09 executing program 2 (fault-call:2 fault-nth:61): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1206.542634] binder: 17569:17576 transaction failed 29189/-22, size 0-12295 line 2855 03:55:09 executing program 1: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 03:55:09 executing program 0: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0x0, 0x0, @remote, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000]}, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) [ 1206.621271] FAULT_INJECTION: forcing a failure. [ 1206.621271] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.627169] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1206.641486] binder: 17586:17587 transaction failed 29201/-28, size 1744830464-12288 line 2970 [ 1206.678073] CPU: 0 PID: 17585 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1206.685088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1206.694491] Call Trace: [ 1206.697118] dump_stack+0x172/0x1f0 [ 1206.700785] should_fail.cold+0xa/0x1b [ 1206.704711] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1206.709844] ? lock_downgrade+0x810/0x810 [ 1206.714015] ? ___might_sleep+0x163/0x280 [ 1206.718226] __should_failslab+0x121/0x190 [ 1206.722495] should_failslab+0x9/0x14 [ 1206.726336] kmem_cache_alloc_trace+0x2cf/0x760 [ 1206.731030] ? kasan_unpoison_shadow+0x35/0x50 [ 1206.735636] ? kasan_kmalloc+0xce/0xf0 [ 1206.736405] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1206.739552] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1206.739573] __list_lru_init+0x3d3/0x6e0 [ 1206.739594] sget_userns+0x81e/0xd30 [ 1206.739609] ? kill_litter_super+0x60/0x60 [ 1206.739628] ? ns_test_super+0x50/0x50 [ 1206.739642] ? ns_test_super+0x50/0x50 [ 1206.739661] ? kill_litter_super+0x60/0x60 [ 1206.761466] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1206.762971] sget+0x10c/0x150 [ 1206.762994] mount_bdev+0xff/0x3c0 [ 1206.763019] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1206.779884] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1206.781369] ext4_mount+0x35/0x40 [ 1206.781391] mount_fs+0xae/0x331 [ 1206.781412] vfs_kern_mount.part.0+0x6f/0x410 [ 1206.793546] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1206.799606] do_mount+0x53e/0x2bc0 [ 1206.799626] ? copy_mount_string+0x40/0x40 03:55:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) r2 = syz_open_pts(r1, 0x20201) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000240)=0xd) write(r2, &(0x7f0000000100)="a6", 0x1) ioctl$TCFLSH(r2, 0x5437, 0x0) [ 1206.799643] ? _copy_from_user+0xdd/0x150 [ 1206.799663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1206.799677] ? copy_mount_options+0x280/0x3a0 [ 1206.799695] ksys_mount+0xdb/0x150 [ 1206.799726] __x64_sys_mount+0xbe/0x150 [ 1206.806941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1206.811076] do_syscall_64+0x103/0x610 [ 1206.811100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1206.811113] RIP: 0033:0x45b81a [ 1206.811132] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1206.884723] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1206.892637] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1206.900027] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1206.907318] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1206.914702] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 03:55:09 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1206.922100] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:09 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = dup2(r0, r0) write$evdev(r1, 0x0, 0x0) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x8001) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) [ 1206.953177] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 1206.953190] binder_alloc: 17586: binder_alloc_buf size 1744842752 failed, no address space 03:55:09 executing program 4: getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0) r0 = syz_open_dev$sndpcmc(0x0, 0x400, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000000)={0x100000000, 0x9}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @local}}) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f}}, 0x20) write(r1, &(0x7f0000000140)="150000000800000000000000c86b6525000010", 0x13) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x0) unshare(0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') 03:55:09 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$set_timeout(0xf, r1, 0x2bb3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) dup(r2) r3 = dup(r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x2, @loopback}, 0x1c) timer_create(0x0, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) recvmmsg(r3, &(0x7f0000009f80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001}}], 0x1, 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0xfeffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) fsetxattr$security_smack_transmute(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0xfffffffffffffffd) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000001c0)=0x1fe, 0x4) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) sendmsg(r2, &(0x7f0000000180)={&(0x7f0000000100)=@generic={0xd, "f1dce658173d5b6652ac663ed21639f234f3575a65b8ab2d7108a137aaa70b47e1a07320160a4a1d2483283feebb463193d3a8990e30900e8be76efc190ce842fee5a9630f1890310b88800786b5bba6a51a2adadb5e7d450261b4ab6804f3faddd83604c83413a74f4757142a55f6aff2d02fb57a5fd6c17a9b5a05c113"}, 0x80, 0x0}, 0x20000000) prctl$PR_GET_NO_NEW_PRIVS(0x27) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) ftruncate(r4, 0x80003) [ 1207.016837] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 1207.016853] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:09 executing program 1: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31aa8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000008000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) truncate(&(0x7f0000000000)='./file0\x00', 0x7fff) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) [ 1207.076385] binder_alloc: 17586: binder_alloc_buf size 12304 failed, no address space [ 1207.084940] binder: 17586:17587 transaction failed 29201/-28, size 1744830464-12288 line 2970 [ 1207.110893] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:09 executing program 2 (fault-call:2 fault-nth:62): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:09 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3012, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:09 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = add_key(&(0x7f00000003c0)='user\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)="8b06b6", 0x3, 0xfffffffffffffffe) keyctl$setperm(0x5, r1, 0x8) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400000101000, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f00000000c0)={0x3ff}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000200)=""/153, &(0x7f00000002c0)=0x99) syz_execute_func(&(0x7f0000000140)="c4c2d5bb2429c4c37149d3bec01eaa460f5c64eebd42d9e0c48200f3ced941b1c461c5f2b602000000c4e2e99cfac4c32978ad12a100006e") ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0) ioctl$CAPI_NCCI_GETUNIT(0xffffffffffffffff, 0x80044327, &(0x7f0000000100)=0x4) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f00000001c0)) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f0000000300)={0x5, {{0xa, 0x4e22, 0x7080, @ipv4={[], [], @rand_addr=0x11}, 0x80000000}}}, 0x88) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, {0x0, @in6={{0xa, 0x0, 0x1, @dev}}, 0x0, 0x0, 0x8000, 0x6}}, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000040)=0x5e, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x220002, 0x8) ioctl$TIOCCBRK(r4, 0x5428) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000540)={0x0, 0x0}) tee(r3, r0, 0xff, 0xe) unshare(0x40000000) [ 1207.252960] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1207.273442] binder_alloc: 17620: binder_alloc_buf size 1811951616 failed, no address space 03:55:10 executing program 1: mq_open(&(0x7f0000000000)='!s\x03\x00\x00\x00\x00\x00\x00\x00linux\x00', 0x6e93ebbbdc0884f4, 0x0, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x8f, 0x101000) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000080)={{0x3, 0x7}, 'port1\x00', 0x20, 0x0, 0xab3, 0x7, 0x400, 0x8, 0x2, 0x0, 0x1, 0x4}) [ 1207.341901] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:10 executing program 1: connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x3}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0xff}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0x6}}, 0xe8) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000440)='./file0\x00', 0x9, 0x0, &(0x7f00000003c0), 0x20, &(0x7f0000000040)=ANY=[@ANYBLOB='journal_checksum,uid=', @ANYRESOCT=r0, @ANYBLOB="cc2c5668010000000000000042472173426d77f481b6"]) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xffd8) [ 1207.397873] binder_alloc: 17620: binder_alloc_buf size 12312 failed, no address space [ 1207.423018] binder_release_work: 33 callbacks suppressed [ 1207.423028] binder: undelivered TRANSACTION_ERROR: 29201 [ 1207.457329] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1207.478590] FAULT_INJECTION: forcing a failure. [ 1207.478590] name failslab, interval 1, probability 0, space 0, times 0 [ 1207.497040] CPU: 1 PID: 17641 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1207.504267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1207.513675] Call Trace: [ 1207.516413] dump_stack+0x172/0x1f0 [ 1207.520094] should_fail.cold+0xa/0x1b [ 1207.524030] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1207.526955] binder: undelivered TRANSACTION_ERROR: 29201 [ 1207.529444] ? lock_downgrade+0x810/0x810 [ 1207.529469] ? ___might_sleep+0x163/0x280 [ 1207.543253] __should_failslab+0x121/0x190 [ 1207.547515] should_failslab+0x9/0x14 [ 1207.551348] kmem_cache_alloc_trace+0x2cf/0x760 [ 1207.556059] ? kasan_unpoison_shadow+0x35/0x50 [ 1207.560693] ? kasan_kmalloc+0xce/0xf0 [ 1207.564725] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1207.569696] __list_lru_init+0x3d3/0x6e0 [ 1207.573881] sget_userns+0x81e/0xd30 [ 1207.577621] ? kill_litter_super+0x60/0x60 [ 1207.581870] ? ns_test_super+0x50/0x50 [ 1207.585767] ? ns_test_super+0x50/0x50 [ 1207.589673] ? kill_litter_super+0x60/0x60 [ 1207.593934] sget+0x10c/0x150 [ 1207.597073] mount_bdev+0xff/0x3c0 [ 1207.600632] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1207.605756] ext4_mount+0x35/0x40 [ 1207.609226] mount_fs+0xae/0x331 [ 1207.612706] vfs_kern_mount.part.0+0x6f/0x410 [ 1207.617244] do_mount+0x53e/0x2bc0 [ 1207.620804] ? copy_mount_string+0x40/0x40 [ 1207.625061] ? _copy_from_user+0xdd/0x150 [ 1207.629227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.634789] ? copy_mount_options+0x280/0x3a0 [ 1207.639312] ksys_mount+0xdb/0x150 [ 1207.642876] __x64_sys_mount+0xbe/0x150 [ 1207.646867] do_syscall_64+0x103/0x610 [ 1207.650792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1207.656000] RIP: 0033:0x45b81a [ 1207.659227] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1207.678331] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1207.686163] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1207.693449] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1207.700742] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 03:55:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x2) r2 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x69) getsockopt$inet_mreqn(r1, 0x0, 0xd, 0x0, &(0x7f0000000140)) 03:55:10 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vfio/vfio\x00', 0x40, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r2, 0x0, 0x70bd26, 0x25dfdbfb, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x7}}, ["", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x22, 0x200000000011, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) getsockopt$netlink(r1, 0x10e, 0xa, &(0x7f0000000500)=""/66, &(0x7f0000000580)=0x42) sendto$inet(r3, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/status\x00', 0x0, 0x0) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000100)="98cd8080000cf2450fad8700000021228b2121d00fd1b02db5d9db01da01da0170e422840568ea0000c483356f1d0a000000093c3b6446dd7b0bdc8f69289bd19dc46279798b08000000674d0f483bd1d963465776c16161b09688a07a980000c4a1fae6ae34f896dce1b1ac892a0f00001d049b") bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r3, &(0x7f0000000180)="006df68bb4a998b6f3a4f528b36fc66692f3b7b9b8dbf35db7059e4b2c555baf8da41978d92db26fc13f92c2a8ff4425b0472fdbb2585cf584294f623d423c3bf51448e4e13a701003b41534eabf36fcc92052a715e4857973b53d4dc738566205dbfa1b72a3545a1b69f60066c48c6478b675bac40201c803838844405b94ce8a92ee3f01cb1a625aab0a1d2e5882b1b1710edffe0768ed4a2436be6a86416377dc9949cf5325fb0925714bb8ecc0548e6db6c0ebb929e20a809ad04169105203e0c47f7cd5df3965f0ac", &(0x7f0000000280)=""/251}, 0x18) 03:55:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1207.708051] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1207.715344] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:10 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3048, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1207.802226] binder_alloc: 17653: binder_alloc_buf size 1946169344 failed, no address space [ 1207.833525] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1207.845011] binder: undelivered TRANSACTION_ERROR: 29201 [ 1207.854150] binder: BINDER_SET_CONTEXT_MGR already set [ 1207.898954] binder: 17653:17660 ioctl 40046207 0 returned -16 [ 1207.915794] binder_alloc: 17653: binder_alloc_buf size 12360 failed, no address space [ 1207.930897] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1207.944383] binder: undelivered TRANSACTION_ERROR: 29201 [ 1207.960098] binder_alloc: 17653: binder_alloc_buf size 12360 failed, no address space [ 1207.973380] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:10 executing program 0: openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x200000, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x3, 0x6) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000040)=0x6) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000200)={0x3, r1}) getsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000100), &(0x7f0000000180)=0x6) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000000)={0xffffffffffffff1b, 0x35, 0x100000000004002, {0x5, 0x0, 0xe00}}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) write$P9_RMKNOD(r1, &(0x7f00000001c0)={0x14, 0x13, 0x1, {0x80, 0x4, 0x7}}, 0x14) r2 = dup2(r0, 0xffffffffffffffff) ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000000c0)=r2) 03:55:10 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x100000000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/148, 0x386}], 0xed, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00') getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x1f, 0x20, 0x3}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000180)={r2, 0x8}, 0x8) preadv(r1, &(0x7f0000000480), 0x10000000000001f5, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) getgroups(0x7, &(0x7f00000000c0)=[0x0, 0xee01, 0x0, 0xee01, 0x0, 0xee00, 0x0]) r5 = getegid() fcntl$notify(r0, 0x402, 0x80000000) setresgid(r3, r4, r5) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000001c0)=0x392a, 0x4) [ 1208.009791] audit: type=1800 audit(2000001310.680:280): pid=17617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16870 res=0 [ 1208.021379] binder: undelivered TRANSACTION_ERROR: 29201 03:55:10 executing program 2 (fault-call:2 fault-nth:63): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:10 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1208.135073] binder_alloc: 17669: binder_alloc_buf size 2046832640 failed, no address space [ 1208.173391] FAULT_INJECTION: forcing a failure. [ 1208.173391] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.217934] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1208.273286] CPU: 1 PID: 17674 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1208.280400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1208.289773] Call Trace: [ 1208.292467] dump_stack+0x172/0x1f0 [ 1208.296120] should_fail.cold+0xa/0x1b [ 1208.300066] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1208.305279] ? lock_downgrade+0x810/0x810 [ 1208.309451] ? ___might_sleep+0x163/0x280 [ 1208.313625] __should_failslab+0x121/0x190 [ 1208.317875] should_failslab+0x9/0x14 [ 1208.321687] kmem_cache_alloc_trace+0x2cf/0x760 [ 1208.326398] ? kasan_unpoison_shadow+0x35/0x50 [ 1208.331176] ? kasan_kmalloc+0xce/0xf0 [ 1208.335088] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1208.340045] __list_lru_init+0x3d3/0x6e0 [ 1208.344124] sget_userns+0x81e/0xd30 [ 1208.347855] ? kill_litter_super+0x60/0x60 [ 1208.352099] ? ns_test_super+0x50/0x50 [ 1208.355998] ? ns_test_super+0x50/0x50 [ 1208.359893] ? kill_litter_super+0x60/0x60 [ 1208.364153] sget+0x10c/0x150 [ 1208.367282] mount_bdev+0xff/0x3c0 [ 1208.370944] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1208.376169] ext4_mount+0x35/0x40 [ 1208.379639] mount_fs+0xae/0x331 [ 1208.383015] vfs_kern_mount.part.0+0x6f/0x410 [ 1208.387531] do_mount+0x53e/0x2bc0 [ 1208.391119] ? copy_mount_string+0x40/0x40 [ 1208.395386] ? _copy_from_user+0xdd/0x150 [ 1208.399563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1208.405215] ? copy_mount_options+0x280/0x3a0 [ 1208.409747] ksys_mount+0xdb/0x150 [ 1208.413301] __x64_sys_mount+0xbe/0x150 [ 1208.417287] do_syscall_64+0x103/0x610 [ 1208.421189] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1208.426387] RIP: 0033:0x45b81a [ 1208.429596] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1208.448527] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1208.456258] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1208.463548] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1208.470840] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1208.478300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1208.485589] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:11 executing program 1: r0 = socket$inet(0xa, 0x0, 0x0) r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r3, &(0x7f0000000080), 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) listen(r0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000001c0)={0x7, 0x8, 0xfa00, {r4, 0x10001}}, 0x10) connect$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @broadcast}}, 0x1e) [ 1208.581523] binder_alloc: 17669: binder_alloc_buf size 12368 failed, no address space [ 1208.590385] binder: undelivered TRANSACTION_ERROR: 29201 [ 1208.605255] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0), 0x15) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000240)={r0}) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="1fea9f2c41641381472729bdac7f78c52af50eb0ebd75ecb664c6183e4c599d63ded7ce87574eb4d79addc63d10c95f7c2869336dfe856ef594c7ff79345cf63145cd6e80d3d5bd5ea0b0e1ccb384e56b451212dc02b7cdcc4060570e334953b4a37f2295aeab17b593a3e6e1f1861b910453c3f7906108dd80a1a50a752bd1147b2c1ce006b6a9d2625e8bbb3e19e13af57078b849f", 0x96) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x212}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000003c0)={0x5, 0x7ff, 0x8200, 0xffffffefffffffff, 0xb, 0x7fff, 0x0, 0xad6, r2}, &(0x7f0000000380)=0x20) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000200)={0x0, 0x5c, &(0x7f0000000180)="cd9ba736305d04f6351790283db2a85a791972cdb80ec72ff0440262506f892c31a8f8f62c8d830f084d9a2928c7205757161ac5b97645572cd5e360cc8e3499968b8b3d64ef5b2eabddeba35998c7e3a5cc522e7836ebd83a3d6556"}) [ 1208.646926] binder_alloc: 17669: binder_alloc_buf size 2046832640 failed, no address space [ 1208.662308] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1208.670238] binder: undelivered TRANSACTION_ERROR: 29201 [ 1208.707546] binder: undelivered TRANSACTION_ERROR: 29201 03:55:11 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3060, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:11 executing program 2 (fault-call:2 fault-nth:64): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = msgget(0x2, 0x0) msgctl$IPC_RMID(r1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020300021b000000020000000000000005000600000000000a00000000000000000000997f6699000000000000d6dbb905d1f86beb0000000d000800e0020000b89c0fa2997da12ba71996d8ee000000809ac1ec3d95c9a0af6fa7fe171ac34721f755b088c2a08594e391798e4fd4959ba9b5a7b0588736a57525a30d463ea43084dc1840039649673b733890eb3db522d9e73a871a86cc8c8dda870000000002000100000000000000030080ffffff05000500000000000a000000def7bd3e10c05ce000000000fe800000200000003692daa992ee1466"], 0xd8}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02140007070000002bbd7080fddbdf250500000000000000000000000000aafe88000000000000000000000000f8ff00000010824fe94b26533654"], 0x3b}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x400024c, 0x0) [ 1208.988269] FAULT_INJECTION: forcing a failure. [ 1208.988269] name failslab, interval 1, probability 0, space 0, times 0 [ 1209.004598] binder: undelivered TRANSACTION_ERROR: 29201 [ 1209.019867] binder: undelivered TRANSACTION_ERROR: 29201 03:55:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1209.066754] CPU: 0 PID: 17707 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1209.073947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1209.083331] Call Trace: [ 1209.085951] dump_stack+0x172/0x1f0 [ 1209.089610] should_fail.cold+0xa/0x1b [ 1209.093547] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1209.098856] ? lock_downgrade+0x810/0x810 [ 1209.103024] ? ___might_sleep+0x163/0x280 [ 1209.107202] __should_failslab+0x121/0x190 [ 1209.111576] should_failslab+0x9/0x14 [ 1209.115481] kmem_cache_alloc_trace+0x2cf/0x760 [ 1209.120523] ? kasan_unpoison_shadow+0x35/0x50 [ 1209.120539] ? kasan_kmalloc+0xce/0xf0 [ 1209.120563] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1209.120581] __list_lru_init+0x3d3/0x6e0 [ 1209.120603] sget_userns+0x81e/0xd30 [ 1209.120616] ? kill_litter_super+0x60/0x60 [ 1209.120632] ? ns_test_super+0x50/0x50 [ 1209.120645] ? ns_test_super+0x50/0x50 [ 1209.120658] ? kill_litter_super+0x60/0x60 [ 1209.120672] sget+0x10c/0x150 [ 1209.120696] mount_bdev+0xff/0x3c0 [ 1209.164978] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1209.170116] ext4_mount+0x35/0x40 [ 1209.173861] mount_fs+0xae/0x331 [ 1209.177263] vfs_kern_mount.part.0+0x6f/0x410 [ 1209.181788] do_mount+0x53e/0x2bc0 [ 1209.185368] ? copy_mount_string+0x40/0x40 [ 1209.189811] ? _copy_from_user+0xdd/0x150 [ 1209.193992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1209.199554] ? copy_mount_options+0x280/0x3a0 [ 1209.204068] ksys_mount+0xdb/0x150 [ 1209.207636] __x64_sys_mount+0xbe/0x150 [ 1209.211641] do_syscall_64+0x103/0x610 [ 1209.215558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1209.220772] RIP: 0033:0x45b81a [ 1209.224073] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1209.243020] RSP: 002b:00007f35c6934a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1209.243039] RAX: ffffffffffffffda RBX: 00007f35c6934b40 RCX: 000000000045b81a [ 1209.243047] RDX: 00007f35c6934ae0 RSI: 0000000020000000 RDI: 00007f35c6934b00 03:55:11 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x75, 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x42480) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x0, 0x5, 0xfffffffffffff801, 0x2, "ab69a66e543bd57648ccc9410c6674a847cd989892c360c309f340b66706a1335d819544aa1b6c4b0421f44e02a51d7b04777be38b68c2ad168dc27416f6ff", 0x1c}, 0x60) connect$caif(r1, &(0x7f00000000c0)=@dbg={0x25, 0x4, 0xffff}, 0x18) 03:55:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:11 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3068, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:11 executing program 1: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket(0x11, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff}) bind(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) [ 1209.243055] RBP: 0000000000000001 R08: 00007f35c6934b40 R09: 00007f35c6934ae0 [ 1209.243062] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1209.243071] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000003 03:55:12 executing program 2 (fault-call:2 fault-nth:65): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:12 executing program 4: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x569000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xfffffffffffffff9, 0x1) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000040)) 03:55:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:12 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x3ff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r2 = socket$packet(0x11, 0x100000000000000, 0x300) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000005, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_fanout_data(r2, 0x107, 0x11, &(0x7f00000000c0)={0x2259, &(0x7f0000000040)}, 0x4) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0585605, &(0x7f0000000000)) 03:55:12 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1209.502620] FAULT_INJECTION: forcing a failure. [ 1209.502620] name failslab, interval 1, probability 0, space 0, times 0 03:55:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) writev(0xffffffffffffffff, &(0x7f00000004c0), 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000280)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000780)='/dev/mISDNtimer\x00', 0x101000, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f00000000c0)) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x248000, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e20, @remote}, 0x10) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vhost-net\x00', 0x2, 0x0) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$f2fs(&(0x7f0000000100)='f2fs\x00', &(0x7f0000000300)='./file0\x00', 0x5, 0x2, &(0x7f0000000380)=[{&(0x7f0000000480)="8a91a1c5173b035db53927b66bd05a6c0bea97d2a3ae1c7d5782f7adfe867ab164d7e105544a7b91215fae789a4a064f80e8881b40bbd0464d6c14463841ba50bc78bc24295a445ca084bd7c39d45c6e23783d45b6942059a4b8bac5321d717b44658bde6c216bb86d7a005c8c77099ecbff59924d20ecad52156c10958e7f80b4ed2366710ca1800dfeafa5d167bc6b6beb8aaf77ed20b5222c39a11672adcd3f6c0f", 0xa3, 0x1f}, {&(0x7f0000000540)="f748f1619f123d778fa6119006c7d7d8b3047b3fb04526f555e62d42d22fa3c5b47eb87e74cc200f16a866d65e0df4673f3de1c146b458d9fb479a07364e5e1c872a304f5ee125f1692280972f4c81f2f2b12fb38f2bc573d961296d732554b96aae4f771b19c8a12a8f2f2098d820efc9dae5bde7a02e84fe1638f4127b08bb71a2d4b64e", 0x85, 0x9}], 0x400, &(0x7f0000000680)={[{@alloc_mode_def='alloc_mode=default'}, {@six_active_logs='active_logs=6'}, {@noextent_cache='noextent_cache'}, {@disable_ext_identify='disable_ext_identify'}, {@noquota='noquota'}, {@four_active_logs='active_logs=4'}, {@resgid={'resgid', 0x3d, r5}}, {@inline_xattr_size={'inline_xattr_size', 0x3d, 0x7ff}}], [{@obj_user={'obj_user', 0x3d, '/posix_acl_accesslo'}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@seclabel='seclabel'}]}) ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, 0x0) ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000200)={0xd000, 0x6000, 0x9, 0x0, 0x6}) [ 1209.582840] CPU: 0 PID: 17743 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1209.590136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1209.599519] Call Trace: [ 1209.602145] dump_stack+0x172/0x1f0 [ 1209.605810] should_fail.cold+0xa/0x1b [ 1209.609732] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1209.615041] ? lock_downgrade+0x810/0x810 [ 1209.619223] ? ___might_sleep+0x163/0x280 [ 1209.623420] __should_failslab+0x121/0x190 [ 1209.627738] should_failslab+0x9/0x14 [ 1209.631603] kmem_cache_alloc_trace+0x2cf/0x760 [ 1209.636568] ? kasan_unpoison_shadow+0x35/0x50 [ 1209.641189] ? kasan_kmalloc+0xce/0xf0 [ 1209.645116] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1209.650086] __list_lru_init+0x3d3/0x6e0 [ 1209.654186] sget_userns+0x81e/0xd30 [ 1209.658016] ? kill_litter_super+0x60/0x60 [ 1209.662268] ? ns_test_super+0x50/0x50 [ 1209.666301] ? ns_test_super+0x50/0x50 [ 1209.670215] ? kill_litter_super+0x60/0x60 [ 1209.674499] sget+0x10c/0x150 [ 1209.677669] mount_bdev+0xff/0x3c0 03:55:12 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3074, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1209.681241] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1209.686949] ext4_mount+0x35/0x40 [ 1209.690441] mount_fs+0xae/0x331 [ 1209.693849] vfs_kern_mount.part.0+0x6f/0x410 [ 1209.699388] do_mount+0x53e/0x2bc0 [ 1209.702993] ? copy_mount_string+0x40/0x40 [ 1209.707551] ? _copy_from_user+0xdd/0x150 [ 1209.711840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1209.717764] ? copy_mount_options+0x280/0x3a0 [ 1209.722295] ksys_mount+0xdb/0x150 [ 1209.725863] __x64_sys_mount+0xbe/0x150 [ 1209.729954] do_syscall_64+0x103/0x610 03:55:12 executing program 0: perf_event_open(&(0x7f0000000000)={0x40000000000002, 0x70, 0x1e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000080)=0x1c43b873) write(r0, &(0x7f0000000600)="edca4c00e7b354e40b9e0fd32a1175327fea151502c06217aca17db3131e6072cdfd69e7cd5135eaf6568d7607c841192f7e70236b57d96863375712e7058c4ec548f381d55e4615590c64443ae8179f6366cb59df8f61a1b11de7270c39ed664c816cb657ed2f4356b28b105e42ae1edb6fb192cdea77ca26c662b4f30fd0c225f5b7cf5a2de1929e24eaea1551b46903f3dda28db6ba3305c52cc91723e93bc452f55b53a12a59b2975c6e3bea28edefd3726a64e3967b6e87164f0cb0de76bf87225d1748b0a068ece9ff12be45a4142ab3d2c88d67d8248d0d8c4b3d64dce1c6bc4cd8c39d96e8da06a72feb2a5a470b45ab3b18d7e0331b480bc058a009ee7ada1645f5e67d55bbbc623bf8478c0aa18881cbda37c97961535d77556a35ce2863776499910491a8bed4f921a43e3b70809cd53b0e8f15834e10cac343cce6935b5dc6069cf82895a814b8be42d95f41e20aea0ba0012139613289a155ae79402d93ea47425daca8e2ff0db9d2580179f22f7adf5e971427d02c606d7d9399303280e6f2f53eafee5078b9ccbdd3633b95008e1ebf72b8acd87047684af0c322f142e1a155afed365d3990ada50cfc5924224a9102959f9bb0a66765bcf2f7b8780168148dacc98065901ac465f6a6e5f4425e4d232599a5a968135816e5a0863a6eaddb6aa7f7b0e32b589254494242497d0c569165d1e40865a2fdfa3b36e348f289f57a9de57fd076f96ba3d6da5f646dc85ba6fa1681e2bc7cc96e998df36b940e423007046d78e150137075b0488a8f94f056ed5a8ee93f26952a36a755d2a2099d4e14489ac60a4b318cad79b60d7a58cf71fdf149aaf0dcc3ac30a4ab41c9bd3ef0ac9f310d8b44ffd4d5988f552f544d5eeefe295bf51d6e2ca0556a61c081b0ca54eea19ed7f5a187ac1109539ed7bf5a59750600377e451b831b56bc6b5fd534187e1cf113585e07ad578f7bd0d2424306cdd45e69727e13f18d69107b107ad558472aab0ee915839862a94a45ecdfdeb4732c3558a0ea878aeb5eb54e6f3fdfc149838fbfbac8c219d87e29c724670e706d2479fb4e41ce189b379d9d1f37af43fd2d53434fcaeaea0ea94eacd62071e924fccfdc26d8e1635efdbd7bb678fc0ee60081f47ac16d82c340c53421761a549511fac31fb4ef513c6c95635231863ec86035182a50ef7142ec000ebae17d822f91a58663ec3b7b2754cc526f3f4dc6b8adace6e8244fb6d12c2c0da3f4086a0ef28e84e1af34a2fdfc07b9c8e652f097bdfd5517c1ad6711d60637fb8f3fe0d83cb2689b396e6d406d661aa474b883ef1e1ab9f5c11f7ac5fd61a77700d65652e04f7bb4ae0d81ed84236618149fefaeafd36c2345d6156b80988a5b6e12e97f17570b7c66a91dc895293137e11d8ea2c3a5ee255ebdebc5815e436d2eb1976e22f4d72704b9863bcac10a697917fba6ca5d0aa8f44dca72bf59e82e21cc4fdeadd3baa90cbde1a287aab6c163cd3a6a898de9a18bce8749523f1bc9d99e96b49069954d90a60e08fdae720f8b1e1205783d525573fe329486eaa1bae4975723d0c5d715248c26558bdf8a04347e6202ff079ff207c215db8cc295ae153963489a6928af57bddca93cc03b4fd3fc0cd886d4de975125e4ea888c9baa1fd4ac7e81fc24ea42f854bce47810d44aa3887a9e47fe9a28e6e8244de7bfe91671a9cd9a0ff77ca1f1c42506c61ee668ad75875f6b947a8983a61042b478b376039e190aa5f1db4fe52c7fcd401a3b25c3008b1eef4dad0313ba261c3301f0923b9394a3fa233440e1d84282edbd18a24730b460354c362fb21016b79a934dac80e4d00534cf88bce6db34823b6a630479147a8abcbccf2ca41f8bedcc9695a01840669fe22dd32916bae5fea1af5ba89be819444f235d0faa7e8c32c4d3da1efb8b367e738c94248c9a69322409d869289484761415a2ff0e9bcfa337b5ab751da35ed1dc2e77d36a20129808780eab232064c98ee4ea1cd9801d6e71e1b16a28911dd249f49387a361517febdfcc305d9d0cb3992674dab33b41bdf232f151ccd3192025aaead5a30e3cf0a057fe36dc29577980f81bcc57c2f052136a13eed2bb6816e44d43af2b80a218fc7d5e06669a5b175fbdb288b7f70386043ca97a059b3c3e868a861b7053288d36d875a8152ab2ae5cefe454baa6d6a32a64beeff8991004dbeafb43b1a095391db2a8ed9c2f93a47157145fd1515ccc0d96d876edf92cd196382278496db5b41e0478b32eba040b8e088b9014dc3b44410ede0d400a0a0d1b77271695e6494d3c2e4cf11aa25593891b80e2eeff5ac31b522ba5b906425830bd215fe1b1227a5af91978af872decba7db9455bb37252b4d152ac41d8b0cd5edb75902be27dcce1816dd07c2d095b259f6892b937e83c21a5c36488816dd28baf4b010009c62147f66770b4ced321bf17b1aceb7f9afe864f6c389a25c3c0a22f4fd8a900ffb18e633e0ffaaa413df47b9e689416092eb3a69c32b2e41b573b49ffabdd73db7b97d9864d038039843c21b36c0394a1104d1feee652e3c4c1a6d991d518e0ad9dc210cc6b6480f97c9856737ee9c1e349b1d129ac8bb53939964da7fa8c511f9ce648bb9c7679181c1f433b35337089e9b50f97b346c25eff2fc3486d69575f28025ab0253ef56a405a51a6da27ab9de3e189daccd5eaa88a6212d866bd2382952d7e57a5b93391ff1400eac67f6c9fef11ef9931b9162710198ea6d00041b113010f7aed955a1cfff0bceb1f0fb714429fbc9f695bb2ac7de7bac3f52c23690c46fa0febf80df782e72daf5a9cd0acfed6f26b851313a0b04f37eb1bcdfe17a37794fa9058feee52a58d4c2959c66f71933fcd66a0187d8a31880341cae695f50e80d7f9cfbf98b57eb024b2e61f31cdae882b53211da15e2e26f6577a408542674c56cb10a95d44b9c2a5e8970832c007d5ff9f26cd96ddc9dc059fff8cdadfc60fd78f47e7cc99f648d65ff18fd824d990c3c137b3b79ea6a55eac895cfebfc12ab8addef871baee1317021440fa8a8dc049a9bf4ff9452a5695577abce5ba96897677fb698f1ae17771a9b71aef8f2c06f4459fe6052737377834333421bdf38aa3c7ecbd22b518a51fbbad3b85f322df1dbbf79f68377718d3810558055170ebaeb90cb1463699679cb2f486e7845f729fc8f23b65283f098c910bbe4b06f7f06b1b0c41ff5b2d097d46cf4050cc74c9413b6809cc4d2e1a1e770bd69251f2010f4994aa73a229991abd79b222b79bd2e45f7b3d912365cab124bbac4078c416f9df21f53e6076dfd3e2d6153f0b91d484f0f0d36a0073099b4ee997bac02345e5fa49670a8b5968449ab508bb8d8663428974633f07e3f5f4b3d2cc0b6ffd5fdec7417137f4c05a1162412b6c4bdeaf110a90a2ba17947fe82fe2c1ddbc9a5a2cae29b8cc929c9ed47f195d06968cc036022c35a225678972fefbd7b6d6d8e7a26bbeb702246a736daca4bc1ed6cc8b3ee9894abc5178601289120c64884ed3055bb062e0c3891df2fa2ca33ce6da4bb884a4b43ba94871cd5ad5771b1503b61759fc843b7a2829cf0cfeabad5cf690212431345119e9d4d97d8881", 0xa00) r1 = open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x1ffe0) [ 1209.733879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1209.739266] RIP: 0033:0x45b81a [ 1209.742477] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1209.762179] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1209.762197] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a 03:55:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1209.762213] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1209.762228] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1209.786919] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1209.786929] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:12 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1209.889363] audit: type=1800 audit(2000001312.560:281): pid=17767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=17443 res=0 03:55:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f093c123f319bd070") r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) write$UHID_DESTROY(r1, &(0x7f0000000300), 0x4) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x8) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000440)=0x60, 0x2) ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000340)={0xf, @raw_data="5f365f12cfa1502cdecfdd5fe115cfd59b5c17d1259a1a7a38344a813ca082074dc86d99432f5d41245e7a2c6c06053b16e8ca9caa67d4003f8292b414ba214a6b906a80b20302dbee2f7cfba2b65022ba8d9a6569bba16e864e151399a5705d11263d1223a906c141a517a64d402acd389c0c88e7c756823033c5dba3f4c7e4d024c4beffcacd15c813ceac6912e8047f98547a605706fd727e2cbde3c2336fbd7d340b1fe775d17e02754ab863fb6e1ffeda598325a3df2ed2085f891e0bf08b3a53922b3c7466"}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f00000004c0)=0x10) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000000)={'ip6_vti0\x00', 0x100000001}) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r4, 0x84, 0x74, &(0x7f00000000c0)=""/206, &(0x7f00000001c0)=0xce) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r0) r5 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0xe19) 03:55:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1209.979828] audit: type=1804 audit(2000001312.630:282): pid=17767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir794294696/syzkaller.5JUWGp/1269/file0" dev="sda1" ino=17443 res=1 03:55:12 executing program 2 (fault-call:2 fault-nth:66): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:12 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:12 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000500)='/selinux/enforce\x00', 0x40, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000540)={0x0}, &(0x7f0000000580)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000005c0)=@assoc_value={r2, 0x2}, 0x8) 03:55:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:13 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) r1 = dup(r0) write$P9_ROPEN(r1, &(0x7f0000000000)={0x18}, 0xfd2b) poll(&(0x7f0000000080)=[{r1}], 0x1, 0x0) 03:55:13 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x14, 0x4, 0x4, 0x3ff, 0x0, 0x1}, 0x3c) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={r0, &(0x7f0000000480), 0x0}, 0x18) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) 03:55:13 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f5e0ff, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:13 executing program 1: clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffff9c, 0xc058565d, &(0x7f00000003c0)={0x252c, 0xb, 0x4, 0x40500, {r0, r1/1000+30000}, {0x3, 0x8, 0x7ff, 0x8000, 0x4, 0x5, "77f6614d"}, 0x7, 0x3, @planes=&(0x7f00000000c0)={0xfffffffffffff000, 0x9, @fd=0xffffffffffffff9c, 0x1}, 0x4}) fchmod(r2, 0x1) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x22, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @local}}}, &(0x7f0000000000)=0x84) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0xcd, &(0x7f00000001c0)={{0xa, 0x4e21, 0x3, @empty, 0x5}, {0xa, 0x4e23, 0x400, @mcast1, 0xfffffffffffff935}, 0x4, [0xb8e3, 0x100000000, 0x9, 0x100000001, 0x4, 0x7, 0x1, 0x1ff]}, 0x5c) bind$inet(r4, &(0x7f0000000100)={0x2, 0x2}, 0x10) ioctl$int_in(r4, 0x5421, &(0x7f0000000080)=0x19b) setxattr$security_smack_transmute(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000240)='TRUE', 0x1, 0x1) sendto$inet(r4, 0x0, 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @local}, 0x10) sendto$inet(r4, &(0x7f0000000280)="a5fe9e7be7060871618b23a8d86d12156655aa50100792f46b647308d3e2a67328969288734cc698158a84b40408261762639ee5e5881d4fb471fcb9639d30513ab42a04f920d8c1fa0c6ed49b0028fda44d1e69121bd2ff68125d42c7beccab2998e3392614583dd729cd341292ded369a34c4c75e12e8e0f519531fc8f11e74b74f2e5ad24cd0ab65395a2307394f48438306edcbb2ad2261f7535abea9833df32f75d92d392390bcfef75c9923a1745b53c", 0xb3, 0x8801, 0x0, 0x3d5) [ 1210.546519] FAULT_INJECTION: forcing a failure. [ 1210.546519] name failslab, interval 1, probability 0, space 0, times 0 [ 1210.560075] CPU: 0 PID: 17800 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1210.567046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1210.576457] Call Trace: [ 1210.579076] dump_stack+0x172/0x1f0 [ 1210.579272] binder: BINDER_SET_CONTEXT_MGR already set [ 1210.582829] should_fail.cold+0xa/0x1b [ 1210.582855] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1210.582878] ? lock_downgrade+0x810/0x810 [ 1210.601431] ? ___might_sleep+0x163/0x280 [ 1210.605974] __should_failslab+0x121/0x190 [ 1210.610262] should_failslab+0x9/0x14 [ 1210.614089] kmem_cache_alloc_trace+0x2cf/0x760 [ 1210.616023] binder: 17794:17798 ioctl 40046207 0 returned -16 [ 1210.618781] ? kasan_unpoison_shadow+0x35/0x50 [ 1210.618797] ? kasan_kmalloc+0xce/0xf0 [ 1210.618820] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1210.618840] __list_lru_init+0x3d3/0x6e0 [ 1210.618863] sget_userns+0x81e/0xd30 [ 1210.618878] ? kill_litter_super+0x60/0x60 [ 1210.618894] ? ns_test_super+0x50/0x50 [ 1210.618908] ? ns_test_super+0x50/0x50 [ 1210.618922] ? kill_litter_super+0x60/0x60 [ 1210.618943] sget+0x10c/0x150 [ 1210.665462] mount_bdev+0xff/0x3c0 [ 1210.669057] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1210.674242] ext4_mount+0x35/0x40 [ 1210.677740] mount_fs+0xae/0x331 [ 1210.681140] vfs_kern_mount.part.0+0x6f/0x410 [ 1210.685683] do_mount+0x53e/0x2bc0 [ 1210.689265] ? copy_mount_string+0x40/0x40 [ 1210.693543] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.699344] ? copy_mount_options+0x280/0x3a0 [ 1210.704059] ksys_mount+0xdb/0x150 [ 1210.707671] __x64_sys_mount+0xbe/0x150 [ 1210.711715] do_syscall_64+0x103/0x610 [ 1210.715650] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1210.721248] RIP: 0033:0x45b81a [ 1210.724474] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 03:55:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x1) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x1000000077, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(r3, 0x4080aea2, &(0x7f00000004c0)) [ 1210.745753] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1210.757067] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1210.766115] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1210.766126] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1210.766133] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1210.766141] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:13 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x8, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x0, 0x2}, {0x80000006}]}, 0x10) prctl$PR_GET_KEEPCAPS(0x7) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x8, 0x200000) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000080)=""/88) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000140), &(0x7f0000000180)=0x8) connect$vsock_dgram(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @host}, 0x10) [ 1210.924433] binder_alloc: 17821: binder_alloc_buf failed to map pages in userspace, no vma [ 1210.954390] binder_transaction: 39 callbacks suppressed [ 1210.954416] binder: 17828:17829 transaction failed 29189/-3, size 0-12288 line 2970 03:55:13 executing program 2 (fault-call:2 fault-nth:67): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:13 executing program 1: r0 = eventfd2(0x0, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="e04a4f74b80de1fa", 0x8}], 0x1) writev(r0, &(0x7f0000002700)=[{&(0x7f0000000100)="5565759488b04392", 0x8}], 0x1) r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x2, 0x2) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000140)={0x2, 0xf, 0x4, 0x24202048, {0x0, 0x2710}, {0x7, 0xe, 0x6dcf, 0x2, 0x5, 0x3ff, "ed234c8d"}, 0x8, 0x4, @fd=0xffffffffffffffff, 0x4}) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f00000001c0)={0xa90c, 0x1, 0x4, 0x200000, {0x0, 0x7530}, {0x3, 0xc, 0x3, 0x2, 0x9, 0x2, "aca915f8"}, 0x3, 0x2, @fd=r2, 0x4}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000001040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = gettid() mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x31, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) 03:55:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:13 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x80040, 0x0) getsockname(r1, &(0x7f0000000600)=@nl=@proc, &(0x7f0000000680)=0x80) ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000200)) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000740)=ANY=[@ANYBLOB="76d58732e9000000a720fe6c4eb69aa3dacf9fe6e77431aff13a69b89b31a53040f35f75cd1f869dc762369dea77d1f0f72d19f13bdbe2a828cdb2f2ea71ff77cadc94b8be8dd9c3911b2a28b31caf06da15083466b67bf94e9a79a3c9db7dc5ebf4094b2f5be8dfa81f3fd006c42bfc05453299eeebee14dc675cbcdbf724ecdcd82c87644400851f9ac681f491637f7cf59a9b112a8d5a034a90a03b2ab05142a5e94c9872a49af6124a2a5e633583ef6ba8af0626183294c05cc10dde266c0c018a0c3b71fbcee0ae7c8945d1369eb9dbf5ed201e04573adfda92a9b3bbef861ae88fcf53c2d7ee5e11d94e6d4b993108ffdf3c086341e7f92d9262fd56ff59bfb5ddcecd0eac0d8b6428cfe6e20fb5c2e4cca572e7ff67d34de897b90de5cf"]) r2 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0x1, 0x4000) io_setup(0x9, &(0x7f0000000080)=0x0) io_submit(r3, 0x3, &(0x7f0000000540)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x6, 0xfff, r0, &(0x7f0000000300), 0x0, 0x7ff, 0x0, 0x1}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xa, 0x8f7, r0, &(0x7f0000000380)="9351a439ee8b487015e12ec2978ebb072857c7bd", 0x14, 0x8, 0x0, 0x0, r1}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x100, r2, &(0x7f0000000400)="75f8e82ac246b5b8833e6f9b6ae050d90ce023bcd5c19617c760e06f13e4ffe2f4d949160e80d24ae448fea632c560aee7cfc3710b30836d856d40787a3dde0a45a979e2814fadadc9d619b14ab02899292cfd1cb5252bd14da4a3c7a7a4afb4b498118512174d8cd98754c1d61f0228858ff5b50afd7e868d3b63a6bc5a9d43c5acb9603cfe9727dbb4ebe12f031e68da8252c4acd973a70f93428e839068b23979cc653f90783799539347880a5708c6ba435b07f659bda8b17de236b4475ccb03b39dac8d5384f45a4eb733bedbcfdbeaa2df896e05232f5963f7f0948da057157a", 0xe3, 0x100000001, 0x0, 0x3, r1}]) read(r1, &(0x7f0000000280)=""/37, 0x25) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) prctl$PR_CAPBSET_DROP(0x18, 0x1d) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000140)={r4, 0x80, 0x30}, &(0x7f0000000180)=0xc) setsockopt$inet6_tcp_buf(r0, 0x6, 0xe, &(0x7f0000000000)="36cc9646ccda1eb136585ec9cc29b65d88857b8f9566d7b399f7f704607e9683ee83fadeef62dd2ce6a95f3e0b85a1779acc308a6a2d045e2157398856ebbb0b0c2edbb6f1c42a84f9f03e5e529aea97797c1b77b588d3145e20a546057fc70eddc6f202a1e0a446ce37cf262ddf03267c53b18fcd9d4f2bc7ee2fba12", 0x7d) getpeername$ax25(r2, &(0x7f0000000580)={{0x3, @default}, [@rose, @remote, @null, @bcast, @netrom, @bcast, @netrom, @null]}, &(0x7f0000000300)=0x48) getsockopt$inet6_int(r0, 0x29, 0x1, 0x0, &(0x7f0000000240)) 03:55:13 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x8) write$binfmt_script(r0, &(0x7f00000008c0)={'#! ', './file0'}, 0xb) close(r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") execve(&(0x7f0000000000)='./file0\x00', &(0x7f00000003c0)=[&(0x7f0000001b00)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac', &(0x7f0000001d00)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac'], &(0x7f0000000040)=[&(0x7f0000002100)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac', &(0x7f0000000e40)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac', &(0x7f0000001040)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac', &(0x7f0000000440)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a', &(0x7f0000000180)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac', &(0x7f0000001680)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac', &(0x7f0000001880)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac']) 03:55:13 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1211.095369] binder: 17841:17842 transaction failed 29201/-28, size 504403158265495552-12288 line 2970 [ 1211.161702] FAULT_INJECTION: forcing a failure. [ 1211.161702] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.179179] CPU: 1 PID: 17853 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1211.186194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.194505] binder: 17851:17855 got transaction with invalid offsets ptr [ 1211.195571] Call Trace: [ 1211.195603] dump_stack+0x172/0x1f0 [ 1211.195629] should_fail.cold+0xa/0x1b [ 1211.212770] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1211.217909] ? lock_downgrade+0x810/0x810 [ 1211.222081] ? ___might_sleep+0x163/0x280 [ 1211.226283] __should_failslab+0x121/0x190 [ 1211.228140] binder: 17841:17842 transaction failed 29201/-28, size 504403158265495552-12288 line 2970 [ 1211.230558] should_failslab+0x9/0x14 [ 1211.242136] binder: 17851:17855 transaction failed 29201/-14, size 0-12288 line 2997 [ 1211.244165] kmem_cache_alloc_trace+0x2cf/0x760 [ 1211.244187] ? kasan_unpoison_shadow+0x35/0x50 [ 1211.264000] ? kasan_kmalloc+0xce/0xf0 [ 1211.267934] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1211.273196] __list_lru_init+0x3d3/0x6e0 [ 1211.277468] sget_userns+0x81e/0xd30 [ 1211.281303] ? kill_litter_super+0x60/0x60 [ 1211.283111] binder: 17851:17860 got transaction with invalid offsets ptr [ 1211.285634] ? ns_test_super+0x50/0x50 [ 1211.285651] ? ns_test_super+0x50/0x50 [ 1211.285671] ? kill_litter_super+0x60/0x60 [ 1211.306149] sget+0x10c/0x150 [ 1211.309319] mount_bdev+0xff/0x3c0 [ 1211.312897] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1211.314220] binder: 17851:17860 transaction failed 29201/-14, size 0-12288 line 2997 [ 1211.318029] ext4_mount+0x35/0x40 [ 1211.318049] mount_fs+0xae/0x331 [ 1211.318070] vfs_kern_mount.part.0+0x6f/0x410 [ 1211.318089] do_mount+0x53e/0x2bc0 [ 1211.340996] ? copy_mount_string+0x40/0x40 [ 1211.345269] ? copy_mount_options+0x1ea/0x3a0 [ 1211.351386] ? copy_mount_options+0x1f3/0x3a0 [ 1211.357253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.363183] ? copy_mount_options+0x280/0x3a0 [ 1211.367727] ksys_mount+0xdb/0x150 [ 1211.371298] __x64_sys_mount+0xbe/0x150 [ 1211.375302] do_syscall_64+0x103/0x610 [ 1211.379827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.385032] RIP: 0033:0x45b81a [ 1211.388237] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 03:55:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0xb9dad7e7ab626312, 0x1000, &(0x7f0000016000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x5) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xbd, 0x0, 0x0, 0x0) setsockopt$netrom_NETROM_N2(0xffffffffffffffff, 0x103, 0x3, &(0x7f00000000c0), 0x3) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio\x00', 0x20000, 0x0) ioctl$PPPIOCGFLAGS1(r3, 0x8004745a, &(0x7f0000000040)) r4 = dup2(r0, r1) ioctl$NBD_SET_SOCK(r3, 0xab00, r4) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrusage(0x0, &(0x7f0000000200)) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f0000000040), 0x4) 03:55:14 executing program 0: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x100, 0x0) ioctl(r0, 0x3, &(0x7f00000000c0)="ddfa99f15a68aee59297d6215bf4bbd7fe50c03342b2b594d4f0c9df56e7a66a6944e093ef4f26a761486e785209d87c6a912f1371a95f4c7a9474c8783f0558f2f005a805e5a36511234891185e3d4d42861dde862780883853ed1f457bd91a939b63714d071cb32f40309ac5ef8100b3") syz_execute_func(&(0x7f0000000200)="952caa0f050520d0f807911441298f17955bf95bf90fc4014c410f0d33bff6000000a0e5be34d1c4e1f8c421fc5122c1d5505021c48192558dc9c3664541d2c30fbb0198860000000fbfce0f73d539c401c1641a572644a5f0470fbb7508a9c1460009c90f40bdcbbdcb7db1d3c461205ffb3e11bd110f00000f3804830a000000") [ 1211.407166] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1211.414908] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1211.422285] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1211.429851] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1211.437228] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1211.445391] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:14 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000640)='/dev/rtc0\x00', 0xd0043, 0x0) ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f0000000100)={&(0x7f0000ffc000/0x2000)=nil, 0x7fff, 0x0, 0x8, &(0x7f0000ffc000/0x4000)=nil}) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) epoll_create(0x3f) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) request_key(&(0x7f0000000140)='cifs.idmap\x00', 0x0, 0x0, 0xfffffffffffffffd) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000500)={r1, &(0x7f0000000a00)="b77aa0c6be9f2a06fcd1ddbce5cfbb07a954d6096b54bc90706d0121942014015779d24f2fd71085cafcc5a8fdde88e7fb4db063fabc53d78918aaaf20dfe42eef1e48634baca69dd56fea98351c4feb400e33a62de8328a90e332083a63a6e3e2e8650d455f274ff78f697e62b05c5bf63d4ac8d35e53e5c1a2dfc110804620c802a85a525dc47afbe7ad06d4a0f8d273f5a6f267150c191fd96fe9ace8fb56f41cfb7bcabe27f4bcd758163c3d08e69bfffc14865881ca151cd7c0925e54ef99b4d7cc1b3e4326ca81d40800000000000000ba58100e442a10fd3c02f074c0297bb1f86bf0491a2b89dc541e034d39efc5fa85c59668303d86589634ce834ec849be1a1fe549c19f740d6cf1dd36782fa2f3a43c", 0xfffffffffffffffe}, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xc, 0x0, 0x7f}) [ 1211.591704] binder: 17872:17875 transaction failed 29201/-28, size 1297036692682702848-12288 line 2970 [ 1211.614889] binder_alloc: 17872: binder_alloc_buf failed to map page at 20002000 in userspace [ 1211.643282] binder: 17876:17877 transaction failed 29201/-12, size 0-12288 line 2970 [ 1211.653001] binder: 17872:17883 transaction failed 29201/-28, size 1297036692682702848-12288 line 2970 [ 1211.661357] binder_alloc: 17872: binder_alloc_buf failed to map page at 20002000 in userspace [ 1211.764496] binder: 17876:17877 transaction failed 29201/-12, size 0-12288 line 2970 03:55:14 executing program 2 (fault-call:2 fault-nth:68): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:14 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)=0x20008088) poll(&(0x7f00000001c0)=[{r0}], 0x1, 0xeaaf) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000340)={0xfffffffffffffffe, 0x9}) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f00000003c0)=@sack_info={0x0, 0x7fffffff, 0xfff}, &(0x7f0000000400)=0xc) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000440)={r2, @in6={{0xa, 0x4e23, 0x8, @ipv4={[], [], @broadcast}, 0x23e0fb84}}, 0x8, 0x401, 0x2, 0x7f, 0x4a}, &(0x7f0000000500)=0x98) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000000)) setxattr$trusted_overlay_nlink(&(0x7f0000000240)='./bus\x00', &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000280)={'L-', 0x80000002}, 0x29, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000200)='./bus\x00', &(0x7f00000002c0)='trusted.overlay.nlink\x00', 0x0, 0x0, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000300)=ANY=[@ANYRES32=r3, @ANYBLOB="5a0000006ce2273301232fdf77395323e4bbc3b4920f00d7991b686597f054032486ed369a211550e9c45a5f25edaf9463b4c8251185a1333e0d"], &(0x7f0000000380)=0x26) 03:55:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1211.850774] binder: 17893:17894 transaction failed 29201/-28, size 2305843009213693952-12288 line 2970 [ 1211.919344] binder: BINDER_SET_CONTEXT_MGR already set 03:55:14 executing program 0: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1211.969182] FAULT_INJECTION: forcing a failure. [ 1211.969182] name failslab, interval 1, probability 0, space 0, times 0 03:55:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1212.018451] binder: 17893:17899 ioctl 40046207 0 returned -16 [ 1212.018532] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 1212.018544] binder_alloc: 17893: binder_alloc_buf size 2305843009213706240 failed, no address space [ 1212.041155] CPU: 1 PID: 17904 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1212.048125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1212.057893] Call Trace: [ 1212.060525] dump_stack+0x172/0x1f0 [ 1212.064210] should_fail.cold+0xa/0x1b [ 1212.068162] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1212.073306] ? lock_downgrade+0x810/0x810 [ 1212.077761] ? ___might_sleep+0x163/0x280 [ 1212.082273] __should_failslab+0x121/0x190 [ 1212.086617] should_failslab+0x9/0x14 [ 1212.090472] kmem_cache_alloc_trace+0x2cf/0x760 [ 1212.095180] ? kasan_unpoison_shadow+0x35/0x50 [ 1212.099984] ? kasan_kmalloc+0xce/0xf0 [ 1212.104011] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1212.108984] __list_lru_init+0x3d3/0x6e0 [ 1212.113167] sget_userns+0x81e/0xd30 [ 1212.117172] ? kill_litter_super+0x60/0x60 [ 1212.121818] ? ns_test_super+0x50/0x50 [ 1212.127053] ? ns_test_super+0x50/0x50 [ 1212.130961] ? kill_litter_super+0x60/0x60 [ 1212.135213] sget+0x10c/0x150 [ 1212.138718] mount_bdev+0xff/0x3c0 [ 1212.142894] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1212.148201] ext4_mount+0x35/0x40 [ 1212.151685] mount_fs+0xae/0x331 [ 1212.155100] vfs_kern_mount.part.0+0x6f/0x410 [ 1212.159827] do_mount+0x53e/0x2bc0 [ 1212.163405] ? copy_mount_string+0x40/0x40 [ 1212.167782] ? copy_mount_options+0x1ea/0x3a0 [ 1212.172400] ? copy_mount_options+0x1f3/0x3a0 [ 1212.176927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1212.182702] ? copy_mount_options+0x280/0x3a0 [ 1212.187263] ksys_mount+0xdb/0x150 [ 1212.190834] __x64_sys_mount+0xbe/0x150 [ 1212.194835] do_syscall_64+0x103/0x610 [ 1212.198764] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1212.204420] RIP: 0033:0x45b81a [ 1212.207627] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1212.226548] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1212.234381] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1212.241848] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1212.249226] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1212.256611] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 03:55:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1212.264250] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1212.283500] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 1212.283516] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1212.317861] binder_alloc: 17893: binder_alloc_buf failed to map pages in userspace, no vma [ 1212.338513] binder_alloc: 17893: binder_alloc_buf failed to map pages in userspace, no vma 03:55:15 executing program 2 (fault-call:2 fault-nth:69): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:15 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x1) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x7, 0x8, 0x4}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000180)={r1, 0x90, "72f05589961ddee5b8ce8100ea2ecfe54f5cab3fbb01ee754dcc67c0c2b29382717980b2998173273a70d189e1288b0d316a3292400f59090cf797b449127c326375381c26e9d5399afaee4200216dfd720dcc0d07da326aececc6ec2c36af657999a83c7ffe0b410f6075a693afcab73dd321a6724feee13dff3a94b9597b6f790ac25506c0b10c19e985740b48cd52"}, &(0x7f0000000240)=0x98) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x10, 0x29}], 0x10}, 0x0) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001600)=[{0xc}], 0xc}}], 0xb, 0x0) 03:55:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:15 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:15 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb, 0x10, r0, 0x0) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffffc}) 03:55:15 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x400040, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x3}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x2cc, 0x7fffffff, 0xf17d}, &(0x7f0000000380)=0x98) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000180)={r2, 0x81, 0x8}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={r3, @in6={{0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, [], 0x28}, 0x8}}, 0xffffffffffffea4f, 0x6, 0x6, 0x8001, 0x54}, 0x98) socket$nl_generic(0x10, 0x3, 0x10) [ 1212.472558] binder_alloc: 17931: binder_alloc_buf failed to map page at 20002000 in userspace [ 1212.502187] binder_alloc: 17931: binder_alloc_buf size 4539628424389472256 failed, no address space 03:55:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1212.541837] binder_release_work: 40 callbacks suppressed [ 1212.541846] binder: undelivered TRANSACTION_ERROR: 29201 [ 1212.559759] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1212.578146] FAULT_INJECTION: forcing a failure. [ 1212.578146] name failslab, interval 1, probability 0, space 0, times 0 03:55:15 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000001740)=""/121, 0x79}, {&(0x7f00000017c0)=""/103, 0x67}], 0x2}}], 0x1, 0x0, 0x0) unlink(&(0x7f0000000000)='./file0\x00') prctl$PR_GET_NO_NEW_PRIVS(0x27) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_mr_cache\x00\xd3\xf4=\xf9\xe5\xcc\xe5\x1c\x95\x92\xead\x1a\xcf\x98G\xfa\x82\xba\xe38\xe7D\xe2\x05\xa7\x99\xe2\xec\n\xb6NUc\xc1\xba\xbaa\xf4\xf1\xd5a\xf4\xbe\x03\xf11/\x01\x00\x01\x00&\xda0\xe4\x12\xa0\xbc\"e\x10\x95Q\x1d\xfc\xa2U\x1b\xc8\x00W\x82\xd8\xff;\'\xf7d\x13\x04\x82\xa9\xc7\xe8\xec\xa9\xeax\x06\xc3|\x11\xf5%\x1f\xc8\x9b&\x8fyUVu\xc4Q\xda\xd9\xfax\x91c\x9f\xcd\r=\xb6?\f\xfb(\xb8\x97,\xbb%R\a\xdb\xfb\xfe\xde9\x8e\x14\x00\x01\x997&u%T\xf5[\x92\x98P\b$\xd30\r\x16#\xca') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x9}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x6, 0x100000000, 0x8201, 0x37, 0x10000000000, 0xfffffffffffeffff, 0x1, 0x5, r1}, &(0x7f00000001c0)=0x20) [ 1212.591994] binder: undelivered TRANSACTION_ERROR: 29201 [ 1212.601236] binder_alloc: 17931: binder_alloc_buf failed to map page at 20002000 in userspace [ 1212.625083] CPU: 0 PID: 17940 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1212.632085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1212.637461] binder_alloc: 17931: binder_alloc_buf size 4539628424389472256 failed, no address space [ 1212.641488] Call Trace: [ 1212.641519] dump_stack+0x172/0x1f0 [ 1212.641550] should_fail.cold+0xa/0x1b [ 1212.653379] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1212.653400] ? lock_downgrade+0x810/0x810 [ 1212.653421] ? ___might_sleep+0x163/0x280 [ 1212.666069] __should_failslab+0x121/0x190 [ 1212.666095] should_failslab+0x9/0x14 [ 1212.670595] binder: undelivered TRANSACTION_ERROR: 29201 [ 1212.674406] kmem_cache_alloc_trace+0x2cf/0x760 03:55:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") open$dir(&(0x7f0000000040)='./file0\x00', 0x40000400000002c2, 0xfffffffffffffffd) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$KDSETMODE(r1, 0x4b3a, 0x9fd3) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000140)={r2}) setreuid(0x0, 0xee00) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) [ 1212.674424] ? kasan_unpoison_shadow+0x35/0x50 [ 1212.674443] ? kasan_kmalloc+0xce/0xf0 [ 1212.701252] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1212.706221] __list_lru_init+0x3d3/0x6e0 [ 1212.710314] sget_userns+0x81e/0xd30 [ 1212.714049] ? kill_litter_super+0x60/0x60 [ 1212.718310] ? ns_test_super+0x50/0x50 [ 1212.722243] ? ns_test_super+0x50/0x50 [ 1212.726145] ? kill_litter_super+0x60/0x60 [ 1212.730399] sget+0x10c/0x150 [ 1212.733535] mount_bdev+0xff/0x3c0 [ 1212.737096] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1212.742233] ext4_mount+0x35/0x40 [ 1212.745748] mount_fs+0xae/0x331 [ 1212.746436] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1212.749142] vfs_kern_mount.part.0+0x6f/0x410 [ 1212.749161] do_mount+0x53e/0x2bc0 [ 1212.749182] ? copy_mount_string+0x40/0x40 [ 1212.749200] ? _copy_from_user+0xdd/0x150 [ 1212.749230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1212.749245] ? copy_mount_options+0x280/0x3a0 [ 1212.749263] ksys_mount+0xdb/0x150 [ 1212.749279] __x64_sys_mount+0xbe/0x150 03:55:15 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1212.749299] do_syscall_64+0x103/0x610 [ 1212.749327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1212.801272] RIP: 0033:0x45b81a [ 1212.804480] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1212.814866] binder: undelivered TRANSACTION_ERROR: 29201 [ 1212.823399] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1212.823416] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1212.823424] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1212.823432] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1212.823441] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1212.823448] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x3f, 0x80000) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0) write$P9_RMKDIR(r2, &(0x7f0000000040)={0x14}, 0x14) fcntl$setstatus(r2, 0x4, 0x6100) r3 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x800002, 0x12, r3, 0x0) ioctl$NBD_CLEAR_QUE(r3, 0xab05) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0x7) sendfile(r2, r4, 0x0, 0x8000fffffffe) process_vm_writev(0x0, &(0x7f0000000540)=[{&(0x7f0000000680)=""/4096, 0x1000}], 0x1, &(0x7f00000003c0)=[{&(0x7f0000001880)=""/204, 0x2000074c}], 0x1, 0x0) r5 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000180)={{{@in=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@initdev}}, &(0x7f0000000280)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000440)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000580)={{{@in6=@initdev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@local}}, &(0x7f0000000480)=0xe8) lstat(&(0x7f00000004c0)='./bus\x00', &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000500), &(0x7f0000001700)=0x0, &(0x7f0000001740)) lstat(&(0x7f0000001780)='./bus\x00', &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000001840), &(0x7f0000001980)=0x0, &(0x7f00000019c0)) fstat(r0, &(0x7f0000001a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000001a80), &(0x7f0000001ac0)=0x0, &(0x7f0000001b00)) lstat(&(0x7f0000001b40)='./bus\x00', &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f0000001c00)=[0xee01]) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000001c40)={0x0, 0x0, 0x0}, &(0x7f0000001c80)=0xc) fstat(r4, &(0x7f0000001cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000001d40)='./bus\x00', &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r20 = getegid() fsetxattr$system_posix_acl(r4, &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000001e00)={{}, {0x1, 0x4}, [{0x2, 0x5, r5}, {0x2, 0x7, r6}, {0x2, 0x4, r7}, {0x2, 0x1, r8}, {0x2, 0x4, r9}, {0x2, 0x1, r10}, {0x2, 0x4, r11}], {0x4, 0x2}, [{0x8, 0x0, r12}, {0x8, 0x4, r13}, {0x8, 0x1, r14}, {0x8, 0x7, r15}, {0x8, 0x2, r16}, {0x8, 0x2, r17}, {0x8, 0x4, r18}, {0x8, 0x3, r19}, {0x8, 0x3, r20}], {0x10, 0x2}, {0x20, 0x3}}, 0xa4, 0x3) [ 1212.902907] binder_alloc: 17931: binder_alloc_buf failed to map pages in userspace, no vma [ 1212.929072] binder_alloc: 17931: binder_alloc_buf failed to map pages in userspace, no vma [ 1212.935390] binder: undelivered TRANSACTION_ERROR: 29189 [ 1212.961846] binder: undelivered TRANSACTION_ERROR: 29189 03:55:15 executing program 2 (fault-call:2 fault-nth:70): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:15 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x2000000080000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f00000000c0)={'filter\x02\x00', 0x4}, 0x68) close(r2) close(r1) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000040)={0x1, [0x800]}, 0x6) 03:55:15 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x1000000000004e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000980)=ANY=[@ANYBLOB="7f"], 0x1) r1 = dup2(r0, r0) write(r1, &(0x7f00000014c0)="4bce0bfae6645affb85068a40891b3a752296197273f6f4d071a854a0e7ebc1061ca9f651e898791e1feebb6f330b9e88ea0d916375eff9000f69f2e146773befe5133b981288d6c9a5d6eb12ca28907a000b863f111927db582524995a837d1999cac0edf696d10c86061f6b4aaa1d37e6dc63fa95f8b88a8584c43d2183d20a762d59f6923b536fb024adc40b7d2a66b4b6f8b8aeab49dbb48389c2bd5ebf2a8b8f7b46b931d0c546fa77729d10fa1d22bcaf9c86b049f49ce9d14cd20142e5e64269f0cccbc51440391799b4c0c72f34b9fa9b599b6150c1a6d76b8b0a54c2628247dc14ad16b3b2e0834108d91f0805ed207ac279ba0c494d8c7b7b71096f1bb23bb86d74cd66f5f07ccab9f06ccde02c4a570ae6c798d97c46e1a4d85fd2e46cb1c5a45f3bb886a1fc1e0ba6f7ccd0bb775e06b85d89a69971b34f400260d4b9b340b66805b0f50b09e0efe651fe2bd362cd4a972393aaa5568b803bb3e3c3db18355e7258099e86840cdd8127499fed607bb4a679bb5983b1fdfce9c4a4017256a38cf1ece4fb7b7cd883f54e541774cf8b5bf67bbf25857691b0428093e90404fa8decf40b94ff3b008587c5e2e9fefcb50557971abf5795b8c3d768a754ca7d5e8b46dd1619f04aea99693c362415db762ee1179fdc8641a41015b6ea38b75560acf987031ccfeb4a7bda91f57b3982bd608a51ce9d155827d0220744b88e96f6f259627a41303263d891973640027de16cf2c47a286990bc3123a2067614000be76587deba6c16c7e7faccfa0c21ba45a724b20d850c73b3a1fb3e3f3af7a29b4eccfe370f8e4d59e2a2cb0c44b773b992c8eb9d285ebcfa229efb1eeeeb81d902ea82b8aa34e5dfa6cab0e679dd4d8c3c4342d9a1f3277be8ae9743f3964f49143dc4899a14f2e5099b72aea1a2d5cc9385f1ec5efe6cb34fbfe53377430ce21422c02186009840ca40cc80af6f331613b5c84c20b998959402a16fbdbadcf35be6642d20ceb2e062d10f5f83c8b5035733c1529aee3d7c7e7b73b2638e0c6da17250c7c48a4a5d113a7c7b91317ff40be6c54b969692a8a92af51d84f6704bef315fa8c91497f538da4f39f1681b2da73c5e0f64128d04651b878d78a9f34abd221714b33003457d0852e6b060bf59a748c6598581c791d24ccd3f8c43fddef2bde864fe184d7c8cc103341c6b72651508d937748bf9c8cafc11d6ce706fd13e603fd19d952976ea8f5ceb4b29329ccfda836c34e1169ab8069da5533ba2f1eb680bd97bae113312e06b680f6af455f161b76b130bc832250bfc475854e39c24a946f6e758df4ca9a1ae0106da10577947b67ac6ec9c288c7e24805bb7a491886bcf56c2b4c67626cb5c314d2e3681a9c591cdb0d2ccbfda278510c1da7c42053", 0x3e6) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000080), &(0x7f00000001c0), &(0x7f0000000200)=0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f0000000300)=[0x0, 0xee01]) setgroups(0x4, &(0x7f0000000340)=[r2, r3, r4, r5]) openat$cgroup_subtree(r1, &(0x7f0000000380)='cgroup.subtree_control\x00', 0x2, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") write$binfmt_elf32(r0, &(0x7f0000002200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}], "517fd6483dedd6fee36fde94d905aa4fb513c1b506b1b5f84d38d6b8f2eadcc4da0fde9205db44927b81cdd0ce47a5663dd63018589b3d3be2df80ce1a9edb687b785bd2dfff92e80bb56f409d864aff6f346abb658ccc0ae83a1ac79027e70ce06b8ef169d8852c2e449d0c4de29945de664ca5e75bff457f2544b7a8ea814315042b42", [[], []]}, 0x2dc) 03:55:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:15 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1213.012671] audit: type=1804 audit(2000001315.680:283): pid=17966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822172419/syzkaller.haia9v/1579/bus" dev="sda1" ino=16689 res=1 [ 1213.063623] binder_alloc: 17970: binder_alloc_buf size 4611686018427400192 failed, no address space [ 1213.103773] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1213.114598] audit: type=1804 audit(2000001315.690:284): pid=17966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822172419/syzkaller.haia9v/1579/bus" dev="sda1" ino=16689 res=1 [ 1213.145675] binder_alloc: 17970: binder_alloc_buf failed to map page at 20002000 in userspace [ 1213.152664] binder: undelivered TRANSACTION_ERROR: 29201 [ 1213.160468] FAULT_INJECTION: forcing a failure. 03:55:15 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r0, &(0x7f00000004c0)={0x18, 0x0, {0x2, @link_local, 'ip6gre0\x00'}}, 0x1e) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000180)={{{@in=@initdev, @in6=@loopback}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f0000000280)=0xe8) sendmmsg(r0, &(0x7f0000000380)=[{{&(0x7f00000002c0)=@llc={0x1a, 0x108, 0x7, 0x612, 0x925, 0x8f, @local}, 0x80, &(0x7f0000000340), 0x0, &(0x7f00000019c0)=[{0x60, 0x84, 0x4558, "b5eb16ad7341b9ea7eb5c76a28af3ba010095f08624d9b8f0be9cbb65dcaac7320775f760cd2061f8ca25241b48710a9814933194c27146dab72be9d0a9eaa49ca105a78388c26eb12a6ec7dea"}, {0x50, 0x3a, 0x160802cd, "f5b38bf14853c2b96d011fe231490490ba20e8bbccc5854c4b4cd01cb5b44a0bfd07380b0c13b2ea7672a7f5b83092fa7e685e8878c577ee4992"}, {0x60, 0x11d, 0x5, "eed70d6fd5424aec313fe2f79c1d10fdf4be0a7e942e01866a8f0e6e475de1941808149c50457373835985c746189a2912a3db18f0c180a02b5732195621404c7655b757043eee90fbf2f1cfec"}, {0x108, 0x1a8183f0adebbb4b, 0x5, "eb94d38a38f43731ba2b255c265dd844fbb345bbe137eabb1d72f0912eb27b50743dbab0012fa79a8ea626c4b54bfc0295857bbc20574fb3a89a6c6f021329dd1af1e0f127a02156c38374d6c2b1e2edec5909bc23a39bfccad4ce385273ed20addcdde0cab764262a1e368f1a81d1204d1f7e1438ea9199cb1a655bf83927f67b724e80522d3290a2b751a054ffc7054a01b12ae2982bbe8bd87facbd59a4e77fd28f0798640cda78e27b0dbf5655bcec55c3e8bd0d8d257ade95f97657ca2ce5a820d7d69ede2242e57ed694bd7c1db9216232186239658a4604bdcc232d428ce31f996df324ac5bf28b9010dfd6303c6a0807"}, {0xe8, 0x117, 0x8, "50d8284b9d9b8b664cf942670afa0f75c19cd200837ee30896eb73fb1ad89feda004593e06b7ccef0f16167ca354e9d5d1da2f5af3a8d5b0a0238e77cb6f5e177e9f88264161f7f52b4e7a87f9e3f249f05182c57077806bd5596374719db721ca614a55ca0b32c03972de7a4bce68350c5ffb91c8f6782ba5df159dec5684aa815cee2f8873414ddf355a264e27ae97f2a3ee92c5e0c9390497c243f3f395b34e16f382fb5efce452d2f884f26b5a634291c99d9f61119c980164f422fa3d416a355284906bdd0bd11f6051c4ee29e3bb7439"}], 0x300}, 0x7fffffff}], 0x1, 0x24000000) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2000, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=0x0) write$P9_RGETLOCK(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="267b0000003702000007000000000000000600000000000000c2dbe54573172250cc6eabfc4fcb3cab7de1077e1c9f6869b622d5f662d705feffb6de7af83ab3a1e5fe6f0756c5e06ee90fb27d9970a7507f35c8bb3b5384b500cece9a12415ac117099b76b5433e60a427933fc07cf1e3b8c6eeceb859a229c5c59b93af5cfeeb3aee51ad9db3790e5990872e0b60dbbe99d0cc9162b1d67dafe56bd8a215ef3e039608e5c2c7d67603b4f4c6be2a1a9a5a", @ANYRES32=r2, @ANYBLOB="080069743667726530000757b7715298e663a7efc09843bd942f5de590f099115146e80677032d33f302923ff387ff5a0e12b575f84f16b7e528215dc0277d0f09fb687869a36858842eff6be57b326629e1f88e1acb4479de1c185f1471cae109b3102cd2c5011ef934600ffbdbc4e24079ec000000000000001df05b88544959d969b75a742116638388ee6b189c25451464fa1fdbdf08098865a41194769b37ff891fa7e4c99575dac02bd3fc7dece9abdc4714890998554c58f8c54ee94858e9c857191623dee15287767ee361973b7297af7933807460560c4bdb4089b2bda4b46b815552a0b13ff4"], 0x26) [ 1213.160468] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.185872] binder_alloc: 17970: binder_alloc_buf size 4611686018427400192 failed, no address space [ 1213.185930] binder: undelivered TRANSACTION_ERROR: 29201 [ 1213.202992] CPU: 1 PID: 17976 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1213.209970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1213.219523] Call Trace: [ 1213.222149] dump_stack+0x172/0x1f0 [ 1213.225820] should_fail.cold+0xa/0x1b [ 1213.229747] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1213.234881] ? lock_downgrade+0x810/0x810 [ 1213.239060] ? ___might_sleep+0x163/0x280 [ 1213.243270] __should_failslab+0x121/0x190 [ 1213.247546] should_failslab+0x9/0x14 [ 1213.251451] kmem_cache_alloc_trace+0x2cf/0x760 [ 1213.256146] ? kasan_unpoison_shadow+0x35/0x50 [ 1213.257062] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1213.260758] ? kasan_kmalloc+0xce/0xf0 [ 1213.273796] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1213.278766] __list_lru_init+0x3d3/0x6e0 [ 1213.283124] sget_userns+0x81e/0xd30 [ 1213.286873] ? kill_litter_super+0x60/0x60 [ 1213.291135] ? ns_test_super+0x50/0x50 [ 1213.295061] ? ns_test_super+0x50/0x50 [ 1213.298970] ? kill_litter_super+0x60/0x60 [ 1213.303235] sget+0x10c/0x150 [ 1213.306372] mount_bdev+0xff/0x3c0 [ 1213.309937] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1213.315075] ext4_mount+0x35/0x40 [ 1213.318548] mount_fs+0xae/0x331 [ 1213.321938] vfs_kern_mount.part.0+0x6f/0x410 [ 1213.326458] do_mount+0x53e/0x2bc0 [ 1213.330028] ? copy_mount_string+0x40/0x40 [ 1213.334288] ? _copy_from_user+0xdd/0x150 [ 1213.338465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1213.344025] ? copy_mount_options+0x280/0x3a0 [ 1213.348552] ksys_mount+0xdb/0x150 [ 1213.352127] __x64_sys_mount+0xbe/0x150 [ 1213.356151] do_syscall_64+0x103/0x610 [ 1213.360105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1213.365601] RIP: 0033:0x45b81a [ 1213.368807] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1213.388650] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1213.396398] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1213.403783] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:55:15 executing program 1: r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000140)={0x9, 0x108, 0xfa00, {r1, 0x2f, "a6fef5", "c1a2e5d423cfa22359d2ee15fea3c2f6e3c03205df44444df9c4eab047e9300937d5429717918d06c237da4b5e30322e7074d499804548e065222cb8b5622c543f9c4251f745fae711122da7b48d9a5b525b0a78ff32bca90223de77512c39f856cd2d5c2ab337bce520f401b54b7b5a0dc7ea216b37dd4b3e1ad894b4de0775f7e596fd021c45113579c276cad227d281bc1bb591817fd312aa61b5d6ba4b60009be662ead151ba4c62a21df1beaa88f9846c5a70d48fdc167fe68dee4a21eccb8803cdac3693c52378f22262ced019486dee1eeb269de697458402b72e5d13de978dbf88e6ce89dd5ff09661040c21bc7c18c0c60556472e57ae3d4d5586fc"}}, 0x110) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1}) getrandom(&(0x7f0000000000)=""/59, 0x3b, 0x3) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x100) ioctl$VIDIOC_OVERLAY(r2, 0x4004560e, &(0x7f0000000280)=0x5) 03:55:16 executing program 1: setreuid(0x0, 0xee00) setresgid(0x0, 0xee00, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) 03:55:16 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1213.411076] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1213.418411] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1213.425714] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1213.464541] binder: undelivered TRANSACTION_ERROR: 29201 03:55:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1, 0x22}]}, &(0x7f0000f6bffb)='GPL\x00'}, 0x48) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000080)={0x101, 0x0, 0x43, 0x8, 0x0}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000100)={r2, @in={{0x2, 0x4e22, @empty}}, [0xfdc, 0x8, 0x10000, 0x9, 0x10000, 0x78, 0xfffffffffffffffa, 0x1, 0xfffffffffffffff7, 0x4, 0x28c, 0x8, 0x9, 0x4, 0x40]}, &(0x7f0000000200)=0x100) 03:55:16 executing program 4: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)=0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000080)={0x0, r2}) ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c123f319bd070") syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000100)='./file0\x00', 0xe0000, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSACCEPT(0xffffffffffffffff, 0x89e3) readv(0xffffffffffffffff, &(0x7f00000002c0), 0x10000000000002f3) [ 1213.611388] binder: undelivered TRANSACTION_ERROR: 29189 [ 1213.626323] binder_alloc: 18001: binder_alloc_buf size 5188146770730823680 failed, no address space [ 1213.666256] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1213.682127] binder_alloc: 18001: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:16 executing program 2 (fault-call:2 fault-nth:71): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:16 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/enforce\x00', 0x385000, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000300)={0xffffffff80000001, 0xfffffffffffffffe, 0x8, 0xa1, 0x6, 0xffffffffffff9f7b, 0x100000001, 0x7fff, 0x7, 0x3, 0x3, 0x2}) mount(0x0, &(0x7f0000000180)='./file0/\x00', &(0x7f00000001c0)='proc\x00\x9bj,\x82?\x92\xab\x1d[/P\x15\\!\xb4\xdd\xad\xd9\x06\x00y!k\xec\xc1oG\xaf\xb3\xae\xc6\xb4\xd7W\xea\xc0\xa64J\xfd\x1c\xe9\xd5a\a\\1\xc4\x14*\xa5\xbfa\xc3\xaeE\x86@\xc0\xeca\xba\xa4\xc0\rhL\xd9^\v\xe6\x81S\xc4\xad\xca^E\x19\f:&\xa5\fA\xd7\x93\xa4\xa9\x83\xe9', 0x0, 0x0) r1 = inotify_init1(0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000480)=""/178) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000340)={{{@in6, @in=@empty}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000000440)=0xe8) inotify_add_watch(r0, &(0x7f0000000600)='./file0\x00', 0x4a400295c) r2 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) dup2(r1, r2) bind$unix(r0, &(0x7f0000000540)=@abs={0x0, 0x0, 0x4e20}, 0x6e) alarm(0x7ff) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106, 0xe}}, 0xfffd) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000100)={0xb, 0x10, 0xfa00, {&(0x7f0000000240), r3, 0x9}}, 0x18) 03:55:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$P9_RREAD(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00'], 0x1) fsync(r2) fallocate(r1, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r2, 0x2}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000026c0)={0x8, 0x0, [{0x1, 0xcd, &(0x7f00000001c0)=""/205}, {0x110001, 0x1000, &(0x7f00000002c0)=""/4096}, {0x6001, 0x1000, &(0x7f00000012c0)=""/4096}, {0x2, 0x62, &(0x7f00000022c0)=""/98}, {0x5, 0xea, &(0x7f0000002340)=""/234}, {0x0, 0xdd, &(0x7f0000002440)=""/221}, {0x5002, 0x4c, &(0x7f0000002540)=""/76}, {0x2000, 0xf1, &(0x7f00000025c0)=""/241}]}) 03:55:16 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1213.732973] binder_alloc: 18001: binder_alloc_buf size 5188146770730823680 failed, no address space [ 1213.797034] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:16 executing program 0: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x4, 0x4000) write$selinux_context(r0, &(0x7f0000000080)='system_u:object_r:ping_exec_t:s0\x00', 0x21) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r1, &(0x7f0000000200), 0x2ab, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000100), 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000140)={0x1000, 0x0, 0x0, 0x0}) 03:55:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1213.879046] binder_alloc: 18001: binder_alloc_buf failed to map pages in userspace, no vma [ 1213.913911] audit: type=1800 audit(2000001316.580:285): pid=18021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.1" name=7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16690 res=0 [ 1213.956320] FAULT_INJECTION: forcing a failure. [ 1213.956320] name failslab, interval 1, probability 0, space 0, times 0 03:55:16 executing program 1: r0 = socket$unix(0x1, 0x1000000000000001, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000180)=0xffff, 0x4) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4$unix(r1, 0x0, 0x0, 0x0) r3 = fcntl$dupfd(r0, 0x0, r2) write$input_event(r3, &(0x7f0000000100)={{0x77359400}}, 0x18) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d9c3655516ffc8a183551872499fbfeacb8a06dbf9de9d2bb8aed5f06448b6de4673deef56affc1813afcd6bba75a0a3e2081f529d182836fb4e200e97bccd1962ab6d561d908ae148c56ae52cf83bd63c23eeb86ec7ac9cba318d942d04baeb7e93b3fc47e36"], 0x1) read(r2, &(0x7f00000001c0)=""/138, 0x8a) [ 1213.988247] binder_alloc: 18029: binder_alloc_buf size 5476377146882535424 failed, no address space [ 1214.055176] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1214.096014] CPU: 1 PID: 18027 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1214.103099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1214.112477] Call Trace: [ 1214.115093] dump_stack+0x172/0x1f0 [ 1214.118760] should_fail.cold+0xa/0x1b [ 1214.122682] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1214.127815] ? lock_downgrade+0x810/0x810 [ 1214.132092] ? ___might_sleep+0x163/0x280 [ 1214.132572] binder_alloc: 18029: binder_alloc_buf size 5476377146882535424 failed, no address space [ 1214.136265] __should_failslab+0x121/0x190 [ 1214.136285] should_failslab+0x9/0x14 [ 1214.136306] kmem_cache_alloc_trace+0x2cf/0x760 [ 1214.158233] ? kasan_unpoison_shadow+0x35/0x50 [ 1214.162846] ? kasan_kmalloc+0xce/0xf0 [ 1214.166766] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1214.171151] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1214.171723] __list_lru_init+0x3d3/0x6e0 [ 1214.171747] sget_userns+0x81e/0xd30 [ 1214.171768] ? kill_litter_super+0x60/0x60 [ 1214.192753] ? ns_test_super+0x50/0x50 [ 1214.196668] ? ns_test_super+0x50/0x50 [ 1214.200588] ? kill_litter_super+0x60/0x60 [ 1214.204841] sget+0x10c/0x150 [ 1214.207972] mount_bdev+0xff/0x3c0 [ 1214.211564] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1214.216918] ext4_mount+0x35/0x40 [ 1214.220405] mount_fs+0xae/0x331 [ 1214.223817] vfs_kern_mount.part.0+0x6f/0x410 [ 1214.228344] do_mount+0x53e/0x2bc0 [ 1214.231948] ? copy_mount_string+0x40/0x40 [ 1214.236225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1214.241794] ? copy_mount_options+0x280/0x3a0 [ 1214.246332] ksys_mount+0xdb/0x150 [ 1214.249921] __x64_sys_mount+0xbe/0x150 [ 1214.253922] do_syscall_64+0x103/0x610 [ 1214.257839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1214.263047] RIP: 0033:0x45b81a [ 1214.266256] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1214.266266] RSP: 002b:00007f35c6934a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:16 executing program 4: r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000000)={0x80}) fcntl$setsig(r0, 0xa, 0xd) 03:55:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1, 0x0, 0x25d}}], 0xf4, 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x20000, 0x0) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x44) ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) semget$private(0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000080)={0x2, 0x8, 0x7, 0x40}, 0x8) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00') msgget(0x1, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) preadv(r1, &(0x7f00000017c0), 0xffffe63, 0x10000000000000) 03:55:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:17 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1214.266287] RAX: ffffffffffffffda RBX: 00007f35c6934b40 RCX: 000000000045b81a [ 1214.300236] RDX: 00007f35c6934ae0 RSI: 0000000020000000 RDI: 00007f35c6934b00 [ 1214.307536] RBP: 0000000000000001 R08: 00007f35c6934b40 R09: 00007f35c6934ae0 [ 1214.314920] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1214.322214] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000003 [ 1214.351394] binder_alloc: 18051: binder_alloc_buf size 6917529027641094144 failed, no address space [ 1214.374883] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:17 executing program 4: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000100)=ANY=[@ANYBLOB="73656375726974790900000000000000efffff7f0000010000000000000000000e9affffff00000048030000f942000000000000280113d62a01"], 0x1) getpgrp(0x0) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x200000, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', r1}, 0x10) tkill(r0, 0x38) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="79e43f605c5bf72600b0f95600000000800cefff323eeb9f17da85be98b148000000297625e59c7903000000000000007f3e66da1cc43fdd19"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1214.394979] binder_alloc: 18051: binder_alloc_buf failed to map page at 20002000 in userspace [ 1214.435324] binder_alloc: 18051: binder_alloc_buf failed to map pages in userspace, no vma 03:55:17 executing program 2 (fault-call:2 fault-nth:72): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:17 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x60]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:17 executing program 4: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x113100, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) tee(r0, r0, 0x9, 0x2) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x420041, 0x0) io_setup(0x1, &(0x7f00000000c0)=0x0) io_submit(r2, 0x8, &(0x7f0000001680)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x800, r1, &(0x7f0000000100)="89db54bab5194e02b2dd58a91ac60267a4bddd708e8f9f5419238e7843fe51f53e823f4c3b05c66b31158f10c5866a4fab7accd7ddaec73cbd2ef39ecc4b6a27", 0x40, 0x7f80, 0x0, 0x0, r1}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x100000001, r0, &(0x7f0000000180)="0503f42806c492d31b94d9a40d5368a83e3747c3d14ab04fd126c92e190b47d4ee4270019aae1bab40dc33a8f3573ad1d77960fc7d36bcc6a0e5eafeeabcd85e336b8da1ecff3f9c65d90cb038a0e0826b16dc542449934e4dba7db83cdafec8dcab3012d3e3f79508c34ec1889986417b0023a62c5c1c7c397f17b67e8d0cdcb9e1f1a3ec54493916ed6156a087889ea6a7597310db95ccad3bd10dc4d7812e147987cfcf3d38c668d167178ad7cf4545b6947352feb994e7eb52301217a917603f3e9820ee51887401be32b8245af5e070248e727089df6f754a5347cbc3bd65fcc0e7365dfe20e13e825ca5e99f2627", 0xf1, 0x7ff, 0x0, 0x3, r1}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x7, 0x9, r0, &(0x7f00000002c0)="956b991cd444a22255213b8ace33122d3fdba89f6243b72141800bb8bacb37c86588dc", 0x23, 0x5, 0x0, 0x1, r0}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x3, 0x69d2, r0, &(0x7f0000000340)="49f846aef4b743303df43bb71cb6a65b9c1b8f559328071b9ef3bf554dfa3b36348346ec462d7bee9ba63e030cbcabd1329f1ce19fc85c1c86058ce081227a52adc34a355d0abef84dc0655dde4c83b4a7f35b36ef38ca40d4f80400fe4319cd535925969421d4914e38a7a7f0fdfa1be923b81a6e81400b7db7107e392787f5c2ad202d03e4a9ba3200ea5f5d05e6fdb48f5ef8a9b5f76a0e1de4e3080ff619095b4f8eef14532c836ef268df4a3dfbed675846f20ba076a3b25cf5895a87b98974ec8129ae25b9110c4ce9f77762e1a79ee34075b7b166e7c2f51edf8dfa17b857679e00e615e04c57", 0xea, 0x3, 0x0, 0x2, r0}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x7, 0x40, r1, &(0x7f0000000480)="b8c93108d4c2ddbd648d1f52010bacd97b2b837bed0056aa6e415883ac344ff08c362f56e8a856e1755f79953984b6bf721f9fff89f26897d28507e08985357bba7019826e22b9ee139d57e595aa9f7ab8d642b102961702f5add9ef2b13c909b0a43512d22711625c1c73581cbb5ad2ca39ca4e1c5a169823a3d0d1ec0e4de737990221257bd02ed99b8283a36c3259d9a744d36de07bc961ca2f056d8c789923976cb3d84c2fdf722db7a579eb2272c82586db3249f68fd552ab770423498e03f29a8eaa48d942fd76aab4e1d37faef27c717769e8ebc016132d93bc8275234dbfb50515eaf8379a96e9faa5d0b50673ad92ca517069e32f0bb32f1730b9e3533026391d8d9e1e34d144ef1b09bc34d271be549d405bfa91a82f41a8234637a8af3eb1bbc8a9f60db1f979c52d3f07ab576df8bc718559c23b5fbb3c928aa2b64a17bf96d59e2179f012f8157538fab89a3e17cd586bb235c1920f28c6e894b670f3f8585e3332914a4001f747b1bcc805f1304d085c94a84863a1d40a560111ce4586f9ee8cb6b40542992e08955273171a259c782994790ff88c429cb9f2bf3786905621886e2498b968cfae60719d2396afcda59f880409c1d97a0b3a5b19701583d54d321a48efc02cb810a1019e822bc115a00b86632b798f5e9c057f9852da775e679c7a1f0ebde38a2790930831c7c4fc2ef453872885fe4dd25423f8db8ddc084d5dd03c76fdbfcf8ed46c3f48ba81c0d716130bb6fbf214d51bc981bc6835b67fe7f9ded11ee6f30e0b092cc68fcbabd281005dabb2e08ea579962a8d67a513965c51dfaa860888c557d52b461eaa7868dd60dad2cb4da64f53f0c3e9a312d9aa16cf3f5414931ad49f64bf3aece0f9af09a174eaceed3546383ef2f85cdad9a4ead2f322dd9d268acac920b0cdcf7962855f3bbce5cb1e63844fc28d99894755663c31d0f48e37e11772c901e989276e247d1cfd87e57c98b71115d33668d7de08fba57861de94d5dd0594e3be32ddebe556bd18c1ac3b05f7d89aa1a4513de5cee522e5ae1dfb91f5df27dd254858d930fd454e132b6f03c0b32a74e49f112c0d66813fceffea70441c487fb6bf25fedc3323e7ed02e2191cd75edad764ca9a191489b56bdcc593830d46f234d21ea23ffe0d0b64da69693158c8e2cca4b5a30a1c9747a657b043aced44bd58b9157d798c5c92da9d3942a8ab0552803c37178711321fc1e75662842562823d405235a5a8786f96bcb7610c4714feeba7a9a2a516536d63931b754de39560f0184b5efdad0d53de192fb02d8113386f64a41883ff504db4fb41565e3cea00a566e1b3089cfec3df1d541f75cde3bcf941e75ba0b6c75dff7e2c2d547f16070383713372b144081936e8ebd6eed3da6ab8206aa29a5bffb1efb5d0586befb5c740ca677a48f41a72f0b9b583b516ad6d7c6ae0485596ffb7e3d9d0745ed7c023b245b1b5126f4218480a25cb5d8d5e028b0c58192523e414a512841abb598a9bec04d5207d3f0245ca79cb131c5f206a9239ba1d5e0dcaefef02fafc3a8990a7c8d3aaf791451d45f32a0467a5c9d1996006734eb6035a52aa2c0dafe7f3bfd341134e2b92c82d12d5bd722c06e2cab8f4bf3a2e837996558acac26a380da3c997792aa303c1054df238940b7870fd0504afa8afdc58945b67de878659c731e2e8cd81795ed11c9b5a4a944722258d137f11f88348f01257faf2f3833508cf9df3f0f1fd14a0954b35c5646b477773e1dc285c0565d421a540c0b3b4f69fa1aae41aa5c9de5740cbd05339201af9893e0f9631a3ab18e8a8a9d2d0284db6003795ea8e5d65531de4337b90e18a310d29fa904eac5a8bd121ad1de82a60414c90df77f2afd63de4904fab0a5cb45cfddcd9d2d3ba4362ed1f405b6fab3bf98569c26c6ab863ad21f55ef2c3ae27ae6e30b8f4e11178d0131c30646e21b0247f90bf5fe3a6719ef15d35c348e40dc1cb249ddb2d62b548340ad869417f72f8169dd697ff383b8fde71bff3fc1a331bda477f3b83473b4a675dfe35e5824f35c8b61b8129340b6f323194aa86328cab486d1a005493ab7d9203f2bdcfbaa9a463ce66b4b6a0fbb787ce0e5bfe3b9833f477469596075082042966aa134701a8678c2c3a250913b9b23ad5f1ee34c82e0e064efd9ea5192c0b3b0c26b1750a1b9fef20c29fcda16ff805fcc8489e0b0ab0411ef08b4525c2529c1060d00ff89135919a2e0200f163a5070a98f3d7fd3bac05b04a1a8d0ad6efd4462003764c69233ea6404c1bae5dd5ded9f6df24c2e86702d3a2b4c04e626404ce2f672185e7d2207669a9f380bbe95c275530ccaf0e260b9d187808c955b29770b9dd033e985db82872fcaaa1b78dfe83a37c5ddf9363a8d790b55e46067ece73b9f036a4c4c2a21b2933158c58905b87039c8a4b20cf28bc8ecfdf3866c1dd5ea1596e264b7e8981692ce65cd99068c064e9d59c745c578da1e3391a920d1198d1c637493bfd8bf1713999c956d0f662fab68bb8ffae6c3bd4ea0261a7141a195c7747fcfa11f7d3d076fc7735c76686a16dd49b982f1f011845e7beb3c7f3f8f04c7da6dba7a33210eea0e6bb0d876275cc18866c7211baf73468d41209e5c8bd4dea769ee5901f5613f8e44ba1bf2780411e70d6a733d4d7e3f83497067eb1a91e2cdac21ffdec620019146c4698805e11f1539310cdb0c416047e52dd967a0f7f900efb9e06838fc74e46aee602427a16925f3b74378afc2d3f0d8fd7ce5af34fb75765fc25144248180c67fbddc1366717e512f57b97fc3aace69f75c0c0f6244dafcbb18f87a035417d29c3f6a0a6866630f16f1c64aecbe12f90e468d101e35cceb21132ef8dda1fc8f903cc0595ecfa5223837cc774b874e331b4cf2c477c05c180b5c9ed6409f67194d9a9c4a08e03f344672cf72764217a0939b923565b1778ff6696d3b7b8419f4581d64ef62ce4b19a52ee39c8173e22ebe4733275bdcec0eef89f4cdf004721874dded6b7f2161984a4338dbefb2c24f087aee6d9f64b3a0fc5c7f573a585682d9d0347f94729368b043eee77a825dc660857f9516e0a838825abfbb3c40767235ae72f6de77cccba014f509d1dd22535822d2346f163fb83791b77d717dc9ce26db0c4391711a0bf67cfc8c902967a716bca0c2858edfeb7336be441efbb68cffc9d16f0c3d45bd6d64ea700a8fe9730c033b07ea9c4ff8ea9988f60596c99bc8f680c4e5fc3ef315be9c3a4eb202546c77786f5cc90bf14c69ea6fa8a44cd748d3bd2c9d2c82690a97258bd44425c3271374b1d0eb44f72cee995240ec0fb0b71fa1d0d2cf88bd556f337b7f1d3d3ad571aa7152d7520ae26435f7361e195f3e1466ee80075cd6e5b347436e162ee36a1663b4efeef102b7c780404bb7362ec560e4f54ad91e4692ec7e03b5b6339302095f39377ee04de2e364edc188ee1e9ee6acdc569f576f69adfa32f1c991a710923a47c585d1bb14b21a56495011dc6f5a9ad64656139a3b74ef35bd04c73a2611e5ae266f2d4c0bc5332c8e31602c009eb281e1aab800f84e32ffb456e0e456576ac9581d1d0f9dc5ade6e4eeeac7d3303aec710090074c53494bc9f67fc708ae95b5b06b728ec576f2b0bbcf787212388aeed0cb1a3b4905d9ae1a670e443344d32f7168193d71f31128dfec26b202911ddd2843ea6bf8e329761053d51df7343fc016afaab9d08468111d6baccd77a5cb0940f7f99a32bedb818e7451249c30d8eebeec2f6823848997e2c53f7c8e06506c952f234785774a06826367c9ba57a64aa6b26904a00027e987cfaa8ba066f8b2078288957cc68fe661b3b79c55d21e08a942ae46f95e7bea4773e20674fe0da979271e2c0e5d9dfa191baf2a475dc83a3b09f71ff6aacc198e1397910a6a818a20c9d7dd8ffabcbdaeebf7d0b18023c97299e34a5bb7f97f403ad92682c95e494124d8bd1482df7fb4174242fab564aa02a0b8d7a8f3c0bac983c4969214f22736da6768fbc1f392ea23668f2eb30b106da0b68d61f749e8a9c0e40e0e04a3ef5cb71576926c731bb8c96f22c53da90869683cc4f571d93f1ce9efae0477f915cc55a2c0686cbea6d32fc01944e00527c24ce945f41d1e8425db5b99f8595d760b315539ff59006ddc0898568ff2c82147ea1640261ed98af292141ee95c38890a3f6fbe73e37b9706c50a700d5ae85b99598d7b09a2cdb6047b02e5b0ccc09e1ff61993fa40a1ea0066675c1cd8a2ed986a29d5e38e9dd9a14f3a648b2c43030359409a0c64ae71cfb1a699aa69a3c8f90117bac0e4d87e368cfa96c76e5c8a68ca094cf855eafb38d1d1e9c8cd1113cf12dffd6f2ee928dfd5e3b1ad958bbaf0263ae44c88398dcf80cdfab887c318965416733e3eee71c44a4f772de144fccb25b1aecba4f70e4f8ab54a6578de0bfc69b6b34c4043680a93913263002a1a09097f79283ecda3258ca0f85c9a3da9713ed468376b2d7a664b91d251dfcee5e2dc88324bcdbb38fb242f8eeecb78dede246ed72d0081e059f2ca9af7addfe06532461f335f94e9ded7a01b43291c5f28b4e94042dbf49902a3927215d854294382f3b039d5244c3a559faf2699ab8f7a3f6e4d1883d894bf3fe2e5627d45481cbbb1af4d2d85203d1918e4cc3176f9b57c5de09a344e36417a4d5700931bab4b81a6847140db3a21fe295068d566f5cd0700f2ab7430226f2ad846e7c6668a4aed3eee4b0d18f2348ef03b0f65cfb6b4e736219f18a1b7915721d8553a01e3e26e21a66deafc8d5dbc2b010741bab786ae701d56c514373928b14803b3b21f20d526db462bc0077f4ce68be7c7aa2cbac1d1186cf8f98736fa13431d4ec16483e8a7d02a3afe079ddcdac0956cf03c969959ea2995b65509df323d8392bad585e39b0133a01c3ab9b9258fd8a0a6495892073b910c8ea1d3ce75a4934c3ed8a4db8541bd0182c7b8d2bcd7621af016763cd8e7dd58695a2785ff97f8740fb6b0cf695d9628e1b49d479672d82a9e9d22330bd7ce26b877b251280240f4ba8129252ad1c415db550b4bea5aa1e8feb504d90ca0273ef6dfb534d3da1d397376fbd69afb334d5e4098c676f52f9ab40ef474b3226cd8d6ca416ee38b674268d30ff57142864d9a717937e0cc31f8f30af4fa18f29b4669331a5852f27f53dc23818feb786341b05d190b027a0514c7712200c295fa2f449fdd52fe842173729a42f5b61da0a676b907f4f4cbdae06757b8aa5be60f18acc251ed53f8b1ea59bb524848159f10a405efbf1997a661aeb74f4ca6e751870816de4afb888ff2babf42d81b2f7a5ebfb42e74b6c23ec0f5b0178933ccbcda7bf9135ab50eb73100d2f2fe6f24b58881548e4704ee637152dddb2f96966e28193ba767e29e10a81b03cf78423f275310874f526c7b2b6d53e34602757dbdc8aeddf89dce002306124237f88936855b8b213544d40a73c8b8eda65a23b38f1bd20d807bbbd96264d2c0baa624004ff20913d35a53bfbcde4c2e4f6de60b76d483dbebc68ef16f5da44e8c9b7e8a3366809b2133a8bbc7d659a92a828286eca3642f77f151fa406baf126e60ef1d931321792edd9dfdf9e12a378189174536425e181029dd4a05ecc449b5ea40c9d0fb960a8e7cfe5b4a7ca1e069d255aeeab357dd2ea0f72d4b5870cf8c6617ed03118e7763b4d6d3503a2f757113e0781873d5e6ae41c7d400f02579a8bf596df7aad219c5fe2b4a6ba76d977c4ce898ca7bed8b33b07498711e46d8c17630d", 0x1000, 0x1, 0x0, 0x0, r0}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff7, r1, &(0x7f00000014c0)="fb76a4608becb54227f308067a0b565202b132c888f10d0568eeea5a2a724dcdc7e737f79bd1fb7c9dc60c07f4526ee93f400f204f3c68de2270879bb650b5c94b4776f65437a4fba1152298f27c61130da5e02a917994b95c92a4635d0051db5e54b5d458fc58dc5d43ae40cf5fef", 0x6f, 0x7, 0x0, 0x3, r0}, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x6, 0x8, r0, &(0x7f0000001580)="0b3d74000f60f42f8e7c933cedcdc003a3ea052d16f6dbf16902370454ac8e09b0070e8311afc3212d9a2d05", 0x2c, 0x1, 0x0, 0x1, r1}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x8, 0x6, r0, &(0x7f0000001600)="d92b46857ee1404a55876a47d23f729e6dd34c552cfdfb46287b96e71cd4a5d482afa1fc59625685d92514e91311dd0657", 0x31, 0x20, 0x0, 0x2, r1}]) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f00000016c0)) clock_gettime(0x0, &(0x7f0000001700)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000001740)={0x0, 0x0}) write$sndseq(r0, &(0x7f0000001780)=[{0x8, 0x7, 0x0, 0x0, @time={r3, r4+10000000}, {0x9, 0x7}, {0xaf1, 0x4}, @note={0x1, 0x5, 0x0, 0x7, 0xa27d}}, {0x95de, 0x8, 0x7, 0x1, @tick=0x101, {0x1, 0x5aa0000}, {0x3f, 0x39b6}, @note={0x401, 0x7, 0x0, 0x400, 0x7f}}, {0x2, 0x3, 0x4, 0x6, @tick=0x5351, {0x80000001, 0xffffffff}, {0x8, 0x6}, @raw8={"7b8ed137f88b20dd854ce765"}}, {0x9, 0x7, 0x7f, 0x5, @tick=0x721, {0x4, 0x7f}, {0x9, 0x8}, @addr={0x7ff}}, {0x26c, 0x2, 0x4, 0xffffffffffffff81, @tick=0x3, {}, {0x7, 0x9}, @raw8={"63d72aaa82119316b3a3be58"}}, {0x0, 0x9, 0x9, 0x401, @time={r5, r6+10000000}, {0x80000000, 0x86d}, {0x9, 0x5}, @addr={0x3, 0x2}}], 0x120) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001900)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000001a00)={&(0x7f00000018c0), 0xc, &(0x7f00000019c0)={&(0x7f0000001940)={0x80, r7, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa2f4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7b0}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x40080) setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) r8 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000001a40)='/proc/capi/capi20ncci\x00', 0x8000, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x6) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001ac0)={0xd000, &(0x7f0000001a80), 0x2, r0, 0xf}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000001b00)={0x2, r8}) r9 = openat$full(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/full\x00', 0x2f6974f9046121c, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000001b80)={0x0}, &(0x7f0000001bc0)=0xc) timer_create(0x0, &(0x7f0000001c00)={0x0, 0xd, 0x4, @tid=r10}, &(0x7f0000001c40)) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000001c80)={0x80fd, 0x1}) ioctl$EXT4_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000001cc0)=0x10) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r9, 0x84, 0x16, &(0x7f0000001d00)={0x3, [0x9, 0x3, 0x84ff]}, &(0x7f0000001d40)=0xa) r11 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/self/net/pfkey\x00', 0x400, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000001dc0)={0x6a29446c, 0x400}) getpeername$netlink(r8, &(0x7f0000001e00), &(0x7f0000001e40)=0xc) connect$l2tp(r8, &(0x7f0000001e80)=@pppol2tpin6={0x18, 0x1, {0x0, r11, 0x4, 0x3, 0x0, 0x3, {0xa, 0x4e21, 0x6, @empty, 0xbd54}}}, 0x32) openat$dir(0xffffffffffffff9c, &(0x7f0000001ec0)='./file0\x00', 0x10000, 0x2) ioctl$KVM_ASSIGN_DEV_IRQ(r8, 0x4040ae70, &(0x7f0000001f00)={0x4, 0x4, 0x6}) ioctl$SIOCX25SCAUSEDIAG(r11, 0x89ec, &(0x7f0000001f40)={0x3, 0x7ff}) [ 1214.613033] binder_alloc: 18070: binder_alloc_buf failed to map page at 20002000 in userspace [ 1214.637686] binder: BINDER_SET_CONTEXT_MGR already set [ 1214.647237] binder: 18070:18073 ioctl 40046207 0 returned -16 [ 1214.656019] FAULT_INJECTION: forcing a failure. [ 1214.656019] name failslab, interval 1, probability 0, space 0, times 0 [ 1214.706227] CPU: 1 PID: 18078 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1214.713234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1214.722611] Call Trace: [ 1214.722639] dump_stack+0x172/0x1f0 [ 1214.722669] should_fail.cold+0xa/0x1b [ 1214.732782] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1214.732804] ? lock_downgrade+0x810/0x810 [ 1214.732822] ? ___might_sleep+0x163/0x280 [ 1214.732845] __should_failslab+0x121/0x190 [ 1214.750506] should_failslab+0x9/0x14 [ 1214.754327] kmem_cache_alloc_trace+0x2cf/0x760 [ 1214.759021] ? kasan_unpoison_shadow+0x35/0x50 [ 1214.763629] ? kasan_kmalloc+0xce/0xf0 [ 1214.767552] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1214.772511] __list_lru_init+0x3d3/0x6e0 [ 1214.776607] sget_userns+0x81e/0xd30 [ 1214.780342] ? kill_litter_super+0x60/0x60 [ 1214.784718] ? ns_test_super+0x50/0x50 [ 1214.788618] ? ns_test_super+0x50/0x50 [ 1214.792525] ? kill_litter_super+0x60/0x60 [ 1214.796791] sget+0x10c/0x150 [ 1214.799932] mount_bdev+0xff/0x3c0 [ 1214.803764] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1214.808917] ext4_mount+0x35/0x40 [ 1214.812504] mount_fs+0xae/0x331 [ 1214.815898] vfs_kern_mount.part.0+0x6f/0x410 [ 1214.820420] do_mount+0x53e/0x2bc0 [ 1214.820444] ? copy_mount_string+0x40/0x40 [ 1214.820463] ? _copy_from_user+0xdd/0x150 [ 1214.820491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1214.832605] ? copy_mount_options+0x280/0x3a0 [ 1214.832628] ksys_mount+0xdb/0x150 [ 1214.832647] __x64_sys_mount+0xbe/0x150 [ 1214.832670] do_syscall_64+0x103/0x610 [ 1214.854184] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1214.859396] RIP: 0033:0x45b81a [ 1214.862599] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1214.881604] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1214.881622] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1214.881629] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:55:17 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) getrandom(0x0, 0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x8500, 0x0) write$P9_RWRITE(r1, &(0x7f00000003c0)={0xb, 0x77, 0x2, 0xffffffffffff84c5}, 0xb) perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x1ff) ioctl$TIOCGSID(r1, 0x5429, &(0x7f00000001c0)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x1ff) ioctl$TUNSETLINK(r1, 0x400454cd, 0x339) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000001c0)=ANY=[]) connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e23, @loopback}, 0x10) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0xfffffffffffffffe) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, 0x0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x20032600) prctl$PR_SET_KEEPCAPS(0x8, 0x1) getsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f0000000100)={@empty, @rand_addr, 0x0}, &(0x7f0000000280)=0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_1\x00', r4}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') write$P9_RLOPEN(r2, &(0x7f0000000300)={0x18, 0xd, 0x1, {{0x60, 0x1, 0x6}, 0x3}}, 0x18) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f0000000540)=""/4096) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x8090) ioctl$VIDIOC_S_AUDOUT(r3, 0x40345632, &(0x7f0000000180)={0xfffffffffffffff8, "79e2a094a39438112f5177ed38de09ed70555fc86571f0b20811409dfcdffe17", 0x3, 0x1}) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000000)={0x0, 0x100, 0x6f1, 0x80, 0x17, 0x7, 0x400, 0x3, 0x400, 0x3bad}) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) 03:55:17 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1214.881636] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1214.881645] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1214.881654] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:17 executing program 1: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x0, 0x0, {0xc, @pix_mp}}) 03:55:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:17 executing program 4: r0 = socket(0xa, 0x802, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) 03:55:17 executing program 4: syz_emit_ethernet(0x32, &(0x7f0000000040)={@broadcast, @random="1fb4d53f4a7f", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @multicast1}, @dccp={{0x0, 0x6558, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "bea295", 0x0, "d20434"}}}}}}, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1d}}, @in6={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xff}, @in={0x2, 0x4e20, @multicast1}, @in6={0xa, 0x4e22, 0x6, @remote, 0x9}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e21, @local}], 0x88) getrlimit(0x9, &(0x7f0000000000)) 03:55:17 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:17 executing program 2 (fault-call:2 fault-nth:73): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:17 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000002fdb)="240000001a00030007fffd946fa283bc02eee6d87986c497271d856808001000d188737e", 0x24}], 0x1}, 0x0) fcntl$setpipe(r0, 0x407, 0x7f) 03:55:17 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, {0x63b, 0x4, 0x2277, 0x539, 0x8001, 0x7fffffff}, 0x6}, 0xa) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0xc0045878, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r2, 0x891b, &(0x7f0000000000)={'ip6gre0\x00', {0x2, 0x4e23, @loopback}}) [ 1215.225999] binder_alloc: 18112: binder_alloc_buf failed to map pages in userspace, no vma [ 1215.265958] FAULT_INJECTION: forcing a failure. [ 1215.265958] name failslab, interval 1, probability 0, space 0, times 0 [ 1215.285083] CPU: 1 PID: 18121 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1215.292076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1215.301637] Call Trace: [ 1215.304265] dump_stack+0x172/0x1f0 [ 1215.308102] should_fail.cold+0xa/0x1b [ 1215.312106] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1215.317255] ? lock_downgrade+0x810/0x810 [ 1215.317274] ? ___might_sleep+0x163/0x280 [ 1215.317297] __should_failslab+0x121/0x190 [ 1215.317317] should_failslab+0x9/0x14 [ 1215.317333] kmem_cache_alloc_node_trace+0x277/0x720 [ 1215.317359] __kmalloc_node+0x3d/0x80 [ 1215.342992] kvmalloc_node+0x68/0x100 [ 1215.346829] __list_lru_init+0x4aa/0x6e0 [ 1215.350936] sget_userns+0x84d/0xd30 [ 1215.354670] ? kill_litter_super+0x60/0x60 [ 1215.358939] ? ns_test_super+0x50/0x50 [ 1215.362851] ? ns_test_super+0x50/0x50 [ 1215.366749] ? kill_litter_super+0x60/0x60 [ 1215.371016] sget+0x10c/0x150 [ 1215.374188] mount_bdev+0xff/0x3c0 [ 1215.377754] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1215.383569] ext4_mount+0x35/0x40 [ 1215.387049] mount_fs+0xae/0x331 [ 1215.390438] vfs_kern_mount.part.0+0x6f/0x410 [ 1215.394969] do_mount+0x53e/0x2bc0 [ 1215.398536] ? copy_mount_string+0x40/0x40 [ 1215.402802] ? _copy_from_user+0xdd/0x150 [ 1215.406974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1215.412526] ? copy_mount_options+0x280/0x3a0 [ 1215.417042] ksys_mount+0xdb/0x150 [ 1215.420613] __x64_sys_mount+0xbe/0x150 [ 1215.424622] do_syscall_64+0x103/0x610 [ 1215.428534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1215.433760] RIP: 0033:0x45b81a [ 1215.436969] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1215.455915] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1215.463675] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a 03:55:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1215.471070] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1215.478556] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1215.485868] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1215.493176] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:18 executing program 0: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') link(&(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='./file1\x00') r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/42) 03:55:18 executing program 1: syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f00000002c0), &(0x7f0000000300)=0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000004c0)=ANY=[@ANYBLOB="5efa672f32b7832c14307a6d3e98e1b06f1c275793f809a25be47413319fa7e8af265978e9fa28321e0ddbe2df7f44799898d3c5d7cf4077a83d3bbcb1d022bd0910f9654f0e33f3e5ded3a8780547e4fc19ddb80cd5240d25367285f35fefd5fb535a452640e4c8d943fddddb5583ffa52176fff746438462d42766c3"], 0x0) syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x400, 0x80) r0 = syz_open_dev$adsp(&(0x7f00000003c0)='/dev/adsp#\x00', 0x6, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{0x0}], 0x1}, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) gettid() sysinfo(&(0x7f0000000000)=""/248) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000000200)) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00X\x00\x00\x00\x00\xff\xff\xff', @ifru_flags}) 03:55:18 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:18 executing program 2 (fault-call:2 fault-nth:74): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1215.701119] binder_alloc: 18130: binder_alloc_buf failed to map pages in userspace, no vma 03:55:18 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1215.821846] overlayfs: './file0' not a directory [ 1215.832192] FAULT_INJECTION: forcing a failure. [ 1215.832192] name failslab, interval 1, probability 0, space 0, times 0 03:55:18 executing program 1: syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f00000002c0), &(0x7f0000000300)=0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000004c0)=ANY=[@ANYBLOB="5efa672f32b7832c14307a6d3e98e1b06f1c275793f809a25be47413319fa7e8af265978e9fa28321e0ddbe2df7f44799898d3c5d7cf4077a83d3bbcb1d022bd0910f9654f0e33f3e5ded3a8780547e4fc19ddb80cd5240d25367285f35fefd5fb535a452640e4c8d943fddddb5583ffa52176fff746438462d42766c3"], 0x0) syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x400, 0x80) r0 = syz_open_dev$adsp(&(0x7f00000003c0)='/dev/adsp#\x00', 0x6, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{0x0}], 0x1}, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) gettid() sysinfo(&(0x7f0000000000)=""/248) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000000200)) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00X\x00\x00\x00\x00\xff\xff\xff', @ifru_flags}) [ 1215.881553] CPU: 0 PID: 18151 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1215.888668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1215.898045] Call Trace: [ 1215.900672] dump_stack+0x172/0x1f0 [ 1215.904333] should_fail.cold+0xa/0x1b [ 1215.908263] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1215.913392] ? lock_downgrade+0x810/0x810 [ 1215.917565] ? ___might_sleep+0x163/0x280 [ 1215.921744] __should_failslab+0x121/0x190 [ 1215.926002] should_failslab+0x9/0x14 03:55:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1215.929823] kmem_cache_alloc_trace+0x2cf/0x760 [ 1215.934517] ? kasan_unpoison_shadow+0x35/0x50 [ 1215.939115] ? kasan_kmalloc+0xce/0xf0 [ 1215.943027] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1215.947982] __list_lru_init+0x3d3/0x6e0 [ 1215.952068] sget_userns+0x81e/0xd30 [ 1215.955795] ? kill_litter_super+0x60/0x60 [ 1215.960059] ? ns_test_super+0x50/0x50 [ 1215.963967] ? ns_test_super+0x50/0x50 [ 1215.967874] ? kill_litter_super+0x60/0x60 [ 1215.972137] sget+0x10c/0x150 [ 1215.975298] mount_bdev+0xff/0x3c0 [ 1215.978866] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1215.983997] ext4_mount+0x35/0x40 [ 1215.984018] mount_fs+0xae/0x331 [ 1215.984039] vfs_kern_mount.part.0+0x6f/0x410 [ 1215.995920] do_mount+0x53e/0x2bc0 [ 1215.999490] ? copy_mount_string+0x40/0x40 [ 1216.003851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1216.004305] binder_transaction: 42 callbacks suppressed [ 1216.004322] binder: 18157:18158 transaction failed 29189/-22, size 0-12288 line 2855 [ 1216.009508] ? copy_mount_options+0x280/0x3a0 [ 1216.009529] ksys_mount+0xdb/0x150 03:55:18 executing program 0: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') link(&(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='./file1\x00') r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/42) [ 1216.009548] __x64_sys_mount+0xbe/0x150 [ 1216.009567] do_syscall_64+0x103/0x610 [ 1216.009587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1216.009599] RIP: 0033:0x45b81a [ 1216.009615] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1216.009622] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1216.009637] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1216.009646] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1216.009655] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1216.009664] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1216.009673] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:18 executing program 4: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') link(&(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='./file1\x00') r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/42) [ 1216.152236] binder: 18163:18164 transaction failed 29201/-28, size -554050781184-12288 line 2970 03:55:18 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') link(&(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='./file1\x00') r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/42) [ 1216.198623] binder: 18163:18164 transaction failed 29201/-28, size -554050781184-12288 line 2970 [ 1216.199451] binder: BINDER_SET_CONTEXT_MGR already set [ 1216.217366] binder: 18163:18168 ioctl 40046207 0 returned -16 03:55:18 executing program 2 (fault-call:2 fault-nth:75): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:19 executing program 1: syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f00000002c0), &(0x7f0000000300)=0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000004c0)=ANY=[@ANYBLOB="5efa672f32b7832c14307a6d3e98e1b06f1c275793f809a25be47413319fa7e8af265978e9fa28321e0ddbe2df7f44799898d3c5d7cf4077a83d3bbcb1d022bd0910f9654f0e33f3e5ded3a8780547e4fc19ddb80cd5240d25367285f35fefd5fb535a452640e4c8d943fddddb5583ffa52176fff746438462d42766c3"], 0x0) syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x400, 0x80) r0 = syz_open_dev$adsp(&(0x7f00000003c0)='/dev/adsp#\x00', 0x6, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)=[{0x0}], 0x1}, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) gettid() sysinfo(&(0x7f0000000000)=""/248) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000000200)) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00X\x00\x00\x00\x00\xff\xff\xff', @ifru_flags}) [ 1216.319254] binder_alloc: 18163: binder_alloc_buf failed to map pages in userspace, no vma 03:55:19 executing program 0: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1216.368530] binder: 18157:18175 transaction failed 29189/-3, size 0-12288 line 2970 [ 1216.393859] FAULT_INJECTION: forcing a failure. [ 1216.393859] name failslab, interval 1, probability 0, space 0, times 0 [ 1216.479335] binder: 18191:18192 transaction failed 29201/-28, size -4294967296-12288 line 2970 [ 1216.500136] CPU: 0 PID: 18184 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1216.507123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1216.516487] Call Trace: [ 1216.519104] dump_stack+0x172/0x1f0 [ 1216.520299] binder_alloc: 18191: binder_alloc_buf failed to map page at 20002000 in userspace [ 1216.522765] should_fail.cold+0xa/0x1b [ 1216.522790] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1216.522813] ? lock_downgrade+0x810/0x810 [ 1216.522834] ? ___might_sleep+0x163/0x280 [ 1216.549183] __should_failslab+0x121/0x190 [ 1216.553784] should_failslab+0x9/0x14 [ 1216.557784] kmem_cache_alloc_trace+0x2cf/0x760 [ 1216.562563] ? kasan_unpoison_shadow+0x35/0x50 [ 1216.567335] ? kasan_kmalloc+0xce/0xf0 [ 1216.571418] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1216.576365] __list_lru_init+0x3d3/0x6e0 [ 1216.582551] sget_userns+0x81e/0xd30 [ 1216.586279] ? kill_litter_super+0x60/0x60 [ 1216.590816] ? ns_test_super+0x50/0x50 [ 1216.595166] ? ns_test_super+0x50/0x50 [ 1216.599159] ? kill_litter_super+0x60/0x60 [ 1216.603406] sget+0x10c/0x150 [ 1216.606531] mount_bdev+0xff/0x3c0 [ 1216.610187] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1216.615570] ext4_mount+0x35/0x40 [ 1216.619129] mount_fs+0xae/0x331 [ 1216.622602] vfs_kern_mount.part.0+0x6f/0x410 [ 1216.627567] do_mount+0x53e/0x2bc0 [ 1216.631297] ? copy_mount_string+0x40/0x40 [ 1216.635668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1216.641486] ? copy_mount_options+0x280/0x3a0 [ 1216.646101] ksys_mount+0xdb/0x150 [ 1216.651062] __x64_sys_mount+0xbe/0x150 [ 1216.655231] do_syscall_64+0x103/0x610 [ 1216.659233] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1216.664434] RIP: 0033:0x45b81a 03:55:19 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1216.667631] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1216.686543] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1216.694282] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1216.701558] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1216.708830] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1216.716111] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1216.723388] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:19 executing program 1: setreuid(0x0, 0xee00) geteuid() setreuid(0x0, 0x0) mknod(&(0x7f00000005c0)='./bus\x00', 0x8, 0x0) setxattr$security_capability(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='security.capability\x00', 0x0, 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000080)='./bus/file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:fonts_cache_t:s0\x00', 0x23, 0x3) clone(0x200002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) [ 1216.774751] binder: 18193:18194 transaction failed 29201/-12, size 0-12288 line 2970 [ 1216.789715] binder_alloc: 18191: binder_alloc_buf failed to map page at 20002000 in userspace [ 1216.806906] binder: BINDER_SET_CONTEXT_MGR already set [ 1216.816809] binder: 18197:18198 transaction failed 29201/-12, size 0-12288 line 2970 03:55:19 executing program 4: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x14000, 0x0) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x3c, 0x0, @ib={0x1b, 0x7, 0x8, {"1ec30f3574a983d3a6096bbdd9af3bb4"}, 0x6, 0x4, 0xfffffffffffffeff}}}, 0x90) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000280)=""/155) fcntl$setpipe(r0, 0x407, 0x6) [ 1216.834478] binder: 18191:18200 transaction failed 29189/-22, size -4294967296-12288 line 2855 [ 1216.852043] binder: 18197:18198 transaction failed 29189/-22, size 0-12288 line 2855 [ 1216.864242] Invalid argument reading file caps for ./bus [ 1216.870737] binder: 18191:18192 ioctl 40046207 0 returned -16 03:55:19 executing program 1: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x9f, 0x20000) ioctl$EVIOCGABS20(r1, 0x80184560, &(0x7f00000000c0)=""/177) getsockopt$sock_int(r0, 0x1, 0x1c, 0x0, &(0x7f0000000080)) 03:55:19 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udp(0xa, 0x2, 0x0) chroot(&(0x7f0000000000)='./file0\x00') connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/37, 0x25) connect$l2tp(r2, &(0x7f0000000200)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f319bd070") 03:55:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1216.880869] Invalid argument reading file caps for ./bus 03:55:19 executing program 1: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x200, 0x0) getsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f0000000140)=""/4096, &(0x7f0000001140)=0x1000) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f00000000c0)={[{0x100000001000000, 0xffffffff, 0x7, 0x1, 0x100, 0x20004, 0x6, 0x4, 0x200000006, 0xa13, 0xfffffffffffffffe, 0x80000001, 0x9}, {0x7f, 0x8ce, 0x1, 0x4, 0x4, 0x8, 0x803, 0x6, 0x6, 0x4, 0x6}, {0x8, 0x59d, 0x6, 0x9, 0x183f4e8f, 0x2, 0x9, 0x101, 0x1000, 0x7, 0x7f, 0x7, 0x1}], 0x8}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="100000000000000000000000000000000000000000103aab00"/44]}) 03:55:19 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1217.019113] binder: 18219:18220 got transaction with invalid offset (0, min 0 max 0) or object. [ 1217.047838] binder: 18219:18220 transaction failed 29201/-22, size 0-2560 line 3032 03:55:19 executing program 2 (fault-call:2 fault-nth:76): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x11, 0x80803, 0x6) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @rand_addr, 0xf9}, 0x1c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000000040)=0x5, 0x4) getpeername$inet(r1, 0x0, &(0x7f0000000280)) socket$packet(0x11, 0x0, 0x300) arch_prctl$ARCH_SET_GS(0x1001, 0x74) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000100)="4ac04f17fe4d58b0eabc5398fc10f3a02e3c2e74aee46cccfc7553e15aa146bfc1ee00f6f0a32ca7e53efd65626309e4753c47efd61d24c0bbc0019a375e9d3121186c731b83c1275fa7941eef8d21486f101d09b1f8a251c5ebb7b3ae9b31d553890f00c4643418bbca570aa28ec3dcd2a677ff66e252f7bc7876b8c151c60eaa516b9b155074c9c152b8f60a4f5d48718659285758522791a97adecdaf6e9bd6ba66eab0d3725d1c8bf4d70a271d9cadb1866f24319c2fc65ad0b382cb5f537c590a55d6aad6aa0370b3b6750655307f023bd73d58465e514c935833649a507eaf410d") perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x111ed0) getsockopt$inet6_mreq(r1, 0x29, 0x1d, &(0x7f0000000000)={@empty}, &(0x7f0000000200)=0x14) 03:55:19 executing program 1: ioctl$KVM_SET_TSC_KHZ(0xffffffffffffffff, 0xaea2, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f0000000180)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, 0x0, &(0x7f0000000040)) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66b8ea000f00d8eadd5484f88a00f0833600660f71d50066ba4100edb8010000000f01d90f0866b8bd008ee0b94d0200000f32360f07", 0x36}], 0xaaaaaaaaaaaabce, 0x5, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1217.086404] binder_alloc: 18219: binder_alloc_buf failed to map page at 20002000 in userspace [ 1217.099668] binder: BINDER_SET_CONTEXT_MGR already set [ 1217.114015] binder: 18219:18227 ioctl 40046207 0 returned -16 [ 1217.126186] binder_alloc: 18219: binder_alloc_buf failed to map page at 20002000 in userspace [ 1217.171687] binder: 18219:18220 got transaction with invalid offset (0, min 0 max 0) or object. 03:55:19 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x80100, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000040)=0xffffffff, 0x4) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0x9, 0x3, 0x6], 0x3, 0x4, 0x97bb, 0x4, 0x5, 0x15, {0x10001, 0x101, 0x1ff, 0x1, 0x101, 0x20, 0x800, 0x100, 0x200, 0x1, 0x2, 0x0, 0x2, 0x80dc, "2a642cb608691753d87fb90b3d1be35bcade3bf0cd0162fd65e1f77999689415"}}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140)=0x0) r2 = syz_open_procfs$namespace(r1, &(0x7f0000000180)='ns/pid_for_children\x00') ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f00000001c0)=""/247) getsockname$netrom(r0, &(0x7f00000002c0)={{}, [@netrom, @netrom, @bcast, @null, @remote, @default, @bcast, @null]}, &(0x7f0000000340)=0x48) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000380), 0x2) fstat(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000440)={0x3, @bcast, r3}) ioctl$VT_ACTIVATE(r0, 0x5606, 0xbb4) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, &(0x7f0000000480)="a0c227d77f881c85bfcb3790f3f2c4c84930de2da404122eefd928d62eabd76b96d512a9d7620c6d2a448fe9e6e3780cf7bb52382c2f9748599f4ca97c2fd3c20badd489c935be50c2d89783e2d9e457aa23f53bd35291aca8a092f4c172a4446b9011dc9dffc6b1f8b5b25c2e35eef80f9e8e98412520f749c6d09cdfadbbe9b022b8fc159af31f30c38620f6ae7ae4c2f580b4f272d6f5843437a412ee83e4b2df34fc5988ed6e7d70aa8e8ce205746948b8c77b03b6d55bb9e5f71a167ae47246bae631cd2f5366be4dc2cfb07f0ebee618d04016c6a228fbd2c56958ca186be4b51d23599ed1dd4415e8d3abd826e699cea4dab22cf1f2a68a7886aeea9d") ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'syzkaller1\x00', 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000005c0)={{{@in=@empty, @in6=@rand_addr="766cb11018dcaf29c1ccd703e4c043a8", 0x4e22, 0x81, 0x4e22, 0x0, 0x2, 0xa0, 0xa0, 0xff, r4, r3}, {0x100000000, 0x4, 0x369, 0x5, 0x8, 0x7, 0x5}, {0x5, 0x800, 0xff, 0xfffffffffffffffa}, 0x820, 0x6e6bb4, 0x3, 0x1, 0x2, 0x2}, {{@in6=@ipv4={[], [], @empty}, 0x4d3, 0xff}, 0x2, @in=@broadcast, 0x34ff, 0x3, 0x0, 0x7ff, 0x5, 0x40, 0x2}}, 0xe8) connect(r0, &(0x7f00000006c0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x4, 0x0, 0x3, 0x1}}, 0x80) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000740)={0x0, 0x0, 0x2, 0x0, [], [{0x401, 0x40, 0x401, 0x3, 0x7, 0x1f}, {0x1, 0x1ff, 0x6, 0x5, 0xf2, 0x1}], [[], []]}) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000880)='yam0\x00') r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/ubi_ctrl\x00', 0xc0000, 0x0) ioctl$TIOCSBRK(r5, 0x5427) write$FUSE_IOCTL(r5, &(0x7f0000000900)={0x20, 0x0, 0x3, {0xfffffffffffeffff, 0x4, 0x3, 0x3}}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000940)={0x0, r5, 0xf, 0x2}, 0x14) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000a80)={r0, &(0x7f0000000980)="0a15c6994098af03e04ce1aae1d29ac6b1e236251421cdc5b48a832199d47111ff496d33f553290c997816a9e7e3e35348696698e8f5787d40a788c3ec9fe5c249377ddc4079a0ea4bb8629caf34037da7acb221c1d77609678ff6cd884dcf0343b8d5b242e02bc06d2ea6c5b91c64aa930e5d2e12d92744d573a3deab11b43d110058fc242339b3ef7c1f5bd56293b614a5fe62ccc1c6e3c083bca0d1fb7120bcd109", &(0x7f0000000a40)}, 0x18) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000ac0), &(0x7f0000000b00)=0x4) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000b40)) ioctl$sock_proto_private(r5, 0x89e0, &(0x7f0000000b80)="f501583c94876df1f99511ebb2aba89305c2df91ff11725c9d913d72d20b26415557344bedf81a9c337eee8563ab37bbf0125bde8dae") syz_mount_image$bfs(&(0x7f0000000bc0)='bfs\x00', &(0x7f0000000c00)='./file0\x00', 0x1ee5f8b, 0x3, &(0x7f0000000d80)=[{&(0x7f0000000c40)="2c7c09e8b1bd6e7fb08ed9c0f9028c962db19d8535fcc8ffa5b2bf1ffe47919863a9b1664b13221fea4f01fe012538efa52e5b22406e5fe67569edc99ca781656b1604265d41f1b1ae0fbbd2500ad3accb902f9fdecf1ddc6ee2eacb2367e532eb109c12d3d3b1abe71811e1d8c21dd214e767921470", 0x76, 0x5}, {&(0x7f0000000cc0)="8f5089d9454c158dbc2a0e6da3cb0f0cc06b44a0bd6ab36c9df7fa130d9b67123d6043fe7b5fbfbfda4aa225fbf485ac48653a30de59a63bc987667f6871454245936cf7424e689ac22b3dd054b9a0058ca8d2", 0x53, 0x40}, {&(0x7f0000000d40), 0x0, 0x5}], 0x12040, 0x0) getsockopt$inet_mreqn(r5, 0x0, 0x24, &(0x7f0000000e00)={@local, @broadcast}, &(0x7f0000000e40)=0xc) getsockopt$ax25_int(r5, 0x101, 0xd, &(0x7f0000000e80), &(0x7f0000000ec0)=0x4) getsockopt$TIPC_NODE_RECVQ_DEPTH(r5, 0x10f, 0x83, &(0x7f0000000f00), &(0x7f0000000f40)=0x4) sendmsg$key(r5, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000f80)={0x2, 0x4, 0x5692, 0x9, 0x1e, 0x0, 0x70bd26, 0x25dfdbfc, [@sadb_spirange={0x2, 0x10, 0x4d5, 0x4d3}, @sadb_spirange={0x2, 0x10, 0x4d2, 0x4d6}, @sadb_lifetime={0x4, 0x7, 0x10001, 0x7f74, 0xc3c, 0xd91}, @sadb_key={0x14, 0x9, 0x488, 0x0, "a7e8c4c2c0a7b61956edd0e33674ac2fb4373bba6cfa3ecce34da9f26821b12c222578db3ef43534592398856faa0fa38238514c7dc4777fc16e69667e475b7461a93dfc56e15176521c6dc7538b92cdf582d9e41e79c7ce32fd63959db5f64a3b1309bb3381269c2818a2bca7ad3e5ee99eafdc0d5c401a7c74eb9e389f810906e61881ed632b5cb2b21f0a9be3c62a49"}]}, 0xf0}}, 0x4000010) 03:55:19 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup3(r0, r0, 0x80000) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x80000000}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f00000000c0)={r2, 0x3}, 0x8) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f12d33c123f319bd09d1894ec8919bea5c6154c241228511d28c8c5d41fa9fb22079db1d245b6343d6099e97ce2565476778fa2cd16e4bf50e7ca28b65db7bd207b16") openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000000)=0x8000, 0x4) writev(r3, &(0x7f0000000180)=[{&(0x7f0000000340)="59000000140019232b834b80043f679a10ff6400940005002a925aaa000000000100008400f0fffeff2c707f8f00ff050000000010000100090a1000410400000000fcff00000000000000000000000000000000000000000f", 0x59}], 0x1) 03:55:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:20 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x2, 0x200000) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000200)=0x3, &(0x7f0000000280)=0x2) connect$inet(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r2 = gettid() clone(0x2106001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, 0x0) ptrace(0x4208, r2) wait4(r2, 0x0, 0x40000008, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000240), &(0x7f0000000300)) write$evdev(r1, &(0x7f0000000080)=[{{}, 0x3, 0x1, 0xd027}, {{r3, r4/1000+10000}, 0x15, 0x7, 0x5}], 0x30) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) 03:55:20 executing program 1: r0 = socket$kcm(0x2, 0x2, 0x73) connect(r0, &(0x7f00000007c0)=@un=@abs={0x1}, 0xf) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x2, 0x27fff) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, {0x5f, 0xffffffffffff0001, 0x80, 0x5, 0x3, 0x1}}, 0x8) 03:55:20 executing program 0: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x2, &(0x7f0000000040)=""/74) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) [ 1217.387359] binder_alloc: 18250: binder_alloc_buf failed to map page at 20002000 in userspace [ 1217.413193] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1217.422161] binder_alloc: 18250: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x13, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x3f00}, 0x90) 03:55:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) read(r0, &(0x7f0000000240)=""/129, 0x81) r1 = syz_open_pts(r0, 0x5) r2 = dup3(r1, r0, 0x80000) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) fcntl$setlease(r0, 0x400, 0x1) write$binfmt_aout(r2, &(0x7f0000001580)=ANY=[@ANYBLOB="000001ff9a0200000000000000000000eb0200004f00000000000000000000002f640a19621ecab6f6052ae5dca023a78c32332171fbbdc6be2f85e3d5b7e85e4d5d68631a63c4fc06de15c77566e8a9e9ffb64384912e9f774d0fbd14ebca3ce54ae6e1018cb39c8148cbce87cebde29166a1fb760e71cf0614e23ee4ae4994a86937d85743747b96403fa04524e41a8052063c16ce03b9861c21da0cce9bbc0e5a2b653b81bd8c49f7c1cdf1914840a10c75038c0a3e73e01ea4f23e798019841f57c4bcc12561db1b4c4f3188a59ed89c10b11d803e4ff16b1479b5b3f16562f997c8f8dc37401e117c10a6ab8b7321cb1713a021d5fd441a7f1e8f392dd8b6a22cfeed2e02f2ba00"/1289], 0x509) setrlimit(0xb, &(0x7f0000000000)={0x8, 0x1000}) [ 1217.443889] binder_alloc: 18250: binder_alloc_buf failed to map page at 20002000 in userspace [ 1217.484597] binder_alloc: 18250: binder_alloc_buf failed to map page at 20002000 in userspace [ 1217.584093] binder_release_work: 45 callbacks suppressed [ 1217.584101] binder: undelivered TRANSACTION_ERROR: 29201 [ 1217.623848] FAULT_INJECTION: forcing a failure. [ 1217.623848] name failslab, interval 1, probability 0, space 0, times 0 [ 1217.638089] CPU: 0 PID: 18273 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1217.645155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1217.656543] Call Trace: [ 1217.659168] dump_stack+0x172/0x1f0 [ 1217.662927] should_fail.cold+0xa/0x1b [ 1217.666863] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1217.672000] ? lock_downgrade+0x810/0x810 [ 1217.676220] ? ___might_sleep+0x163/0x280 [ 1217.680411] __should_failslab+0x121/0x190 [ 1217.684905] should_failslab+0x9/0x14 [ 1217.688850] kmem_cache_alloc_trace+0x2cf/0x760 [ 1217.693580] ? kasan_unpoison_shadow+0x35/0x50 [ 1217.698196] ? kasan_kmalloc+0xce/0xf0 [ 1217.702120] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1217.707090] __list_lru_init+0x3d3/0x6e0 [ 1217.711196] sget_userns+0x84d/0xd30 [ 1217.714934] ? kill_litter_super+0x60/0x60 [ 1217.719163] ? ns_test_super+0x50/0x50 [ 1217.723063] ? ns_test_super+0x50/0x50 [ 1217.726963] ? kill_litter_super+0x60/0x60 [ 1217.731199] sget+0x10c/0x150 [ 1217.734506] mount_bdev+0xff/0x3c0 [ 1217.738155] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1217.743645] ext4_mount+0x35/0x40 [ 1217.747201] mount_fs+0xae/0x331 [ 1217.750607] vfs_kern_mount.part.0+0x6f/0x410 [ 1217.755117] do_mount+0x53e/0x2bc0 [ 1217.758705] ? copy_mount_string+0x40/0x40 [ 1217.762955] ? _copy_from_user+0xdd/0x150 [ 1217.768779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1217.774336] ? copy_mount_options+0x280/0x3a0 [ 1217.778843] ksys_mount+0xdb/0x150 [ 1217.782383] __x64_sys_mount+0xbe/0x150 [ 1217.786370] do_syscall_64+0x103/0x610 [ 1217.790277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1217.795479] RIP: 0033:0x45b81a [ 1217.798684] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1217.818319] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1217.826056] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a 03:55:20 executing program 2 (fault-call:2 fault-nth:77): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:20 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bc070") r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) r2 = getpid() prlimit64(r2, 0x6, &(0x7f0000000180)={0x9, 0xffff}, &(0x7f0000000240)) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x200, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40505331, &(0x7f0000000100)={{0x8, 0xfffffffffffff801}, {0xffff, 0x5}, 0x101, 0x4, 0xa}) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x380000, @empty}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x37, &(0x7f0000000200)=@dstopts, 0x8) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000000c0)=@dstopts, 0x8) sendmsg(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0c000000727ba1b23665580000007dcb71591cd5a154f45080cf02bddfc96fdeb09ade9acb3419480536b70ec702927948432a649e23d2a013a252329b51d9b7e1a4042ab6736fb70000000000000000dbcf92075996dbdc291ca9323287f14e3ef5f82a86260c471531e6b5588491773596a959e91dbd960f15fdbaef578ca889ef66680bc3851d855fdcd80bf349fc806120d0df32866235443ac3d99b315609faed545d597d1b22d46008f6d78b98042467bce81a7e"], 0xc}, 0x0) 03:55:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f00000000c0)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x27}}, &(0x7f0000000080)='GPL\x00\x83\xff\x13\x0f_\xb0\x0e][dC/\xa6\xbb)p\xc5\xa6$\x1e\x8d\xef\xd6S>*\xe1\x06\xbee\\lRcI!l0\xbb\x1f\x80\xfbE\x0e\xc0\xd5\xbe', 0x1, 0x99, &(0x7f0000000100)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x400000000000}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0xffffffb8) [ 1217.833368] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1217.841010] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1217.848382] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1217.855778] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:20 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000000), 0x4) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r2 = fcntl$getown(r1, 0x9) r3 = getpgid(r2) read(r0, &(0x7f0000000500)=""/168, 0xa8) r4 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc088472, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)={0x0, 0x0, 0x1000000000000, @thr={&(0x7f00000005c0)="be81052a1eed4cfe4c1d67b4077243f3dbb19577ddcb54a962d50f6c0ec63dff2d7c11a26eb6f59e7710e977e93fa68845839fb32caa6a67e7cefd38272a81cb20a15b348fd4849fce44f45adeef7410be6453a850d60421ee16a70065b8204aaf6ce87767a4c76101803f1a4e4024ce8f7944057eec360797ff6d7b271e8ac69abc85ea7aedfb39f30dfd5f9f49d4b59a0e2006715328a27343e15f2a769c3164434f4c5d65492c3e96c56a1546deba48c3b5328af191f9e283c8c0ddcc42fa76c93d7573858357e959e8d531081446645e43ea4e7a340dfa2908416288a967b7fe5ddd0f10442acb7d2bae81ba23e0a3fef65bf5bc4a31c9367b126c49ab538d1c41f8eb6434bc94bb6c499bbff54bfa5a2fb6b08d127d9b7be3c285bbf50f532f2def8232a1fe7f0cd88020c53c43545efc14dd45f44de4d661350a42730a2295014ef53ad576a319fcdb5acf14dfaa38c798dd6f5c92d10fa3e3cb2ac1bbe85c92e34815c15427d70488d1c62f7f32573d17027842cbc8daf1df7decb7583fce5cd55283f8df695680c23369b3d91a58e52ab5347eb6ea81854be716ddcd86a77495051bf87aeb85d03ea8e18324cf1c5adc15710d19819c916d92d3e2b7d011122db9ac1cc46ae85604f0022140bd72423480094de9700bfbcc4783993ff22f89a73dd3c9b7339952e5a6354fbb95ebee4e0ab78db38f8efe539daee19e26c56bde3bf5fd7c349e5c93a6ca8e9e3c7880c5b7de1a75e99f956abb536078bc3e31aa84dc3543ca6567b4aa9aade4c1dfd3a31d5c895569dbd59d98b10bf2c92afa9108b6bc03384dc8cc14ae61f575611a7bd3de5c33c661c0e5c77dacd261af62e5862a6ea8af39c4ab560f1e9c6d7ed46fae9cbe23293644134f0fc65cfc43faabcef717badbb151db1f2474fddbde82887fbdebe0ae668ea7ecb434d47b768c75fe3ad34dfbdfdc643a5c269b31d950c56b093de690938636f7c82b3290b793c181ddd20f99c1b6dfadb7a1713115179119f0b3b4c3d8647d227ac8bbfd435dbc217c4341f66d6a9a161c39344e1236fbfb65763cfa14f97c5b4267b4fee4384bb453e4cb4a55f913997c692a61dcf8f5d0ccefdffffc5e3a5fe9c5056779eef44b3a3604cfd174c773d09ac5d700297f25b9e9306dd2a6ca3c540264e21ebce2b4628655d2948a5758bb92aff1c085ef4e53e78639b35f3415c001ee11b65a06e0079bf0ef32ab5ba4bdc8a62c9166137398a7092493fb49664b1e71cb9b6d57a24f9b3e3002b764d88b531bbaf858d7f0c245fb903de75b1d932f9692dd2d78c255348ffaab42e8760094df0c420e6ae45bcca45c9fc3a78ffb170ef7c4bd98da2d5d64be951c57fd26485d8acdcf953ac3a89ae98ba133cb650fe1408dea691412d01d0a439a97e7d654e214e26d12f0a0332ec27cb852b1f3e9bfdcc2a83b16f3df61c2cb53a15ddf6637d059c14dbcc26c6667dbc28ce67b34393c7409b2a2ec905ac755004f3c80298377aaad6ffe9824a60fcb9dbb4b0c0f8df560a86653ee711dc9bfb84dff8c0f9750d16dc799411516e4d0e82705395ab9745c9fc0e54bcf1b24964606ffa45f3d67927c11e5fa7d848f849d66af053685e55d3ceaefa9dc716e8c47a5e41430df509f3e8bb32ca4041a069f4f16e47d1c45b48a608eadc67d49580afb097e88a4f7ad5900561f89faf0ba900a6622d2f58e6f27949453047cdd204a19b6ad98848ccc346b359951879b02a86c66c38344a184799d8d517d844c3b66c1584062ebc0c3166a2700f27e8499eb864c1cabcf58a0586c4dc4ee2f0d9ee1f3aed78f1b992c88144454da70f548014a698912f7ef641a422a8fd106271ebb6f4387ed654e530523a256a153322bd223ca043c26c6d567cfeb42d91b147a66b3d784415da02b5ca3ccc92b6c32c23b149067410e7c891d211b7d0c606cdde381a36f64bb956d526f8dd42bce1883d0a5efc4a9c6b75587c74c1bfe4d55034c103749cb0d850fdd61a4d9d94944155784f9e67813fe0d81f2ed3a817799a45df80ba8936eddcaa3d8b37534ff30a88d20bc0b6c9a5a51b43908f20f782d9c1535c82ec9ff87f5829b2d3c5d2910d869b165d41e6420f923d7bbd0d8818a526781f7b9de3d3dfa5c6a60d34c0ec23496845487d6f5c8ed3bd9bf5b8fed29c7816287e1fbb711670b3dc71a684aced04670eec6e687df56c46342a2b8990511a0fe71b2e79cc5befa5506d32aba91c95287d453692ef339bd1a357273ac97ccc3bafa1ee6500934e858701f709c97cdcc17a7c1431d2048667397ac2bee37856399f3f79e12673dd6dae488e4743b2e6ac9fdd8a8a0309f1ff45c1e2ef22318d30d261847217164c4865f70c20e19f2bf971d47d7c06e2d75305015f6a308fd635711097dc9e56cd51b330351664781cc6332656108cb7c8b89248291599677ae8cc41b48d42dd763993485769ffdca03c43bfeb3ae5dc3df714509aecbb5577e4ec595b46f035e84d70360d5f3882aa27d6575d624f2c75aea1826509667cc30a002dd2bcea321ed92f848567fa7b9d1e8855ad78a2739fca090cb96466b19eafc1e874b735314c2f9fd932a549bad7e06c2f4f688203e5c87a6845776f5f78aaac7373e29f109a3e41a27f0f745835310d6a5ed3ff161a0351c5e4e7d3b78c07aef36dcdd49a95daac7721c213739cfcd2305ee8d7782800169b58e0b92f69eae51eb3df7f336c2c14afd71611ef63b9d11623e0ef6d834b0c8398bd6887fa6971b5ea477eccad142fa7c8128664411f3be5317fa52028ef0994063bd432b0370d29621f6761dec185d4f50a9dd661d9d516ee10029b59eafb533d3cca349db3a0e060c39bd3a24844b1e53f3e10ddc78343ea9b37d8451721185d76e98e622ae25f9e4b4ef96a00e604c26813ff4ececac6f778620575bf58408c1841cbdee9a174e5a5e7fa9d529dcedf5a61fd5ca4fd13deb6b6d76eb7dcad515b4a6032f75c0a13233837ca9bc5af3931aab8c7bdf319e2d07172de36340a9151abec6e5dbf1d15dffa6fd9e684f84a81d4e81e9af40d6bdbc340e0c9f4d800b2132d73840800aa1b44b71d786d5936f20d4e47d7301bb193030b150f734bea9092ee2b036bbf8b34742df30a4d038d623a454974d595f7bc5bf523d68ee266ab9aecadd05ea5c657f3729dd72797db59eecaef500487b375196951248368c4274c2b07443b699905364ee3bfe207841ecbe62e1f881e5c77a66336b759941c25bf04464ee81b2088e20529f847562eb1fef654954138602b0317a1fc491f1a5bcf9ee81b107f544a55d83f18f7bfba7be4f1f822998cbfdb7215f1b1a338ab9abfe9d2390e585aceec9f24defdd9fc99dde498094eb97c524fbdd66c1e3ab89fae6db2d7ebc5d6cd02905bfdbab9729bcd390af6b36c85c8438a29d2e34e6cb1436387e07368b4911d0f608093277d4a7cfb1defb357693c2f3a8f87d0b2c0a65175f8e45ab3fe40b3ad3956b1f25b5ef8d81f286dba937a5a9e3144c021eb6119c64cf8784353dc56e1cfd05da0a47a1f37d97000ad9eadc01b72b4728088847958a5c46eb86732b8858575d46a8ed616afe4d85a6f4a7872b999f0438ab4fc96b65fafc56265cb345377566f11b6a289f0138224199ac5b91ae4338c5d8202f4af2d51cea357d78ce1d937d14e29b8223168cd31fe9f56d5afc32a7c24ec74a082a5a9030a404bbf246e36639867e9bb8db1658ce8e392a731a645f74b50d618300f7a58ed04cb5bb9becc60e0a2dc8efd2c7d9ee34e38c2884fb44e36d1b457ac22ac6b99027db2d0dcc791b298ceaea00874f4421f6b687bc74d2df472b7baafe279f9c67aa163e9c6553719e46b5f1933ec0e3d847fc381d36d614343f73b5735de45838a8dea2474b64d1ab3c05928513105d42f271d37abc4a85e62c7a782cbe170bac8d354ed93e00db97285d2c13fe5e0105b7a3dcd84f8b1bf0b21b431a34097e5a3cea665c3d703d0ecff31e03b3535cd2eb1c0683a0648c5bd418f27d07237ea718e3856f21bdb67a770cde3ff31e982287140ee066ca0957565e33975a426cb03c5a5c96fb5220033a86ade922dc76f81f6aee5dbb7ca8fbe26ee01cc9970ad71d597c139fd9c260d4fdc6cd550b2c91807d30db607db8b4c726b67184cfce32d941101a14763f8a2b6b65fcecc291b647483b4927ff04d5d48b880e906dd5f110c0a9d5ab5271a8e40ac42a931236628ca5f4a55e48fffa992d911f12fb1d50a87001f7f9e26e3ef1130365de93acb4bce1813f767f4a9cc0723d118d499ba753c368db84eec25a8dfb2b5727f38e9e6f80de4657492de5fd40bdba59a99de610f17772436eb1d0df3f9d36a10fb2b6ffe5cd7aa93f8ff41f6b58ed8a388999975a3903887b6ed3fcc7968a7e12fc68841a9bb0b649c53ec20d963a86dfa40b4d0f6c653ead73f7b8c15c801d0037143768f3fc9a33fe6fcda6eba7e57902d3ab64a264c3ac9713238270183e0b31b732af08bf4c65b2e2901ef09ce94040aa0a4e9bc358755f5437ea3c4244a3b8c3a0333d42c2d6c506d53395bf8c1d6795713a8f1eb0608583708c679e665ffb0e1b83db0d3520077f0a680bbcd021e282184740e06c6c522cc3890058f8013000ddd0f5fc3cdd4f8a836bd62d2b9724d390eaee4db992a8d786aa73c560d26b925eda7fdcad6336eed638f952f6c45b38b5ae1c439ac8e8749beed4fc7b3c81e5e2480fae4858a3f04495b2fb1afa475b94a12d19de7aeacbf9b2f16bfde77a7c0a6bd5f54e0e619a4d75f355a289bf899ed2f4d9b191e1ee9cee21949888e45bae29e8bcf1599d2513fcdc918a9b5a73ff9ec5306cd841cd63eca99ffb424beeefb2e742c84f086c2b16ff773bbdb34a9bb71e2a7c02e029ee6e5ee3ba8262c8be182f028e62ccb6b26a829684b154f51efdc93895e2da008c821cb89b0315860060974a9b585c67f150a830367136196898977ae7f781db7cd13560c7fdb363004822a15e24201a5379fa8428c7330941edeb09737b687bf5e967c3f0bc4e6c1ccc33164cbe677c620eb8033236c47b5307b02b2e1f0c1bf89b628d642c26e7dea9537a8b99c382a12c0ee7f7988d2956e4400891b696940448fa908ec7af043c15e1a3982917aa3d37c37eb5998fcd3f724659e41069ef9678cc1b4930282e097c194c23de77de2f59a97a3d366ff44d269b2c2ba22a7d65b0337da03c515959cd196e70fbcc6139bbd933d784dbe34929b570bd37230534c2a07e89372637653667d4744241a23784a9e5c25f8dafd72b7e6daf015a85770feaa097bcc68c5e11f9646c9352a8a7782902319ed6c1eba2c45bf7336b7fe96168e73c672968c87158e3e099d911fa6c6d1fa008a7bdb19b0c7b16bd7957058fbc3f28e08bd43d7f30ade039823daf8ba8f3e05752c0a6aceae377d241d709caad1f632e45dfff2e14e54c369e1783045733af47af3f2e1f8ac0e7dec6860ba18506e827986afa4be17ce6e1401affda752528b39b3fee2b639a3541009e55b0fd2451212beda7bf4ff4bd1afe3f2790cac3dfa469dddc26c0b4150c5212cd045624b7be1c523d5cd4e484ce936f1318ab4d77e898e6fb87e6f8e95bc6c6142b27d71b5100e64e1e1f037e1ed1707a2717420748c0c50a591018665531dd915819426da7bb3cd8bfe770c74d276d8153a0743cf12fc52a2342663dae61b594501825447d8dc673d2e58dabff9f9795e9d9a4a5efb1c420e69bd4e6c0c3c780595028a103d066d6e0", &(0x7f0000000200)="e2732bc1872641f17cd6a9d107b8c58fbb3a0fbfcb4344f6f6de52203df7863cd33a3327b2fae3909a47ad7896a9fbdccd121be8b8651f3062aaaf8751c0e8e507f819000526adcd1c31da58e55555f84e5c3603669d66e2771fb80c2241af599dbd63ad0db4305a159c7ff458eb7e14ca36f7db8a1d2fef068b478730a14b4ed88ef43edbeb4ebc44e872367d65669b1b6297b70da93a1526edd4fcdc2b7e21000604fed7a9dc70aa1e405895780414e80e67e8474360733077ca4223a534f7dd3460373bd25778dd9b086274ec1212f1ca8c1db4d141b18e4b89924392"}}) syz_genetlink_get_family_id$tipc(&(0x7f0000002b00)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_robust_list(r3, &(0x7f0000000380)=&(0x7f0000000340)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)}}, &(0x7f0000000400)=0xb) r5 = semget$private(0x0, 0x2, 0x10240) semctl$IPC_STAT(r5, 0x0, 0x2, &(0x7f00000015c0)=""/136) sendmmsg(r1, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000440)=ANY=[@ANYBLOB="3b7bf55282fb99ea19896a3c0a02482392fbbe74ea269224ea13fa022fb51b8dbfdd410e725239c31d0000000000000081a5e0"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000080), 0x80000000005, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x1) rt_sigprocmask(0x2, &(0x7f00000003c0)={0x80}, &(0x7f0000001d00), 0x8) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r1, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r6 = geteuid() syz_mount_image$erofs(&(0x7f0000000100)='erofs\x00', &(0x7f0000000300)='./file0\x00', 0x5, 0x6, &(0x7f0000001b00)=[{&(0x7f0000001680)="e599eeb9a8532494909a374aba030f1ed07a8995b5de0c8856d70627d8205c4b93cdd6a65e5ffda9bc454e8e58f16e5a8892368f7a8b0bc1ac5a7ebe3437c564f605b9819b75c72d5a2d185ea0f49cad093e37b4b3e1b9fb32bdcc769f45ba6611f1882a145f9996c4e2d47655afe2bd18fa4b47dc3562712d33d1edb166db005f7761bf219e5bb4fbfcfafe9c98c6ffa88a351f122835f7b20a2204dc0e54f002d7bb4049f001658e5f8916952fd965375970e0a561dda4c90248294a744611793b7b0d29d023c69745a041aa06b0f50f2cc2c1963e7ffb70786fac9c9131700ca121654805f452656babba436a8b6879c5159ac2", 0xf5, 0xfff}, {&(0x7f0000001780)="3257fc32a9d2ba97f832a00e13f271932b9cda7344ee593fe90d6e353f26fc7e23f6baa46049587d5e65d87f7909f83ff73ce92eacb91a8a2185d0fe36ca6402c375124d22f2c98a4bd704f051749d8758025b7d428cbbce9d79283dbeb2a64d6c3356051a04c6ceca726051ee2e214fcc0c26f9d690232e5f9fbc71b0", 0x7d, 0x400}, {&(0x7f0000001800)="a41238c80f9316490c6972fd410ed1fe7d854b69692b570f9b1b8c1fea269fff550903bf15e1fa2990249584914e2593ce3e2edd50dc1ccdfe076656cb9df48b433d18eb4e03186f171f70233cf85c7b132dcefb6f74b64b60ea5f456d1341aacffe27c73ed1eca02367d354164098fe99a93d2f25bce488554bcdff548bd806654fc39e0f1bd3f2fab71076e9af94b3e2550766b790b8335448", 0x9a, 0x7}, {&(0x7f00000018c0)="2d991f75d1100b4d137aabb1c9bc87ac53c988a3eb07a7bba1d14c8a36c9e52005c4cead8dfbeed398bc8fe137a60456ab1234a67ad41e2b677c3e9c4a37eae0df632d145f8878b5b56c3caedf9ad0e3d257204a6679c64f7e9b60dafda034f021d81ce40aff08e2168b8f5b49fd6d25b0d3e4238d524a80d1cd6903fb906c7345b3a596818af70437c9965d21da52e10e05357de1589a6e4b8ba7751a793af267d4f2bf2452727ce1c57e5117e5d0c0a5af451f20f1c9d6f21fd09a9db77e1a6ee2caf86a7253e326ea07d0a33253d205f5d9d261d6c9ae7758d62cd180e2ee9b0ecb8faed279b82fb10558c56c7d6842f48c", 0xf3, 0x400}, {&(0x7f00000019c0)="65bcbd83061b9fac57d1623a043d9281a23fcd5172290a98e57dad9c7f84864cd22f058da1a52ff44fa64a12460a4a129fd18c8a0a439ff0123d296b06f0b9c18a09609b4eddb242b96c45b2570457b1e038902ac9edd162538684f6d8ab27e10e29f34d42382f9fc36f720546bb848e86b6babe11a6a81a1ad5630ba58c9ddd7d3bc6f77088d8d57401efd1d9d429e645884c3a10bfdbe354333045716b1f9b7726a020ab8166876b0f7ae93b58b2a14c", 0xb1, 0x3}, {&(0x7f0000001a80)="6f15f9a384a9d8ec43b189e3f96ebed93569fd3249f061df6b9b350465d84bf6507a0d6e7045d52d6fa2875dd5c50abbcc8a66ed43fcea2552654f201d785fa7ab7cd1801e867ca34d50b0bb802e4290b8c85c3cd86404810ee0cfea52028b1362a3314d", 0x64, 0x7}], 0x0, &(0x7f0000001bc0)={[{@user_xattr='user_xattr'}, {@noacl='noacl'}, {@noacl='noacl'}, {@user_xattr='user_xattr'}, {@acl='acl'}, {@acl='acl'}, {@fault_injection={'fault_injection', 0x3d, 0x7}}, {@user_xattr='user_xattr'}], [{@euid_lt={'euid<', r6}}, {@subj_user={'subj_user', 0x3d, '!selinuxselinux\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x37, 0x64, 0x35, 0x0, 0x62, 0x7f, 0x31], 0x2d, [0x65, 0x77, 0x37, 0x34], 0x2d, [0x62, 0x37, 0x35, 0x38], 0x2d, [0x0, 0x32, 0x7d, 0x37], 0x2d, [0x33, 0x38, 0x0, 0x62, 0x36, 0x3f, 0x73, 0x35]}}}, {@measure='measure'}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@dont_appraise='dont_appraise'}, {@smackfsfloor={'smackfsfloor'}}, {@context={'context', 0x3d, 'root'}}, {@obj_role={'obj_role', 0x3d, 'TIPC\x00'}}]}) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x400, 0x0) 03:55:20 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1217.948866] binder_alloc: 18281: binder_alloc_buf failed to map page at 20002000 in userspace [ 1217.961616] audit: type=1400 audit(2000001320.630:286): avc: denied { getrlimit } for pid=18283 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 [ 1217.998655] binder_alloc: 18281: binder_alloc_buf failed to map page at 20002000 in userspace [ 1218.015513] binder: undelivered TRANSACTION_ERROR: 29201 [ 1218.029504] binder: BINDER_SET_CONTEXT_MGR already set [ 1218.039688] FAULT_INJECTION: forcing a failure. [ 1218.039688] name failslab, interval 1, probability 0, space 0, times 0 [ 1218.075520] binder: 18281:18297 ioctl 40046207 0 returned -16 [ 1218.076504] binder: undelivered TRANSACTION_ERROR: 29201 [ 1218.087949] binder_alloc: 18281: binder_alloc_buf failed to map page at 20002000 in userspace [ 1218.100550] CPU: 1 PID: 18294 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1218.107749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1218.117221] Call Trace: [ 1218.119845] dump_stack+0x172/0x1f0 [ 1218.123619] should_fail.cold+0xa/0x1b [ 1218.127552] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1218.132695] ? lock_downgrade+0x810/0x810 [ 1218.137064] ? ___might_sleep+0x163/0x280 [ 1218.141252] __should_failslab+0x121/0x190 [ 1218.145525] should_failslab+0x9/0x14 [ 1218.149355] kmem_cache_alloc_trace+0x2cf/0x760 [ 1218.154140] ? kasan_unpoison_shadow+0x35/0x50 [ 1218.158762] ? kasan_kmalloc+0xce/0xf0 [ 1218.162702] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1218.167986] __list_lru_init+0x3d3/0x6e0 [ 1218.173079] sget_userns+0x84d/0xd30 [ 1218.177003] ? kill_litter_super+0x60/0x60 [ 1218.182492] ? ns_test_super+0x50/0x50 [ 1218.186682] ? ns_test_super+0x50/0x50 [ 1218.191777] ? kill_litter_super+0x60/0x60 [ 1218.197291] sget+0x10c/0x150 [ 1218.201132] mount_bdev+0xff/0x3c0 [ 1218.205581] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1218.210735] ext4_mount+0x35/0x40 [ 1218.214219] mount_fs+0xae/0x331 [ 1218.217621] vfs_kern_mount.part.0+0x6f/0x410 [ 1218.222150] do_mount+0x53e/0x2bc0 [ 1218.225743] ? copy_mount_string+0x40/0x40 [ 1218.230017] ? _copy_from_user+0xdd/0x150 [ 1218.234213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1218.239888] ? copy_mount_options+0x280/0x3a0 [ 1218.244420] ksys_mount+0xdb/0x150 [ 1218.248004] __x64_sys_mount+0xbe/0x150 [ 1218.252038] do_syscall_64+0x103/0x610 [ 1218.256051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1218.261349] RIP: 0033:0x45b81a [ 1218.264565] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1218.283490] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1218.291311] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1218.299128] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1218.306505] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1218.314144] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 03:55:20 executing program 1: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) getsockname$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000300)=0x1c) fcntl$setsig(r0, 0xa, 0x6) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x16c, r1, 0x91a, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'erspan0\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x621e}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'lapb0\x00'}}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8000}]}, @TIPC_NLA_LINK={0xe4, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x743fdbde}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xaf8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe494}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4}, 0x80) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/28, 0x1c}, {&(0x7f0000000380)=""/34, 0x22}], 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) 03:55:21 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0x2, 0x2, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8943, &(0x7f0000000040)='nr0\x01:\xf2.\xa3\'>\xf8]\x81$?\xfa\xbf1UM\xbf\xef\xa9\xac\x03x\xf4D3A}?\x00\x8b\x9c[\xdd\x06\xa4%\xf4\x94\xa8>\xb1\xb1\xa2_&') ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) 03:55:21 executing program 1: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) getsockname$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000300)=0x1c) fcntl$setsig(r0, 0xa, 0x6) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x16c, r1, 0x91a, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'erspan0\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x621e}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'lapb0\x00'}}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8000}]}, @TIPC_NLA_LINK={0xe4, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x743fdbde}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xaf8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe494}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4}, 0x80) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/28, 0x1c}, {&(0x7f0000000380)=""/34, 0x22}], 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) [ 1218.321524] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f0000000040)={0x6, 0x3}) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000180)=0x12) [ 1218.370290] binder_alloc: 18281: binder_alloc_buf failed to map page at 20002000 in userspace [ 1218.380126] binder: undelivered TRANSACTION_ERROR: 29201 03:55:21 executing program 1: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040)) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@empty=[0x3], @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x8c, 0x0, 0x0, 0x0, @local, @loopback}, @igmp={0x0, 0x0, 0x0, @empty}}}}}, 0x0) 03:55:21 executing program 2 (fault-call:2 fault-nth:78): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:21 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1218.440205] binder: undelivered TRANSACTION_ERROR: 29201 03:55:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2500, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:21 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x6, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000000500)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000540)={@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x15}}, @remote, @local, 0xffff, 0x400, 0x0, 0x400, 0x20, 0x10000, r2}) r3 = timerfd_create(0x8, 0x0) dup2(r0, r3) r4 = gettid() getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x3c, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x7ff, @mcast1, 0x7f}, @in={0x2, 0x4e20, @rand_addr=0x27ff}, @in={0x2, 0x4e20, @multicast2}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000140)=r5, 0x4) sched_getattr(r4, &(0x7f0000000040), 0x30, 0x0) [ 1218.596287] binder: undelivered TRANSACTION_ERROR: 29189 [ 1218.606516] binder: undelivered TRANSACTION_ERROR: 29189 [ 1218.615700] FAULT_INJECTION: forcing a failure. [ 1218.615700] name failslab, interval 1, probability 0, space 0, times 0 03:55:21 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x29, 0x3961a357f303c263) accept4$unix(r1, &(0x7f00000000c0), &(0x7f0000000180)=0x6e, 0x80000) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, &(0x7f00000001c0)={0x9, "a9d9c6616fa95e18534dd3cbac99c4c024ffe72e0082cbcc45d0249c80bd4b49", 0x0, 0x1420, 0x3, 0x81, 0x7, 0x0, 0x5, 0x716d}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, 0xffffffffffffff9c}) signalfd(r0, &(0x7f0000000040), 0x8) [ 1218.644282] binder_alloc: 18335: binder_alloc_buf failed to map page at 20002000 in userspace [ 1218.695308] CPU: 0 PID: 18327 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1218.702316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1218.711694] Call Trace: [ 1218.714657] dump_stack+0x172/0x1f0 [ 1218.718314] should_fail.cold+0xa/0x1b [ 1218.722261] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1218.727387] ? lock_downgrade+0x810/0x810 [ 1218.731726] ? ___might_sleep+0x163/0x280 [ 1218.735977] __should_failslab+0x121/0x190 [ 1218.740235] should_failslab+0x9/0x14 [ 1218.744146] kmem_cache_alloc_trace+0x2cf/0x760 [ 1218.748845] ? kasan_unpoison_shadow+0x35/0x50 [ 1218.753456] ? kasan_kmalloc+0xce/0xf0 [ 1218.757459] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1218.762425] __list_lru_init+0x3d3/0x6e0 [ 1218.766505] sget_userns+0x84d/0xd30 [ 1218.770237] ? kill_litter_super+0x60/0x60 [ 1218.774482] ? ns_test_super+0x50/0x50 [ 1218.778382] ? ns_test_super+0x50/0x50 [ 1218.782281] ? kill_litter_super+0x60/0x60 [ 1218.787054] sget+0x10c/0x150 [ 1218.790180] mount_bdev+0xff/0x3c0 [ 1218.793760] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1218.798888] ext4_mount+0x35/0x40 [ 1218.802359] mount_fs+0xae/0x331 [ 1218.805824] vfs_kern_mount.part.0+0x6f/0x410 [ 1218.810335] do_mount+0x53e/0x2bc0 [ 1218.813892] ? copy_mount_string+0x40/0x40 [ 1218.818234] ? _copy_from_user+0xdd/0x150 [ 1218.822402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1218.827955] ? copy_mount_options+0x280/0x3a0 [ 1218.832473] ksys_mount+0xdb/0x150 [ 1218.836028] __x64_sys_mount+0xbe/0x150 [ 1218.840037] do_syscall_64+0x103/0x610 [ 1218.843937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1218.849150] RIP: 0033:0x45b81a [ 1218.852350] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1218.871358] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1218.879110] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1218.886404] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:55:21 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x5, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400) ioctl$SIOCX25SFACILITIES(r2, 0x89e3, &(0x7f00000000c0)={0x1c, 0x8, 0xb, 0xb, 0x0, 0x81}) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x103) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) [ 1218.893707] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1218.901081] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1218.908357] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:21 executing program 1: setrlimit(0x8, &(0x7f0000000180)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x381000, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x1b071, 0xffffffffffffffff, 0x0) 03:55:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000001000008912, &(0x7f0000000080)="0add1f033c273f319bd070") r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000140)='trusted.overlay.redirect\x00', &(0x7f0000000180)='./file0\x00', 0x8, 0x2) recvmmsg(r1, &(0x7f0000001380), 0x0, 0x3a, &(0x7f0000000200)={0x77359400}) 03:55:21 executing program 2 (fault-call:2 fault-nth:79): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1219.047915] binder_alloc: 18335: binder_alloc_buf failed to map page at 20002000 in userspace [ 1219.070082] binder: undelivered TRANSACTION_ERROR: 29201 [ 1219.086737] binder_alloc: 18335: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:21 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1a, &(0x7f0000000140)=0x2, 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) ioctl$EVIOCSABS2F(r4, 0x401845ef, &(0x7f0000000080)={0x3965, 0x3, 0xffffffffffffffe3, 0xc6, 0x7fffffff, 0x6}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f01c80f01df0f060f01c8260f0f1f970f09b800008ee8b800008ec00f20d86635080000000f22d8b8cd098ec0", 0x2d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1219.137305] binder: undelivered TRANSACTION_ERROR: 29201 [ 1219.186064] FAULT_INJECTION: forcing a failure. [ 1219.186064] name failslab, interval 1, probability 0, space 0, times 0 [ 1219.201203] CPU: 1 PID: 18364 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1219.208188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1219.214817] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1219.217655] Call Trace: [ 1219.217686] dump_stack+0x172/0x1f0 [ 1219.217722] should_fail.cold+0xa/0x1b [ 1219.217746] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1219.217769] ? lock_downgrade+0x810/0x810 [ 1219.217792] ? ___might_sleep+0x163/0x280 [ 1219.228867] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1219.231510] __should_failslab+0x121/0x190 [ 1219.231532] should_failslab+0x9/0x14 [ 1219.231547] kmem_cache_alloc_trace+0x2cf/0x760 [ 1219.231568] ? kasan_unpoison_shadow+0x35/0x50 [ 1219.237050] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1219.240600] ? kasan_kmalloc+0xce/0xf0 03:55:21 executing program 1: r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000280)={0x8, 0x1, 0x0, {0x14, 0x40, 0xd9, 0x7fff}}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0xffffffffffff0000, &(0x7f0000000080)="0adc1d123c123f319bfab58d561de8da20a46b7dba60d070b5047c296057a3b1047ba51ded7a1e18c65b5208fc9398e1fd3c2682b327d0c4b7a41ef362bcede1dcb160f40abcfc") ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) sched_getaffinity(r2, 0x8, &(0x7f0000000200)) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x415, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='/dev/amidi#\x00') unshare(0x10000) r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x9, 0x2000) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x6, 0xa, 0xf, 0x1d, "9b07d3faf4f04c9175c39e7fea60982f842157b96cdab381dd0cf17b8d29f248b2bb2e6594567a2bb1c89104c7bc73365350ad94e1fbd6b62acbf4f63d89899d", "23976103b3b9112b06dd1477ea1e1d142467eeb8019e5edc5b270c26ba05d4f7", [0x3f, 0xd68]}) [ 1219.240628] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1219.240650] __list_lru_init+0x3d3/0x6e0 [ 1219.240671] sget_userns+0x84d/0xd30 [ 1219.250756] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1219.257503] ? kill_litter_super+0x60/0x60 [ 1219.257521] ? ns_test_super+0x50/0x50 [ 1219.257536] ? ns_test_super+0x50/0x50 [ 1219.257550] ? kill_litter_super+0x60/0x60 [ 1219.257565] sget+0x10c/0x150 [ 1219.257584] mount_bdev+0xff/0x3c0 [ 1219.257602] ? ext4_calculate_overhead+0x11b0/0x11b0 03:55:22 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1219.257618] ext4_mount+0x35/0x40 [ 1219.257633] mount_fs+0xae/0x331 [ 1219.257655] vfs_kern_mount.part.0+0x6f/0x410 [ 1219.288859] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1219.291246] do_mount+0x53e/0x2bc0 [ 1219.291271] ? copy_mount_string+0x40/0x40 [ 1219.291291] ? _copy_from_user+0xdd/0x150 [ 1219.291313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1219.291333] ? copy_mount_options+0x280/0x3a0 [ 1219.299405] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1219.307765] ksys_mount+0xdb/0x150 [ 1219.307788] __x64_sys_mount+0xbe/0x150 [ 1219.307810] do_syscall_64+0x103/0x610 [ 1219.307833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1219.307845] RIP: 0033:0x45b81a [ 1219.307860] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1219.307868] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1219.307892] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1219.327039] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 1219.327356] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1219.327367] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1219.327376] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1219.327385] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1219.356765] binder: undelivered TRANSACTION_ERROR: 29201 03:55:22 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x2, 0x490080) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="00012abd7000fedb39c20300000008000400021000002fba69dd438b859c6b3474f7417cd9028d43cabfd0f23f240e5824fadc899a735fd4b4814c839cb096affc6b2f2aab640d7f9c94de3964c84af6e20d7c4319374ef8ff9758e47db9c60f6ad93815fe61a8568a777842e913b3ebfce8713a667f3ef24b280eb6d9cd8feeccb34f0d179b0a1a6baedb50617b4713b4de3e29c7774c1391574ffc8ea3fe5a7045683a175996f4c9dcbc181e866cc1d8364d10726f22befb418f2c0b8c1d8e27606cc373fc96c5859e9bd039c66e6ac0fad6849f26fdd390efefabef4cb06d6d3ef322dbd7cbe0cc"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xe4, r2, 0x20, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x15e4}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x10000}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x96}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ifb0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@empty}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}]}, 0xe4}, 0x1, 0x0, 0x0, 0x40000}, 0x10) [ 1219.374467] binder: BINDER_SET_CONTEXT_MGR already set [ 1219.392809] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1219.460455] binder_alloc: 18335: binder_alloc_buf, no vma [ 1219.505554] binder: 18335:18340 ioctl 40046207 0 returned -16 03:55:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:22 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000080)=0x5) r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r1, 0x2284, &(0x7f0000000000)) 03:55:22 executing program 1: r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) futimesat(r0, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x77359400}}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioperm(0x8, 0x1, 0x2) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f0000000240)) 03:55:22 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:22 executing program 2 (fault-call:2 fault-nth:80): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:22 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x20900, 0x0) getsockname(0xffffffffffffff9c, &(0x7f0000000140)=@hci={0x1f, 0x0}, &(0x7f00000001c0)=0x80) sendmsg$can_raw(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000240)=@can={{0x1, 0x961c, 0x3f, 0x81}, 0x5, 0x2, 0x0, 0x0, "f967880e38fac583"}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x8000) r2 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) ioctl$VIDIOC_DQEVENT(r2, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f0000000080)=0x1e) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 03:55:22 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) write$binfmt_elf64(r0, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x18000000000, 0x8, 0x3, 0x3e, 0x80, 0x50, 0x40, 0x3d9, 0x5, 0x10001, 0x38, 0x2, 0x1, 0x7, 0x2}, [{0x6474e551, 0x505, 0x1ff, 0x7, 0x1, 0x0, 0xb6, 0x8}, {0x7474e555, 0xfffffffffffffffc, 0x5, 0x7, 0x800, 0xffffffffffffffff, 0x3, 0x4}], "30b8539eb60a07821f0593eb8667aa143afada7a73d70860cee7c1427b2a36bc7baeda2e83b9bdf665902d2300c8b0ed4d96c3b426ca9242e42d116146717a31ab80940e26864424fb80e5a2ace5f7a4e9eba4afa4b00b8cdf3bd2c548f4a9d29bf400073527e80bc534d5d99ebbbc8d6f160c87b3b8401c0f5364cc5be7dbfd18170478fb36be9b43ed6d7c30f6e7b1d46f239de1f910851c0dcb", [[], [], [], [], [], [], [], []]}, 0x94b) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000040)={0x0, 0x0, 0x1}) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f00000000c0)=""/160) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) [ 1219.654174] overlayfs: missing 'lowerdir' [ 1219.654398] binder_alloc: 18394: binder_alloc_buf failed to map page at 20002000 in userspace [ 1219.682337] overlayfs: missing 'lowerdir' 03:55:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x15, &(0x7f0000000040)={@local, 0x0}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r0, &(0x7f00000039c0)={0x0, 0x91c77fff50a0ea7b, &(0x7f00000001c0)={&(0x7f0000003940)=@ipv4_getaddr={0x0, 0x16, 0x10, 0x70bd2b, 0x25dfdbfd, {0x2, 0x38, 0x1, 0x0, r1}, [@IFA_FLAGS={0x0, 0x8, 0x440}, @IFA_FLAGS={0x0, 0x8, 0x400}, @IFA_LABEL={0x0, 0x3, 'team0\x00'}, @IFA_ADDRESS={0x0, 0x1, @empty}, @IFA_ADDRESS={0x0, 0x1, @loopback}, @IFA_LOCAL={0x0, 0x2, @multicast2}, @IFA_FLAGS={0x0, 0x8, 0x408}, @IFA_BROADCAST={0x0, 0x4, @dev={0xac, 0x14, 0x14, 0x29}}, @IFA_FLAGS={0x0, 0x8, 0x222}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) [ 1219.763369] binder_alloc: 18394: binder_alloc_buf failed to map page at 20002000 in userspace [ 1219.796877] binder_alloc: 18394: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1219.820993] FAULT_INJECTION: forcing a failure. [ 1219.820993] name failslab, interval 1, probability 0, space 0, times 0 [ 1219.831967] [drm:drm_calc_timestamping_constants] *ERROR* crtc 29: Can't calculate constants, dotclock = 0! [ 1219.908781] CPU: 0 PID: 18405 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1219.915803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1219.925187] Call Trace: [ 1219.927821] dump_stack+0x172/0x1f0 [ 1219.931486] should_fail.cold+0xa/0x1b [ 1219.935411] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1219.940579] ? lock_downgrade+0x810/0x810 [ 1219.944790] ? ___might_sleep+0x163/0x280 [ 1219.948970] __should_failslab+0x121/0x190 [ 1219.953241] should_failslab+0x9/0x14 [ 1219.957065] kmem_cache_alloc_trace+0x2cf/0x760 [ 1219.961759] ? kasan_unpoison_shadow+0x35/0x50 [ 1219.966368] ? kasan_kmalloc+0xce/0xf0 [ 1219.970487] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1219.975908] __list_lru_init+0x3d3/0x6e0 [ 1219.980105] sget_userns+0x84d/0xd30 [ 1219.983857] ? kill_litter_super+0x60/0x60 [ 1219.988132] ? ns_test_super+0x50/0x50 [ 1219.992060] ? ns_test_super+0x50/0x50 [ 1219.995978] ? kill_litter_super+0x60/0x60 [ 1220.000249] sget+0x10c/0x150 [ 1220.003570] mount_bdev+0xff/0x3c0 [ 1220.007141] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1220.012278] ext4_mount+0x35/0x40 [ 1220.015785] mount_fs+0xae/0x331 [ 1220.019179] vfs_kern_mount.part.0+0x6f/0x410 [ 1220.023717] do_mount+0x53e/0x2bc0 [ 1220.027288] ? copy_mount_string+0x40/0x40 [ 1220.031552] ? _copy_from_user+0xdd/0x150 [ 1220.035754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1220.041324] ? copy_mount_options+0x280/0x3a0 [ 1220.045960] ksys_mount+0xdb/0x150 [ 1220.049544] __x64_sys_mount+0xbe/0x150 [ 1220.053564] do_syscall_64+0x103/0x610 [ 1220.057490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1220.062709] RIP: 0033:0x45b81a [ 1220.065924] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1220.085235] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1220.093099] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1220.100492] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 03:55:22 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x2) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x10001, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x580, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4}, 0x1c) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000200)=0x8, 0x4) recvmsg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/36, 0x24}, 0x8000000000002000) r2 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000240)=0x6a, 0x82800) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000480)=0xc) syz_mount_image$reiserfs(&(0x7f0000000380)='reiserfs\x00', &(0x7f00000003c0)='./file0\x00', 0x7, 0x0, &(0x7f0000000400), 0x40000, &(0x7f0000000500)=ANY=[@ANYBLOB="6a6c65760010fc95000000002c657569643c", @ANYRESDEC=r4, @ANYBLOB="2c7065726d69745f646972656374696f2c6673757569643d6473003b613231002d376564772d6534747f2d3c6538642d00393b3200363d002c6d61736b3d4d41595f524541442c646f6e745f6d6561737572652c646f6e745f686173682c00"]) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000001c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1, r3}) sendmmsg(r0, &(0x7f00000000c0), 0x4000000000003c5, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ubi_ctrl\x00', 0x200200, 0x0) ioctl$EVIOCGBITSND(r5, 0x80404532, &(0x7f00000005c0)=""/165) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x8000, 0x0) accept$unix(r6, &(0x7f00000002c0), &(0x7f0000000340)=0x6e) getrlimit(0xf, &(0x7f0000000180)) 03:55:22 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x400001, 0x0) r1 = syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000180), 0x4) connect$vsock_stream(r2, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xfffffffffffffe00) listen(r3, 0xdf1b) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = accept4(r3, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000140)={0x3, 0xfffffffffffffffb}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x6, 0x8204, 0x8001, 0x3, 0x0}, &(0x7f0000000040)=0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000080)={r6, @in={{0x2, 0x0, @empty}}, 0x0, 0xfffffffffffffff8, 0x0, 0xa4, 0x1000000000054}, 0x16b) [ 1220.107793] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1220.115355] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1220.122670] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3002, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:22 executing program 1: perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x10, 0xffffffffffffffff, 0x8000000000000) 03:55:22 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:23 executing program 4: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000100)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10) listen(r0, 0x2) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7fff, 0x80) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000040)={0x6}, 0x4) [ 1220.335060] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 1220.335073] binder_alloc: 18430: binder_alloc_buf size 12296 failed, no address space 03:55:23 executing program 2 (fault-call:2 fault-nth:81): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1220.376251] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 1220.376311] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1220.457150] FAULT_INJECTION: forcing a failure. [ 1220.457150] name failslab, interval 1, probability 0, space 0, times 0 [ 1220.469394] CPU: 1 PID: 18439 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1220.476464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1220.481614] binder_alloc: 18430: binder_alloc_buf failed to map page at 20002000 in userspace [ 1220.485959] Call Trace: [ 1220.498388] dump_stack+0x172/0x1f0 [ 1220.502167] should_fail.cold+0xa/0x1b [ 1220.506113] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1220.511273] ? lock_downgrade+0x810/0x810 [ 1220.515458] ? ___might_sleep+0x163/0x280 [ 1220.519767] __should_failslab+0x121/0x190 [ 1220.524032] should_failslab+0x9/0x14 [ 1220.527862] kmem_cache_alloc_trace+0x2cf/0x760 [ 1220.532567] ? kasan_unpoison_shadow+0x35/0x50 [ 1220.537198] ? kasan_kmalloc+0xce/0xf0 [ 1220.541131] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1220.546111] __list_lru_init+0x3d3/0x6e0 [ 1220.550232] sget_userns+0x84d/0xd30 [ 1220.553976] ? kill_litter_super+0x60/0x60 [ 1220.558243] ? ns_test_super+0x50/0x50 [ 1220.562174] ? ns_test_super+0x50/0x50 [ 1220.566083] ? kill_litter_super+0x60/0x60 [ 1220.570350] sget+0x10c/0x150 [ 1220.573494] mount_bdev+0xff/0x3c0 [ 1220.577062] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1220.582199] ext4_mount+0x35/0x40 [ 1220.585681] mount_fs+0xae/0x331 [ 1220.589084] vfs_kern_mount.part.0+0x6f/0x410 [ 1220.593610] do_mount+0x53e/0x2bc0 [ 1220.597179] ? copy_mount_string+0x40/0x40 [ 1220.601449] ? copy_mount_options+0x1f8/0x3a0 [ 1220.605982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1220.611546] ? copy_mount_options+0x280/0x3a0 [ 1220.616095] ksys_mount+0xdb/0x150 [ 1220.619750] __x64_sys_mount+0xbe/0x150 [ 1220.623749] do_syscall_64+0x103/0x610 [ 1220.627753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1220.632972] RIP: 0033:0x45b81a [ 1220.636271] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 03:55:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x7, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x0, 0x4) r3 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc0405519, &(0x7f0000000240)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x3f, 0x80) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r5, &(0x7f0000000100)="d0c5d705aec57ef4d2593c089f823fdcc79969", &(0x7f0000000380)=""/4096}, 0x18) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000001540)=ANY=[@ANYBLOB="accf6f68940aa952a89decac03a5bc09767fe3f5d50148f23cb8b4864464c435c22807436c661c8369b2f24f6776e7c4e3e241067dcd1472723b086accf47cedcb34ac", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000001c0)=0x14) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000200)={0x0, 0x5032}, &(0x7f0000001380)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f00000013c0)={r6, 0xffffffff, 0x2a, 0x4, 0x1ff, 0x4, 0x400, 0x80, {r7, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x6f0, 0x9a, 0x2, 0x0, 0x4}}, &(0x7f0000001480)=0xb0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r8, 0x4008ae89, &(0x7f00000014c0)={0x1000000077, 0x0, [0x4b564d04, 0x0, 0x40000073, 0x11], [0xc1]}) [ 1220.655197] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1220.663122] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1220.670421] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1220.677716] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1220.685008] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1220.692302] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:23 executing program 1: syz_open_dev$evdev(0x0, 0x0, 0x4) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x5, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = fcntl$dupfd(r1, 0x406, r0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="040026bd7000fcdbdf2504000000080002007700000014000100fe800000000000000000000000000028"], 0x30}, 0x1, 0x0, 0x0, 0x51}, 0xc804) bind$alg(r2, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) r5 = accept$alg(r2, 0x0, 0x0) fcntl$setstatus(r5, 0x4, 0x2800) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="8b", 0x1) recvmmsg(r5, &(0x7f0000006100)=[{{&(0x7f0000000100)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000300), 0x0, &(0x7f0000000340)=""/120, 0x6f}}], 0x400000000000653, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0) 03:55:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x200, 0x200000) ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000280)=0x1) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000200)={{0x37, 0x7}, {0x2b93, 0x9}, 0xfffffffffffff000, 0x4, 0x3}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x24000, 0x0) ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f0000000140)=""/112) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x800, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000040)={0x7f, 0x2, [0x40000071], [0xc1]}) 03:55:23 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000000)={0x800100c}) [ 1220.805392] binder: BINDER_SET_CONTEXT_MGR already set [ 1220.824089] binder: 18430:18431 ioctl 40046207 0 returned -16 03:55:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:23 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:23 executing program 2 (fault-call:2 fault-nth:82): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:23 executing program 4: socket$inet6(0xa, 0x3, 0x3a) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000001440)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x2, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x80}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0xc010}, 0x0) recvfrom$rose(r0, &(0x7f0000001480)=""/154, 0x9a, 0x0, &(0x7f0000001540)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4, [@null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x40) [ 1221.071363] binder_alloc: 18466: binder_alloc_buf size 12296 failed, no address space [ 1221.081333] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1221.090875] binder_transaction: 27 callbacks suppressed [ 1221.090937] binder: 18466:18469 transaction failed 29201/-28, size 0-12291 line 2970 [ 1221.115332] FAULT_INJECTION: forcing a failure. [ 1221.115332] name failslab, interval 1, probability 0, space 0, times 0 [ 1221.124112] binder_alloc: 18466: binder_alloc_buf size 12296 failed, no address space [ 1221.134993] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1221.148011] binder: 18466:18469 transaction failed 29201/-28, size 0-12291 line 2970 [ 1221.159631] CPU: 1 PID: 18468 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1221.161294] binder_alloc: 18466: binder_alloc_buf failed to map page at 20002000 in userspace [ 1221.166597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.166605] Call Trace: [ 1221.166633] dump_stack+0x172/0x1f0 [ 1221.166658] should_fail.cold+0xa/0x1b [ 1221.166679] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1221.166700] ? lock_downgrade+0x810/0x810 [ 1221.166729] ? ___might_sleep+0x163/0x280 [ 1221.166756] __should_failslab+0x121/0x190 [ 1221.212628] should_failslab+0x9/0x14 [ 1221.216458] kmem_cache_alloc_trace+0x2cf/0x760 [ 1221.221407] ? kasan_unpoison_shadow+0x35/0x50 [ 1221.226013] ? kasan_kmalloc+0xce/0xf0 [ 1221.229931] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1221.234890] __list_lru_init+0x3d3/0x6e0 [ 1221.238990] sget_userns+0x84d/0xd30 [ 1221.242735] ? kill_litter_super+0x60/0x60 [ 1221.246984] ? ns_test_super+0x50/0x50 [ 1221.250883] ? ns_test_super+0x50/0x50 [ 1221.254870] ? kill_litter_super+0x60/0x60 [ 1221.259118] sget+0x10c/0x150 [ 1221.262243] mount_bdev+0xff/0x3c0 [ 1221.266517] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1221.271660] ext4_mount+0x35/0x40 [ 1221.275248] mount_fs+0xae/0x331 [ 1221.278764] vfs_kern_mount.part.0+0x6f/0x410 [ 1221.283276] do_mount+0x53e/0x2bc0 [ 1221.286841] ? copy_mount_string+0x40/0x40 [ 1221.291093] ? _copy_from_user+0xdd/0x150 [ 1221.295270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.300836] ? copy_mount_options+0x280/0x3a0 [ 1221.305358] ksys_mount+0xdb/0x150 [ 1221.308917] __x64_sys_mount+0xbe/0x150 [ 1221.312911] do_syscall_64+0x103/0x610 [ 1221.316839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1221.322053] RIP: 0033:0x45b81a [ 1221.325261] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1221.344372] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1221.352130] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1221.359422] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1221.366719] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1221.374016] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1221.382521] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1221.392637] binder: 18470:18472 transaction failed 29201/-12, size 0-12288 line 2970 03:55:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3004, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:24 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000000)=0x1, 0x4) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x200, 0x0) ioctl$SIOCX25CALLACCPTAPPRV(r1, 0x89e8) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r2, &(0x7f0000002c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = dup2(r0, r2) write$cgroup_subtree(r3, 0x0, 0x0) 03:55:24 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) connect$vsock_dgram(r0, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpuacct.usage_percpu\x00', 0x7a05, 0x1700) accept$unix(r1, &(0x7f0000000000), &(0x7f0000000080)=0x6e) write$cgroup_int(r1, &(0x7f0000000200), 0x12) 03:55:24 executing program 2 (fault-call:2 fault-nth:83): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1221.574877] binder: 18470:18479 transaction failed 29189/-22, size 0-12288 line 2855 [ 1221.585042] binder_alloc: 18486: binder_alloc_buf size 12296 failed, no address space [ 1221.644579] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:24 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockname$ax25(r0, &(0x7f0000000080)={{0x3, @null}, [@remote, @remote, @remote, @netrom, @remote, @rose, @null, @bcast]}, &(0x7f0000000100)=0x48) bind$ax25(r0, &(0x7f0000000000)={{0x3, @rose}, [@rose, @remote, @default, @null, @default, @default, @netrom, @bcast]}, 0x48) 03:55:24 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1221.687805] binder: 18486:18487 transaction failed 29201/-28, size 0-12292 line 2970 [ 1221.713462] FAULT_INJECTION: forcing a failure. [ 1221.713462] name failslab, interval 1, probability 0, space 0, times 0 [ 1221.771855] binder_alloc: 18486: binder_alloc_buf size 12296 failed, no address space [ 1221.819373] CPU: 1 PID: 18495 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1221.826376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.835746] Call Trace: [ 1221.838357] dump_stack+0x172/0x1f0 [ 1221.842020] should_fail.cold+0xa/0x1b [ 1221.845927] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1221.851052] ? lock_downgrade+0x810/0x810 [ 1221.855227] ? ___might_sleep+0x163/0x280 [ 1221.859407] __should_failslab+0x121/0x190 [ 1221.863687] should_failslab+0x9/0x14 [ 1221.866449] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1221.867510] kmem_cache_alloc_trace+0x2cf/0x760 [ 1221.867527] ? kasan_unpoison_shadow+0x35/0x50 [ 1221.867542] ? kasan_kmalloc+0xce/0xf0 [ 1221.867565] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1221.867586] __list_lru_init+0x3d3/0x6e0 [ 1221.867608] sget_userns+0x84d/0xd30 [ 1221.876738] binder: 18486:18487 transaction failed 29201/-28, size 0-12292 line 2970 [ 1221.881260] ? kill_litter_super+0x60/0x60 [ 1221.881278] ? ns_test_super+0x50/0x50 [ 1221.881300] ? ns_test_super+0x50/0x50 [ 1221.922502] ? kill_litter_super+0x60/0x60 [ 1221.926765] sget+0x10c/0x150 [ 1221.929909] mount_bdev+0xff/0x3c0 [ 1221.933486] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1221.938628] ext4_mount+0x35/0x40 [ 1221.942108] mount_fs+0xae/0x331 [ 1221.945496] vfs_kern_mount.part.0+0x6f/0x410 [ 1221.950012] do_mount+0x53e/0x2bc0 [ 1221.953580] ? copy_mount_string+0x40/0x40 [ 1221.957846] ? _copy_from_user+0xdd/0x150 [ 1221.962028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1221.967597] ? copy_mount_options+0x280/0x3a0 [ 1221.972124] ksys_mount+0xdb/0x150 [ 1221.975699] __x64_sys_mount+0xbe/0x150 [ 1221.979797] do_syscall_64+0x103/0x610 [ 1221.983728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1221.988933] RIP: 0033:0x45b81a [ 1221.992145] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1222.011158] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:24 executing program 4: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x40) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000080)={0x80000001, 0xb, "29a053e52fc940feb93f44dc78582b5c24eb438f3ed2f7df17c4d89123e9db4c", 0x3, 0x7fffffff, 0x8, 0x1, 0x20}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0ad51f123c123f319bd070") syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0xc141) 03:55:24 executing program 1: r0 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, &(0x7f0000000040)=0x1c, 0x80000) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}}, 0x0, 0x6, 0x0, "4877bb1f56d48eb1fa5fac76a792a929a57f6062b013ec6b7a9ee231ea85a1c7f5c8fdf3bcaf6c5bb203dab4011d7c6096609012d3e979295204ae936681b23832f302a5020f3f6af0b1d2fb5a00eb09"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x7, 0x0, "6ac1b08fda8283cf8da008cef66435a261666e5258ff9e61a24a29c667e30977d722edbbece44e6650eb45392ef48b5f79bcb8faeeb67d5bbf75d0f66647aca92361d9b9a48d54cbc7c0c5f05d9b930d"}, 0xd8) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f00000000c0)={'mangle\x00'}, &(0x7f0000000140)=0x54) 03:55:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3005, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:24 executing program 4: r0 = memfd_create(&(0x7f0000000180)='\x00', 0x3) fcntl$addseals(r0, 0x409, 0x8) fchmod(r0, 0x10) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) openat$smack_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) 03:55:24 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x9, 0x10400) ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001280)={0x3, &(0x7f0000000040)=""/4096, &(0x7f0000001200)=[{0x1f, 0x0, 0x4, &(0x7f0000001040)}, {0x20, 0xdb, 0x88, &(0x7f0000001080)=""/219}, {0x9c45, 0x50, 0x8001, &(0x7f0000001180)=""/80}]}) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f00000012c0)) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001300)='/dev/dlm-control\x00', 0x20000, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001340)='/selinux/enforce\x00', 0x4040, 0x0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000001380)={{0x2, 0x4e21, @multicast2}, {0x6}, 0x42, {0x2, 0x4e22, @loopback}, 'yam0\x00'}) r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000001400)='/dev/urandom\x00', 0x40200, 0x0) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000001440)={0x3d, 0x1}) ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f0000001480)=0x1) getpeername$packet(r0, &(0x7f0000001500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001540)=0x14) sendmsg$nl_route(r1, &(0x7f0000001600)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x21000}, 0xc, &(0x7f00000015c0)={&(0x7f0000001580)=@ipv4_getaddr={0x34, 0x16, 0x8, 0x70bd26, 0x25dfdbff, {0x2, 0x0, 0x410, 0xfd, r4}, [@IFA_FLAGS={0x8, 0x8, 0x222}, @IFA_LABEL={0x14, 0x3, 'ip6_vti0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x810}, 0x0) ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000001640)={0x1, 0x1, [{0x2}]}) fsetxattr$security_evm(r3, &(0x7f0000001680)='security.evm\x00', &(0x7f00000016c0)=@ng={0x4, 0x10, "f2d6c193028d7a0ea516"}, 0xc, 0x3) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000001700)=0xb263, 0x4) gettid() setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000001740), 0x4) connect$nfc_llcp(r1, &(0x7f0000001780)={0x27, 0x0, 0x0, 0x1, 0x81, 0x3ff, "23ac911068d0ca856b77f648d0f1a10671b88b2933253607ec0032c615670546c753d8a776939a140fe71b076380f4e8d62e86f5be44063fa455ee04e6798f", 0x1c}, 0x60) fsetxattr$security_evm(r2, &(0x7f0000001800)='security.evm\x00', &(0x7f0000001840)=@ng={0x4, 0x4, "cb"}, 0x3, 0x1) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000001880)={0x0, 0x9}, &(0x7f00000018c0)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000001900)=@assoc_id=r5, 0x4) getsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000001940), &(0x7f0000001980)=0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f00000019c0)={r5, 0x5}, &(0x7f0000001a00)=0x8) getsockopt$ARPT_SO_GET_INFO(r2, 0x0, 0x60, &(0x7f0000001a40)={'filter\x00'}, &(0x7f0000001ac0)=0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000001b00)={{0x8, @loopback, 0x4e20, 0x0, 'lc\x00', 0x20, 0x4, 0x62}, {@rand_addr=0x10000, 0x4e21, 0x3, 0xf011, 0x10001, 0x7f}}, 0x44) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000001b80)=[@in6={0xa, 0x4e24, 0x3, @dev={0xfe, 0x80, [], 0xa}}, @in={0x2, 0x4e22, @local}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x200, @ipv4={[], [], @empty}, 0x7fffffff}, @in={0x2, 0x4e22, @multicast1}, @in6={0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5}], 0x84) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000001c40)=""/182) connect$nfc_llcp(r2, &(0x7f0000001d00)={0x27, 0x1, 0x1, 0x0, 0x8, 0xfffffffffffffff9, "44afc6e93a8203a45312b7969bb05cfa0b613eb79f011f9d55d66dbfc52adf704c6893d0bc8e4303b12f0a8d6cf6c415221049e1cb6b96aa805933ca49cd6b", 0xa}, 0x60) ioctl$SIOCX25SSUBSCRIP(r1, 0x89e1, &(0x7f0000001d80)={'veth0_to_hsr\x00', 0x8}) uselib(&(0x7f0000001e80)='./file0\x00') acct(&(0x7f0000001ec0)='./file0\x00') 03:55:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x60, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0x2, 0x0, 0x0, @mcast1={0xff, 0x15}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}}, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xac0, 0x40) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x18, "19d198d015b0a0ab6f2bf938b91e96b1722c98460044536e"}, &(0x7f0000000100)=0x3c) [ 1222.019078] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1222.026377] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1222.033672] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1222.041064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1222.042598] binder_alloc: 18514: binder_alloc_buf size 12296 failed, no address space [ 1222.048352] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:24 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000080)={'bond0\x00'}) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x12) close(r1) 03:55:24 executing program 4: r0 = memfd_create(&(0x7f0000000180)='\x00', 0x3) fcntl$addseals(r0, 0x409, 0x8) fchmod(r0, 0x10) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) openat$smack_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) [ 1222.141497] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1222.165134] binder: 18514:18515 transaction failed 29201/-28, size 0-12293 line 2970 [ 1222.219079] Started in network mode [ 1222.247295] binder: 18514:18522 transaction failed 29189/-22, size 0-12293 line 2855 [ 1222.274954] Own node identity , cluster identity 4711 03:55:24 executing program 2 (fault-call:2 fault-nth:84): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1222.295091] Failed to set node id, please configure manually [ 1222.301576] Enabling of bearer rejected, failed to enable media 03:55:25 executing program 4: mkdir(&(0x7f00000001c0)='./file0\x00', 0x100) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0xc000) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000040)) mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x800011, 0x0) recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, &(0x7f0000001340)=""/247, 0xf7}, 0x10000) chdir(&(0x7f0000000300)='./file0\x00') symlink(&(0x7f0000000140)='..', &(0x7f00000000c0)='./file0\x00') [ 1222.338607] Started in network mode [ 1222.349587] binder_alloc: 18514: binder_alloc_buf failed to map pages in userspace, no vma 03:55:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3006, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1222.386720] Own node identity , cluster identity 4711 [ 1222.404464] Failed to set node id, please configure manually [ 1222.449730] binder: 18506:18525 transaction failed 29189/-3, size 0-12288 line 2970 [ 1222.458328] Enabling of bearer rejected, failed to enable media [ 1222.471660] binder_alloc: 18540: binder_alloc_buf size 12296 failed, no address space [ 1222.491954] FAULT_INJECTION: forcing a failure. [ 1222.491954] name failslab, interval 1, probability 0, space 0, times 0 [ 1222.528115] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1222.539921] CPU: 1 PID: 18542 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1222.546901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1222.556547] Call Trace: [ 1222.559177] dump_stack+0x172/0x1f0 [ 1222.562203] binder: 18540:18541 transaction failed 29201/-28, size 0-12294 line 2970 [ 1222.562838] should_fail.cold+0xa/0x1b [ 1222.574658] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1222.579801] ? lock_downgrade+0x810/0x810 [ 1222.583588] binder_alloc: 18540: binder_alloc_buf size 12296 failed, no address space [ 1222.583982] ? ___might_sleep+0x163/0x280 [ 1222.584007] __should_failslab+0x121/0x190 [ 1222.584032] should_failslab+0x9/0x14 [ 1222.601759] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1222.604555] kmem_cache_alloc_trace+0x2cf/0x760 [ 1222.604574] ? kasan_unpoison_shadow+0x35/0x50 [ 1222.604600] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1222.604621] __list_lru_init+0x3d3/0x6e0 [ 1222.632111] sget_userns+0x84d/0xd30 [ 1222.635953] ? kill_litter_super+0x60/0x60 [ 1222.640226] ? ns_test_super+0x50/0x50 [ 1222.644159] ? ns_test_super+0x50/0x50 [ 1222.648068] ? kill_litter_super+0x60/0x60 [ 1222.652325] sget+0x10c/0x150 [ 1222.655455] mount_bdev+0xff/0x3c0 [ 1222.659061] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1222.664196] ext4_mount+0x35/0x40 [ 1222.667760] mount_fs+0xae/0x331 [ 1222.667781] vfs_kern_mount.part.0+0x6f/0x410 [ 1222.667798] do_mount+0x53e/0x2bc0 [ 1222.667813] ? retint_kernel+0x2d/0x2d [ 1222.667832] ? copy_mount_string+0x40/0x40 [ 1222.667846] ? copy_mount_options+0x1d9/0x3a0 [ 1222.667867] ? write_comp_data+0x1e/0x70 [ 1222.696293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.701852] ? copy_mount_options+0x280/0x3a0 [ 1222.706405] ksys_mount+0xdb/0x150 [ 1222.709946] __x64_sys_mount+0xbe/0x150 [ 1222.713937] do_syscall_64+0x103/0x610 [ 1222.717858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1222.723048] RIP: 0033:0x45b81a [ 1222.726275] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1222.747270] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1222.754985] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1222.762406] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1222.769678] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 03:55:25 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x1, 0x6, 0x6, 0x6, 0x100000001, 0x73, 0xfffffffff7ff7370, 0xfff, 0x4, 0x4, 0x401, 0xaaa1, 0x9, 0xfffffffffffffff8, 0x7, 0x2], 0x6001, 0x100}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0xc008ae88, &(0x7f0000000140)={0x7b, 0x600000000000000, [0x40000106, 0x0, 0x4, 0x3], [0xc2]}) 03:55:25 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)) syz_read_part_table(0x722, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ce46d840243bf56ec5549bcaa227cb6739ff2b79097bb1468a79b7bd618c0864092ec50f78484d08fa8406499830906316dd8500cc9783e2186be31a7f0c17c3efa9cf6fb0c9cb8e4d21e24940814317af1eec96d5afa9d71c8230ceaff577fb7df38f3a1524cabf637034f9f6a6f3fc0f20ca86621067c685ff572c855f78515fe88e83d5447f295471bfbb800f81dae3a6d48433c2503334a5d270fc3f76f029658a0ec40ec3b57e8eb1824967141a6b981695c7efe228d990813334630f518bdefb82633eece6a2c9d33fb92b411b89dae66dbecd54e06802", 0xda, 0x4}]) openat$cgroup_int(r0, &(0x7f0000000180)='cpuacct.usage\x00', 0x2, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055", 0x5f, 0x1a0}]) 03:55:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3007, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x60, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0x2, 0x0, 0x0, @mcast1={0xff, 0x15}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}}, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xac0, 0x40) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x18, "19d198d015b0a0ab6f2bf938b91e96b1722c98460044536e"}, &(0x7f0000000100)=0x3c) [ 1222.776957] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1222.784234] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1222.883089] binder_alloc: 18552: binder_alloc_buf size 12296 failed, no address space [ 1222.899818] Started in network mode [ 1222.916863] Own node identity , cluster identity 4711 [ 1222.928311] Failed to set node id, please configure manually [ 1222.936721] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1222.947844] Enabling of bearer rejected, failed to enable media [ 1222.969633] binder_release_work: 22 callbacks suppressed [ 1222.969642] binder: undelivered TRANSACTION_ERROR: 29201 03:55:25 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x4, 0x0) r3 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') sendmsg$FOU_CMD_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x14000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r3, 0x102, 0x70bd2b, 0x25dfdbff, {}, [@FOU_ATTR_AF={0x8, 0x2, 0x2}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0xbb}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e24}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x3b}, @FOU_ATTR_AF={0x8}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0xff}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_AF={0x8, 0x2, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) close(r0) socket$kcm(0x10, 0x40000000003, 0x0) ioctl$FICLONE(r0, 0x40049409, r0) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"}) r4 = creat(&(0x7f0000000200)='./file0\x00', 0x12) bind$vsock_stream(r4, &(0x7f0000000240)={0x28, 0x0, 0x2710, @my=0x1}, 0x10) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0x5) [ 1222.981998] binder_alloc: 18552: binder_alloc_buf size 12296 failed, no address space 03:55:25 executing program 2 (fault-call:2 fault-nth:85): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1223.043729] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:55:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x60, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0x2, 0x0, 0x0, @mcast1={0xff, 0x15}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}}, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xac0, 0x40) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x18, "19d198d015b0a0ab6f2bf938b91e96b1722c98460044536e"}, &(0x7f0000000100)=0x3c) 03:55:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x409, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gretap={{0xc, 0x1, 'gretap\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x38}}, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x10000, 0x80) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x2) [ 1223.107954] binder: undelivered TRANSACTION_ERROR: 29201 [ 1223.113940] binder_alloc: 18552: binder_alloc_buf failed to map pages in userspace, no vma [ 1223.203049] binder: undelivered TRANSACTION_ERROR: 29189 [ 1223.213363] binder_alloc: 18552: binder_alloc_buf failed to map pages in userspace, no vma [ 1223.234417] FAULT_INJECTION: forcing a failure. [ 1223.234417] name failslab, interval 1, probability 0, space 0, times 0 [ 1223.250462] CPU: 1 PID: 18579 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1223.257721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.267187] Call Trace: [ 1223.269811] dump_stack+0x172/0x1f0 [ 1223.273472] should_fail.cold+0xa/0x1b [ 1223.277495] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1223.282631] ? lock_downgrade+0x810/0x810 [ 1223.286809] ? ___might_sleep+0x163/0x280 [ 1223.291261] __should_failslab+0x121/0x190 [ 1223.295843] should_failslab+0x9/0x14 [ 1223.295860] kmem_cache_alloc_trace+0x2cf/0x760 [ 1223.295880] ? kasan_unpoison_shadow+0x35/0x50 [ 1223.304416] ? kasan_kmalloc+0xce/0xf0 [ 1223.304447] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1223.314375] __list_lru_init+0x3d3/0x6e0 [ 1223.314408] sget_userns+0x84d/0xd30 [ 1223.328117] ? kill_litter_super+0x60/0x60 [ 1223.332390] ? ns_test_super+0x50/0x50 [ 1223.336306] ? ns_test_super+0x50/0x50 [ 1223.340212] ? kill_litter_super+0x60/0x60 [ 1223.344470] sget+0x10c/0x150 [ 1223.347609] mount_bdev+0xff/0x3c0 [ 1223.351181] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1223.356325] ext4_mount+0x35/0x40 [ 1223.359821] mount_fs+0xae/0x331 [ 1223.363218] vfs_kern_mount.part.0+0x6f/0x410 [ 1223.363240] do_mount+0x53e/0x2bc0 [ 1223.363262] ? copy_mount_string+0x40/0x40 [ 1223.363282] ? copy_mount_options+0x1fb/0x3a0 [ 1223.381165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1223.386745] ? copy_mount_options+0x280/0x3a0 [ 1223.389126] binder: undelivered TRANSACTION_ERROR: 29201 [ 1223.391279] ksys_mount+0xdb/0x150 [ 1223.391300] __x64_sys_mount+0xbe/0x150 [ 1223.391324] do_syscall_64+0x103/0x610 [ 1223.402724] binder: BINDER_SET_CONTEXT_MGR already set [ 1223.404347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1223.404361] RIP: 0033:0x45b81a [ 1223.404381] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1223.418932] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 [ 1223.441157] ORIG_RAX: 00000000000000a5 03:55:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3012, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:26 executing program 1: r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000009400)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaabaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc786fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 03:55:26 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1223.441168] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1223.441176] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1223.441185] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1223.441193] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1223.441202] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1223.502900] binder: undelivered TRANSACTION_ERROR: 29189 [ 1223.514913] binder: undelivered TRANSACTION_ERROR: 29189 [ 1223.524086] binder: 18589:18592 ioctl 40046207 0 returned -16 [ 1223.541005] Started in network mode [ 1223.592544] Own node identity , cluster identity 4711 03:55:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3048, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:26 executing program 2 (fault-call:2 fault-nth:86): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1223.617257] Failed to set node id, please configure manually [ 1223.623372] Enabling of bearer rejected, failed to enable media [ 1223.655931] binder: undelivered TRANSACTION_ERROR: 29189 03:55:26 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x1000000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000180)={{0xfdffff92}, {0xffffffff, 0x80000000}, 0x0, 0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}) [ 1223.666632] binder: undelivered TRANSACTION_ERROR: 29189 03:55:26 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:26 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$int_out(r0, 0x2000810080004509, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x40, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e21, @rand_addr=0x1}}, 0x3, 0x0, 0x978, 0x800000000000000, 0x86}, &(0x7f0000000140)=0x98) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={r2, 0x10001, 0x9}, 0x8) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f00000001c0)={0x0, 0x3f, 0x9, 0x4}) [ 1223.775786] FAULT_INJECTION: forcing a failure. [ 1223.775786] name failslab, interval 1, probability 0, space 0, times 0 [ 1223.822257] binder: BINDER_SET_CONTEXT_MGR already set [ 1223.874260] CPU: 1 PID: 18611 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1223.881268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.890648] Call Trace: [ 1223.893289] dump_stack+0x172/0x1f0 [ 1223.896943] should_fail.cold+0xa/0x1b [ 1223.900870] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1223.903258] binder: undelivered TRANSACTION_ERROR: 29201 [ 1223.905999] ? lock_downgrade+0x810/0x810 [ 1223.906018] ? ___might_sleep+0x163/0x280 [ 1223.906042] __should_failslab+0x121/0x190 [ 1223.915280] binder: 18609:18612 ioctl 40046207 0 returned -16 [ 1223.915684] should_failslab+0x9/0x14 [ 1223.934978] kmem_cache_alloc_trace+0x2cf/0x760 [ 1223.935158] binder: undelivered TRANSACTION_ERROR: 29189 [ 1223.939763] ? kasan_unpoison_shadow+0x35/0x50 [ 1223.939779] ? kasan_kmalloc+0xce/0xf0 [ 1223.939802] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1223.939822] __list_lru_init+0x3d3/0x6e0 [ 1223.939844] sget_userns+0x84d/0xd30 [ 1223.967444] ? kill_litter_super+0x60/0x60 [ 1223.971803] ? ns_test_super+0x50/0x50 [ 1223.975725] ? ns_test_super+0x50/0x50 [ 1223.979640] ? kill_litter_super+0x60/0x60 [ 1223.983910] sget+0x10c/0x150 [ 1223.987049] mount_bdev+0xff/0x3c0 [ 1223.990626] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1223.996127] ext4_mount+0x35/0x40 [ 1223.999718] mount_fs+0xae/0x331 [ 1224.003307] vfs_kern_mount.part.0+0x6f/0x410 [ 1224.007838] do_mount+0x53e/0x2bc0 [ 1224.011425] ? copy_mount_string+0x40/0x40 [ 1224.015879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:55:26 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e21, @multicast2}}, [0xfffffffffffffff9, 0x0, 0x8, 0x1, 0x4, 0x7, 0x80, 0x9, 0x100, 0x6, 0x870, 0x96, 0x9, 0xfff, 0x7]}, &(0x7f0000000100)=0x100) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={r1, 0x2}, 0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0xa, 0x0, @local}}, 0x0, 0x3, 0x0, 0x0, 0x300}, 0x9c) 03:55:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1224.021664] ? copy_mount_options+0x280/0x3a0 [ 1224.026289] ksys_mount+0xdb/0x150 [ 1224.030043] __x64_sys_mount+0xbe/0x150 [ 1224.030067] do_syscall_64+0x103/0x610 [ 1224.030090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1224.030108] RIP: 0033:0x45b81a [ 1224.038008] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1224.038017] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', r3, &(0x7f00000001c0)='./file0\x00') ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) pipe(&(0x7f0000000180)) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00005cf000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff2b) 03:55:26 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:26 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x80) r2 = dup(r0) ioctl$NBD_DO_IT(r2, 0xab03) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000200)) io_setup(0x8000, &(0x7f00000000c0)=0x0) io_cancel(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f0000000100)="ea77e209a81aa11552bbcfc0d0647fbb44067cae5408df9df8c58bbe", 0x1c, 0xa761, 0x0, 0x2, r2}, &(0x7f0000000180)) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2000, 0x1}) r4 = dup(r1) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) ioctl$RTC_WKALM_SET(r4, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1f, 0x25, 0x2, 0x9, 0xb, 0x7, 0x3, 0x48, 0xffffffffffffffff}}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) ioctl$RTC_EPOCH_READ(r4, 0x8008700d, &(0x7f0000000080)) [ 1224.038033] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1224.038042] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1224.038052] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1224.038062] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1224.038070] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:26 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r0, 0x89e4) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x88100, 0x0) ioctl$CAPI_GET_PROFILE(r1, 0xc0404309, &(0x7f0000000040)) 03:55:26 executing program 2 (fault-call:2 fault-nth:87): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:27 executing program 0: futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000a00)={0x0, 0x989680}, &(0x7f0000048000), 0x0) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000040)=""/6) ioctl$RTC_UIE_ON(r0, 0x7003) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x0) exit(0x0) futex(&(0x7f0000000080)=0x1, 0x8c, 0x1, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100)=0x2, 0x1) 03:55:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3060, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1224.341970] binder_alloc: 18633: binder_alloc_buf failed to map pages in userspace, no vma [ 1224.475654] FAULT_INJECTION: forcing a failure. [ 1224.475654] name failslab, interval 1, probability 0, space 0, times 0 03:55:27 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1224.559155] binder_alloc: 18657: binder_alloc_buf, no vma [ 1224.560498] CPU: 1 PID: 18648 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1224.571820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1224.581289] Call Trace: [ 1224.583905] dump_stack+0x172/0x1f0 [ 1224.587571] should_fail.cold+0xa/0x1b [ 1224.591493] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1224.596806] ? lock_downgrade+0x810/0x810 [ 1224.600985] ? ___might_sleep+0x163/0x280 [ 1224.605272] __should_failslab+0x121/0x190 03:55:27 executing program 4: seccomp(0xfffffffffffffffd, 0x1003, &(0x7f0000007ff0)={0x2000000000000032, &(0x7f0000004fe8)=[{0x8001, 0x0, 0xfffffffffffffffc, 0x50000}]}) [ 1224.609576] should_failslab+0x9/0x14 [ 1224.609592] kmem_cache_alloc_trace+0x2cf/0x760 [ 1224.609606] ? kasan_unpoison_shadow+0x35/0x50 [ 1224.609620] ? kasan_kmalloc+0xce/0xf0 [ 1224.609640] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1224.609660] __list_lru_init+0x3d3/0x6e0 [ 1224.635787] sget_userns+0x84d/0xd30 [ 1224.639532] ? kill_litter_super+0x60/0x60 [ 1224.643902] ? ns_test_super+0x50/0x50 [ 1224.647823] ? ns_test_super+0x50/0x50 [ 1224.651744] ? kill_litter_super+0x60/0x60 [ 1224.656085] sget+0x10c/0x150 [ 1224.659222] mount_bdev+0xff/0x3c0 [ 1224.662874] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1224.668010] ext4_mount+0x35/0x40 [ 1224.671530] mount_fs+0xae/0x331 [ 1224.674928] vfs_kern_mount.part.0+0x6f/0x410 [ 1224.679463] do_mount+0x53e/0x2bc0 [ 1224.683150] ? copy_mount_string+0x40/0x40 [ 1224.687507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1224.693081] ? copy_mount_options+0x280/0x3a0 [ 1224.698482] ksys_mount+0xdb/0x150 [ 1224.702087] __x64_sys_mount+0xbe/0x150 [ 1224.706090] do_syscall_64+0x103/0x610 [ 1224.710008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1224.715215] RIP: 0033:0x45b81a [ 1224.718517] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1224.737634] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1224.746252] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1224.753819] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1224.762459] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1224.769933] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1224.777387] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3068, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:27 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r2 = add_key$user(&(0x7f0000000200)='user\x00', 0x0, &(0x7f0000000300)="679e285d02dcef1d1791b930c25446a9bc882e9fd6f4b2ea0beaa247d709d70003f6a56cde6258e16b", 0x29, 0xffffffffffffffff) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000340)={r2, 0x8, 0x5}, &(0x7f0000000700)=ANY=[@ANYBLOB="656263e558e5f920689f81554763726333326300000000000081000000000000000000fa320000001a000000000000000000000000000000000000001187390bf9835cee27ea000000082ab50d808aa814c7088d43052d49e2fffe7d5a49775100d1b68e3d4d4f37f2ecd6d6198a54d76f33cbcd5b5c91223cc590b51624d7220fbc68ce891de0eb8c5dcf1bc56a91372570e926b9073b531c31a5d8273582d8395b1fd403ff4d06507f524b9f6bc42c5e6f4a68735e324288fab7f8a4b79f03b355f4435fc7e5b45b184873aae044f465375635cd25d3cbd809679c915b0657946f2600b7260b0d01636211e1db65f71bf707c9c97145"], 0x0, 0x0) fstatfs(r1, &(0x7f00000000c0)=""/63) pipe(&(0x7f0000000180)) dup2(0xffffffffffffffff, r0) open(0x0, 0x800, 0x16) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='cpuset.effective_mems\x00', 0x0, 0x0) r3 = syz_open_dev$usbmon(0x0, 0x7, 0x80) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000240), 0x0) write$P9_RSETATTR(r0, 0x0, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3c, 0x0, &(0x7f0000003780)) syz_open_dev$usbmon(0x0, 0x0, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f0000000380)={@local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00]}}) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000000000000000000000030000003000000010000000700000000000000fcffffffffffffff4000000000000000cb0000000000000000000000000000000000000000000000002000000000000000000000000000000600000000000000ff01000000000000ff0100000000000000000000000000000000000000000000010000000000000000000000000000000200000000000000000000000000000007000000000000000000000000000000000000000000000003100000000000000000000000000000b6010000000000000800000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000ff070000000000003f000000000000000000000000000000001000000000000080000000000000000000000000000000b6000000"]) listen(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback, 0x0, 0x0, 0x0, 0x500}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 03:55:27 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:27 executing program 2 (fault-call:2 fault-nth:88): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1225.106165] FAULT_INJECTION: forcing a failure. [ 1225.106165] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.142820] CPU: 1 PID: 18685 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1225.149994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1225.159469] Call Trace: [ 1225.162087] dump_stack+0x172/0x1f0 [ 1225.165762] should_fail.cold+0xa/0x1b [ 1225.169691] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1225.174856] ? lock_downgrade+0x810/0x810 [ 1225.179062] ? ___might_sleep+0x163/0x280 [ 1225.183330] __should_failslab+0x121/0x190 [ 1225.187748] should_failslab+0x9/0x14 [ 1225.187765] kmem_cache_alloc_trace+0x2cf/0x760 [ 1225.187779] ? kasan_unpoison_shadow+0x35/0x50 [ 1225.187792] ? kasan_kmalloc+0xce/0xf0 [ 1225.187813] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1225.187833] __list_lru_init+0x3d3/0x6e0 [ 1225.213777] sget_userns+0x84d/0xd30 [ 1225.217511] ? kill_litter_super+0x60/0x60 [ 1225.221765] ? ns_test_super+0x50/0x50 [ 1225.225674] ? ns_test_super+0x50/0x50 [ 1225.229583] ? kill_litter_super+0x60/0x60 [ 1225.229601] sget+0x10c/0x150 [ 1225.229622] mount_bdev+0xff/0x3c0 [ 1225.229642] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1225.229663] ext4_mount+0x35/0x40 [ 1225.229681] mount_fs+0xae/0x331 [ 1225.229710] vfs_kern_mount.part.0+0x6f/0x410 [ 1225.229729] do_mount+0x53e/0x2bc0 [ 1225.229748] ? copy_mount_string+0x40/0x40 [ 1225.229763] ? _copy_from_user+0xdd/0x150 [ 1225.229782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1225.229793] ? copy_mount_options+0x280/0x3a0 [ 1225.229808] ksys_mount+0xdb/0x150 [ 1225.229822] __x64_sys_mount+0xbe/0x150 [ 1225.229840] do_syscall_64+0x103/0x610 [ 1225.229859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1225.287642] RIP: 0033:0x45b81a [ 1225.287660] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1225.287669] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1225.287684] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1225.287693] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1225.287701] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1225.287718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1225.287728] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x4, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000280000000000009078ac081400ac6d70c1498b88adf8000031e3a87b2700000b080000000018d2b9b26f2afa40fe93b90a6f2081ffa255426b38b8d1f51fbb97eb372cf92cb683769ee158fa6b3de63248a71d18c25996369edc100a3386175d419b79ff1751072daa5d5f9c2b954f648b484b4bba44946aaf198a84daf3395ebfa77c037a363bed28a901f34bb354f108830b4f834bf6d35e5e75f5d0fdbe0859c08e8c54fc0c4f12694d4d482875fa7bb326ce5a4e17c7c17bc25b6c7bac88e92dd87ad02acb008b7a132331c1e17a7d28a2b2a882b5"], 0x0) timer_create(0x5, &(0x7f0000000000)={0x0, 0xd, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) timer_getoverrun(r0) 03:55:28 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:28 executing program 2 (fault-call:2 fault-nth:89): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3074, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:28 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x3, @broadcast, 'syz_tun\x00'}}, 0x1e) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/15, &(0x7f0000000080)=0xf) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x0, @random="2465c0e574ab", 'veth0_to_team\x00'}}, 0x1e) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x400, 0x0) accept4$bt_l2cap(r1, &(0x7f0000000180), &(0x7f00000000c0)=0xe, 0x0) 03:55:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000006c0)=0x200, 0x20) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) bind$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @multicast1}, 0x8) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000480)=0xffffffffffffff7e) sendto$rose(r0, &(0x7f00000003c0), 0x0, 0x4000, &(0x7f0000000400)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x6, [@bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x40) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000001c0)=0xc) ptrace$setregset(0x4205, r2, 0x203, &(0x7f0000000380)={&(0x7f0000000280)="803888d7d8652cf51bcd2786aa7e1dbaf2b5fdc95e469c709a0484482bc40abfff8fb15ebdcca18d8a2e5ee07336979c4d0d6c599f089e800efe342c1e26850579de7182f40a63e8154c0ab3ba617ef8d99011db1fd3be0ff7ca30906f38a58358b1b2f6716dbf92332a16f66f33a7d428139faa04275cebd11a42bf5cbea61aed28e3674fadce661faf7d4624e58990210849b8d79aebaa97b86e772e0f6af84ec2e44bf2c6f3619d617ba053151ea1e1aaac0efc10c8d1759e70e6f867c8e155fd0041f3367f", 0xc7}) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10) creat(0x0, 0x0) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000240)) sendmmsg(r1, &(0x7f0000000080), 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000100)={{0x2, 0x4e23, @loopback}, {0x6, @broadcast}, 0x20, {0x2, 0x4e20, @rand_addr=0x1f}, 'bridge_slave_1\x00'}) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000000c0), 0x2ba) prctl$PR_GET_KEEPCAPS(0x7) r3 = openat(0xffffffffffffffff, 0x0, 0x4000, 0x0) socketpair(0x1, 0x1, 0x6d9, &(0x7f0000000040)) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) fcntl$dupfd(r3, 0x406, r0) shutdown(r1, 0x1) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0305602, 0x0) 03:55:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$rxrpc(0x21, 0x2, 0xa) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f00000000c0)={@initdev, @local}, &(0x7f0000000100)=0xc) ppoll(&(0x7f0000000140)=[{r0, 0x8498}, {r1, 0x8}, {r0, 0x400}, {r0, 0x808c}, {r1, 0x10fd}, {r1, 0x80}, {r0, 0x2c0}], 0x0, 0x0, 0x0, 0x3c0) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000040), 0x4) 03:55:28 executing program 0: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r1 = gettid() clone(0x4000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, 0x0) ptrace(0x10, r1) gettid() fcntl$getownex(r0, 0x10, &(0x7f0000000040)) wait4(r1, 0x0, 0x1000000000, 0x0) [ 1225.672669] binder_alloc_new_buf_locked: 8 callbacks suppressed [ 1225.672681] binder_alloc: 18701: binder_alloc_buf size 12408 failed, no address space [ 1225.705392] FAULT_INJECTION: forcing a failure. [ 1225.705392] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.755899] CPU: 1 PID: 18709 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1225.762896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1225.772283] Call Trace: [ 1225.775081] dump_stack+0x172/0x1f0 [ 1225.778749] should_fail.cold+0xa/0x1b [ 1225.782673] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1225.787898] ? lock_downgrade+0x810/0x810 [ 1225.792160] ? ___might_sleep+0x163/0x280 [ 1225.796352] __should_failslab+0x121/0x190 [ 1225.800610] should_failslab+0x9/0x14 [ 1225.804443] kmem_cache_alloc_trace+0x2cf/0x760 [ 1225.809136] ? kasan_unpoison_shadow+0x35/0x50 [ 1225.814012] ? kasan_kmalloc+0xce/0xf0 [ 1225.817940] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1225.822906] __list_lru_init+0x3d3/0x6e0 [ 1225.826993] sget_userns+0x84d/0xd30 [ 1225.830738] ? kill_litter_super+0x60/0x60 [ 1225.834996] ? ns_test_super+0x50/0x50 [ 1225.838899] ? ns_test_super+0x50/0x50 [ 1225.842804] ? kill_litter_super+0x60/0x60 [ 1225.847058] sget+0x10c/0x150 [ 1225.850189] mount_bdev+0xff/0x3c0 [ 1225.853749] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1225.858877] ext4_mount+0x35/0x40 [ 1225.862359] mount_fs+0xae/0x331 [ 1225.865760] vfs_kern_mount.part.0+0x6f/0x410 [ 1225.870285] do_mount+0x53e/0x2bc0 [ 1225.873849] ? copy_mount_string+0x40/0x40 [ 1225.878123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1225.883695] ? copy_mount_options+0x280/0x3a0 [ 1225.888228] ksys_mount+0xdb/0x150 [ 1225.891794] __x64_sys_mount+0xbe/0x150 [ 1225.895802] do_syscall_64+0x103/0x610 [ 1225.899733] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1225.904947] RIP: 0033:0x45b81a [ 1225.908245] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1225.911706] binder_alloc_new_buf_locked: 8 callbacks suppressed [ 1225.911722] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1225.927371] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000006c0)=0x200, 0x20) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) bind$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @multicast1}, 0x8) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000480)=0xffffffffffffff7e) sendto$rose(r0, &(0x7f00000003c0), 0x0, 0x4000, &(0x7f0000000400)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x6, [@bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x40) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000001c0)=0xc) ptrace$setregset(0x4205, r2, 0x203, &(0x7f0000000380)={&(0x7f0000000280)="803888d7d8652cf51bcd2786aa7e1dbaf2b5fdc95e469c709a0484482bc40abfff8fb15ebdcca18d8a2e5ee07336979c4d0d6c599f089e800efe342c1e26850579de7182f40a63e8154c0ab3ba617ef8d99011db1fd3be0ff7ca30906f38a58358b1b2f6716dbf92332a16f66f33a7d428139faa04275cebd11a42bf5cbea61aed28e3674fadce661faf7d4624e58990210849b8d79aebaa97b86e772e0f6af84ec2e44bf2c6f3619d617ba053151ea1e1aaac0efc10c8d1759e70e6f867c8e155fd0041f3367f", 0xc7}) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10) creat(0x0, 0x0) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000240)) sendmmsg(r1, &(0x7f0000000080), 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000100)={{0x2, 0x4e23, @loopback}, {0x6, @broadcast}, 0x20, {0x2, 0x4e20, @rand_addr=0x1f}, 'bridge_slave_1\x00'}) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000000c0), 0x2ba) prctl$PR_GET_KEEPCAPS(0x7) r3 = openat(0xffffffffffffffff, 0x0, 0x4000, 0x0) socketpair(0x1, 0x1, 0x6d9, &(0x7f0000000040)) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) fcntl$dupfd(r3, 0x406, r0) shutdown(r1, 0x1) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0305602, 0x0) [ 1225.927389] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1225.927396] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1225.927404] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1225.927412] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1225.927420] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1225.993340] 9pnet_virtio: no channels available for device 127.0.0.1 03:55:28 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1226.003418] binder_alloc: 18701: binder_alloc_buf failed to map page at 20002000 in userspace [ 1226.017414] binder: BINDER_SET_CONTEXT_MGR already set [ 1226.041429] binder_alloc: 18701: binder_alloc_buf size 12408 failed, no address space [ 1226.047659] binder: 18701:18724 ioctl 40046207 0 returned -16 03:55:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1226.059299] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1226.097213] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1226.155302] binder_transaction: 30 callbacks suppressed [ 1226.155321] binder: 18735:18736 transaction failed 29189/-22, size 0-12288 line 2855 03:55:28 executing program 2 (fault-call:2 fault-nth:90): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x152) syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x9, 0x424001) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000008c0)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendto(r2, &(0x7f0000000040)="ff51900e43ff0ccac10af0212fb0e110a50aa36ce46fc3d0188eb23e5aa65b5ff675b142910d0f131c0954186a32c479", 0x30, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) [ 1226.208155] binder_alloc: 18738: binder_alloc_buf size 12416 failed, no address space [ 1226.234968] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1226.304915] binder_alloc: 18738: binder_alloc_buf failed to map page at 20002000 in userspace [ 1226.323685] binder: 18738:18739 transaction failed 29201/-28, size 0-12410 line 2970 03:55:29 executing program 4: r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x6, 0x0, 0xf00) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$TCGETX(r1, 0x5432, &(0x7f00000000c0)) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000040)}) [ 1226.360034] binder_alloc: 18738: binder_alloc_buf size 12416 failed, no address space [ 1226.374853] binder: 18735:18741 transaction failed 29201/-12, size 0-12288 line 2970 [ 1226.388696] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1226.403756] FAULT_INJECTION: forcing a failure. [ 1226.403756] name failslab, interval 1, probability 0, space 0, times 0 [ 1226.416179] binder: 18738:18739 transaction failed 29201/-28, size 0-12410 line 2970 [ 1226.424682] CPU: 1 PID: 18749 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1226.431652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1226.441039] Call Trace: [ 1226.443832] dump_stack+0x172/0x1f0 [ 1226.447491] should_fail.cold+0xa/0x1b [ 1226.451420] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1226.456548] ? lock_downgrade+0x810/0x810 03:55:29 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000380)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000280)={0x0, 0xde, "e19b4b3aa9022f977d14613dea0fe49c4f9f9edff396637ffd95c50b279a4344dd406379c9ceff6b4b73b1887acd1f33cb090e2c5c64e7f3d425422babe8a94f859abd9db72a153ab85f9e06ab9edf080b41726b8855c3159a339aaa2e4396f2eb434c422ec92652438d0107ce414d171e018078cbfaf46f0516de3f42c56a726971819b375e42087df41bb67f1bae0f746132d79af63d791ecb62c6b02d83c9f48e4040998fd2fb357757d88fecfecce7ce5eb858ca4facc9c4f1f0e459849c795f13ea5e86a6f2eab0ca9e5e6a9319e7469dfb8856a41145f45c38506c"}, &(0x7f0000000200)=0xe6) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000440)={r1, 0x6a, "eafceaa3aabdd3dd8922e589e2649bfb15f107812269a5f5f39037c78d02b149e884b5b1d74d16a14dfc0d8939a274d936c035c0a386035f7a98a1f429f8448351001cabaa874cb6eea8ee58c428c3e7f7823090e79302135ec361862d3d8d9f7b9900c798489c2a419b"}, &(0x7f00000003c0)=0x72) mkdir(&(0x7f00000000c0)='./control/file0\x00', 0x0) creat(&(0x7f0000000540)='./control/file0/file0\x00', 0xfffffffffffffffe) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./control\x00') pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./control/file0\x00') [ 1226.460738] ? ___might_sleep+0x163/0x280 [ 1226.464921] __should_failslab+0x121/0x190 [ 1226.469189] should_failslab+0x9/0x14 [ 1226.473013] kmem_cache_alloc_trace+0x2cf/0x760 [ 1226.477724] ? kasan_unpoison_shadow+0x35/0x50 [ 1226.482360] ? kasan_kmalloc+0xce/0xf0 [ 1226.487227] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1226.492201] __list_lru_init+0x3d3/0x6e0 [ 1226.496294] sget_userns+0x84d/0xd30 [ 1226.500033] ? kill_litter_super+0x60/0x60 [ 1226.504309] ? ns_test_super+0x50/0x50 03:55:29 executing program 4: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f0000000140)=0x6, 0x4) r1 = memfd_create(&(0x7f0000000040)='@vmnet0&:.?system\x8a\x7f%wlan1/!\x00', 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000}) r2 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xb, 0x11, r1, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x0) write$P9_RXATTRWALK(r3, &(0x7f00000000c0)={0xf, 0x1f, 0x1, 0x97}, 0xf) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000200)={0x0, 0xfffffffffffffffa}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000280)={r4, 0x80000000}, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='/dev/vcs#\x00') [ 1226.508234] ? ns_test_super+0x50/0x50 [ 1226.512235] ? kill_litter_super+0x60/0x60 [ 1226.516494] sget+0x10c/0x150 [ 1226.519623] mount_bdev+0xff/0x3c0 [ 1226.523191] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1226.528320] ext4_mount+0x35/0x40 [ 1226.531800] mount_fs+0xae/0x331 [ 1226.535280] vfs_kern_mount.part.0+0x6f/0x410 [ 1226.539903] do_mount+0x53e/0x2bc0 [ 1226.543481] ? copy_mount_string+0x40/0x40 [ 1226.547746] ? _copy_from_user+0xdd/0x150 [ 1226.551928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1226.557495] ? copy_mount_options+0x280/0x3a0 [ 1226.562026] ksys_mount+0xdb/0x150 [ 1226.565592] __x64_sys_mount+0xbe/0x150 [ 1226.569602] do_syscall_64+0x103/0x610 [ 1226.573532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1226.578752] RIP: 0033:0x45b81a [ 1226.581968] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1226.601517] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:29 executing program 1: r0 = socket(0x10, 0x803, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = fcntl$getown(r0, 0x9) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000040)=r2) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0xe, &(0x7f0000000000), 0x20a154cc) 03:55:29 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1226.609281] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1226.616586] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1226.624065] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1226.631369] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1226.638672] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x200, 0x0) recvmsg$kcm(r2, &(0x7f00000003c0)={&(0x7f0000000180)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @local}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000200)=""/136, 0x88}, {&(0x7f00000002c0)=""/97, 0x61}], 0x2, &(0x7f0000000380)=""/50, 0x32}, 0x61) getsockopt$inet6_int(r1, 0x29, 0xd0, &(0x7f0000b67000), &(0x7f0000000000)=0x4) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r4, &(0x7f0000000700), 0x100000000000000d) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000100)) [ 1226.713384] sock: process `syz-executor.1' is using obsolete getsockopt SO_BSDCOMPAT 03:55:29 executing program 2 (fault-call:2 fault-nth:91): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) io_setup(0x0, &(0x7f00000000c0)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x7eac8638, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="8f"], 0x1) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_pid(r1, &(0x7f0000000200), 0xfffffee9) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) 03:55:29 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/mixer\x00', 0x400001, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000280)=0x100000000, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000006c0)=0x200, 0x20) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10) r2 = creat(0x0, 0x0) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000240)) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000000c0), 0x2ba) prctl$PR_GET_KEEPCAPS(0x7) openat(0xffffffffffffffff, 0x0, 0x4000, 0x0) recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x100) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) shutdown(r1, 0x1) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0305602, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000001c0)=0x480, 0x4) [ 1226.763226] binder_alloc: 18769: binder_alloc_buf size 24832 failed, no address space [ 1226.788760] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1226.847395] binder: 18769:18770 transaction failed 29201/-28, size 0-24832 line 2970 [ 1226.847404] binder_alloc: 18769: binder_alloc_buf failed to map page at 20002000 in userspace [ 1226.885194] binder: 18768:18771 transaction failed 29201/-12, size 0-12288 line 2970 [ 1226.908059] FAULT_INJECTION: forcing a failure. [ 1226.908059] name failslab, interval 1, probability 0, space 0, times 0 [ 1226.947018] binder_alloc: 18769: binder_alloc_buf failed to map page at 20002000 in userspace [ 1226.963592] CPU: 1 PID: 18778 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1226.970566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1226.979951] Call Trace: [ 1226.982573] dump_stack+0x172/0x1f0 [ 1226.986237] should_fail.cold+0xa/0x1b [ 1226.990172] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1226.995308] ? lock_downgrade+0x810/0x810 [ 1226.995644] binder: BINDER_SET_CONTEXT_MGR already set [ 1226.999480] ? ___might_sleep+0x163/0x280 [ 1226.999505] __should_failslab+0x121/0x190 [ 1226.999524] should_failslab+0x9/0x14 [ 1226.999538] kmem_cache_alloc_trace+0x2cf/0x760 [ 1226.999553] ? kasan_unpoison_shadow+0x35/0x50 [ 1226.999572] ? kasan_kmalloc+0xce/0xf0 [ 1227.006733] binder: 18769:18770 ioctl 40046207 0 returned -16 [ 1227.009030] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1227.009058] __list_lru_init+0x3d3/0x6e0 [ 1227.045342] sget_userns+0x84d/0xd30 [ 1227.049105] ? kill_litter_super+0x60/0x60 [ 1227.053368] ? ns_test_super+0x50/0x50 [ 1227.057299] ? ns_test_super+0x50/0x50 [ 1227.061209] ? kill_litter_super+0x60/0x60 [ 1227.065474] sget+0x10c/0x150 [ 1227.068609] mount_bdev+0xff/0x3c0 [ 1227.072180] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1227.077318] ext4_mount+0x35/0x40 [ 1227.080795] mount_fs+0xae/0x331 [ 1227.084190] vfs_kern_mount.part.0+0x6f/0x410 [ 1227.088721] do_mount+0x53e/0x2bc0 [ 1227.092291] ? copy_mount_string+0x40/0x40 [ 1227.096558] ? _copy_from_user+0xdd/0x150 [ 1227.100741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1227.106302] ? copy_mount_options+0x280/0x3a0 [ 1227.110820] ksys_mount+0xdb/0x150 [ 1227.114382] __x64_sys_mount+0xbe/0x150 [ 1227.118383] do_syscall_64+0x103/0x610 [ 1227.122305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1227.127522] RIP: 0033:0x45b81a [ 1227.130744] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1227.149869] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1227.157597] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1227.164880] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1227.172168] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1227.179449] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1227.186744] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1227.242446] binder: 18768:18775 transaction failed 29201/-12, size 0-12288 line 2970 [ 1227.259529] binder: 18769:18770 transaction failed 29189/-22, size 0-24832 line 2855 03:55:30 executing program 2 (fault-call:2 fault-nth:92): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:30 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:30 executing program 0: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) recvmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)=@caif, 0x80, &(0x7f0000000400)=[{&(0x7f0000000180)=""/27}, {&(0x7f00000001c0)=""/9}], 0x10000000000000df}, 0x1000000000000}], 0x0, 0x100000000000, 0x0) 03:55:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1227.502836] FAULT_INJECTION: forcing a failure. [ 1227.502836] name failslab, interval 1, probability 0, space 0, times 0 [ 1227.515326] binder: 18805:18811 transaction failed 29189/-22, size 0-12288 line 2855 [ 1227.551117] binder_alloc: 18809: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:30 executing program 1: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r0, 0x8200) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r1, 0x0, 0x8000fffffffe) truncate(&(0x7f0000000080)='./bus\x00', 0x6) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000000)=@get={0x1, &(0x7f0000000100)=""/167, 0x2}) [ 1227.598348] binder: 18809:18814 transaction failed 29201/-12, size 0-12288 line 2970 [ 1227.613201] binder_alloc: 18809: binder_alloc_buf failed to map page at 20002000 in userspace [ 1227.622822] CPU: 1 PID: 18807 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1227.629779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1227.639146] Call Trace: [ 1227.641767] dump_stack+0x172/0x1f0 03:55:30 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x400000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x40000000000) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000280)) r2 = accept$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000100)={0x3, 0x800, 0x8, 0x2, 0x3, 0x40, 0x0, 0x0, 0x0}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e23, 0x3, @remote, 0xdb60}}, 0x8, 0x8, 0x1, 0x7ff, 0xec}, &(0x7f0000000240)=0x98) migrate_pages(0x0, 0x26, &(0x7f0000000040)=0x6, &(0x7f0000000000)=0x9) [ 1227.645427] should_fail.cold+0xa/0x1b [ 1227.649344] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1227.654483] ? lock_downgrade+0x810/0x810 [ 1227.658653] ? ___might_sleep+0x163/0x280 [ 1227.662829] __should_failslab+0x121/0x190 [ 1227.667096] should_failslab+0x9/0x14 [ 1227.670920] kmem_cache_alloc_trace+0x2cf/0x760 [ 1227.675607] ? kasan_unpoison_shadow+0x35/0x50 [ 1227.680253] ? kasan_kmalloc+0xce/0xf0 [ 1227.684170] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1227.689135] __list_lru_init+0x3d3/0x6e0 [ 1227.693228] sget_userns+0x84d/0xd30 03:55:30 executing program 0: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r0) [ 1227.696965] ? kill_litter_super+0x60/0x60 [ 1227.701223] ? ns_test_super+0x50/0x50 [ 1227.705133] ? ns_test_super+0x50/0x50 [ 1227.709037] ? kill_litter_super+0x60/0x60 [ 1227.713297] sget+0x10c/0x150 [ 1227.716430] mount_bdev+0xff/0x3c0 [ 1227.719997] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1227.725121] ext4_mount+0x35/0x40 [ 1227.728598] mount_fs+0xae/0x331 [ 1227.728620] vfs_kern_mount.part.0+0x6f/0x410 [ 1227.728640] do_mount+0x53e/0x2bc0 [ 1227.736513] ? copy_mount_string+0x40/0x40 [ 1227.744286] ? _copy_from_user+0xdd/0x150 [ 1227.748461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1227.754017] ? copy_mount_options+0x280/0x3a0 [ 1227.758537] ksys_mount+0xdb/0x150 [ 1227.762106] __x64_sys_mount+0xbe/0x150 [ 1227.766116] do_syscall_64+0x103/0x610 [ 1227.770047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1227.775260] RIP: 0033:0x45b81a [ 1227.778471] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 03:55:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x10000, 0x0) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000180)) ioctl(r0, 0x1000008913, &(0x7f0000000000)='\n;') syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x7, 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x420100, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f00000000c0)=0x120e, 0x4) setitimer(0x0, &(0x7f00000001c0)={{}, {0x77359400}}, 0x0) setitimer(0x0, 0x0, &(0x7f0000000080)) [ 1227.797391] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1227.805126] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1227.812430] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1227.812440] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1227.812448] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1227.812463] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) listen(0xffffffffffffffff, 0x0) 03:55:30 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1227.831570] audit: type=1804 audit(2000001330.290:287): pid=18821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir098719244/syzkaller.KUPM7L/1496/bus" dev="sda1" ino=16771 res=1 [ 1227.883872] binder_alloc: 18809: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:30 executing program 2 (fault-call:2 fault-nth:93): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1228.018181] binder_release_work: 32 callbacks suppressed [ 1228.018189] binder: undelivered TRANSACTION_ERROR: 29189 [ 1228.057143] binder_alloc: 18853: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:30 executing program 4: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x80000, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x800) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f000035e000/0x4000)=nil, 0xe03520}, 0x1}) ioctl$VIDIOC_S_PRIORITY(r1, 0x40045644, 0x1) ioctl$TCGETX(r1, 0x5432, &(0x7f00000000c0)) fsetxattr$security_ima(r2, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="230e8ed7bc62"], 0x6, 0x3) 03:55:30 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x9) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x100) ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, &(0x7f0000000040)=0x0) ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000080)=r3) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1ef}}], 0x1, 0x43, 0x0) 03:55:30 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1228.117943] binder: undelivered TRANSACTION_ERROR: 29201 [ 1228.127594] binder_alloc: 18853: binder_alloc_buf failed to map page at 20002000 in userspace [ 1228.177768] FAULT_INJECTION: forcing a failure. [ 1228.177768] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.207111] binder: undelivered TRANSACTION_ERROR: 29201 [ 1228.234830] CPU: 0 PID: 18860 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1228.240043] binder_alloc: 18853: binder_alloc_buf failed to map pages in userspace, no vma [ 1228.241928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1228.241936] Call Trace: [ 1228.241964] dump_stack+0x172/0x1f0 [ 1228.241992] should_fail.cold+0xa/0x1b [ 1228.261238] binder: undelivered TRANSACTION_ERROR: 29189 [ 1228.262369] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1228.262390] ? lock_downgrade+0x810/0x810 [ 1228.262410] ? ___might_sleep+0x163/0x280 [ 1228.272807] binder_alloc: 18853: binder_alloc_buf failed to map pages in userspace, no vma [ 1228.275390] __should_failslab+0x121/0x190 [ 1228.275411] should_failslab+0x9/0x14 [ 1228.275430] __kmalloc_track_caller+0x2e1/0x750 [ 1228.284847] binder: undelivered TRANSACTION_ERROR: 29189 [ 1228.288939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.288957] ? bdev_name.isra.0+0x1aa/0x200 [ 1228.288970] ? ext4_fill_super+0xf0/0xcb40 [ 1228.288988] kstrdup+0x3a/0x70 [ 1228.289002] ext4_fill_super+0xf0/0xcb40 [ 1228.289014] ? netdev_bits+0xc0/0xc0 [ 1228.289032] ? set_precision+0x180/0x180 [ 1228.289053] ? reacquire_held_locks+0xb7/0x3e0 [ 1228.289068] ? sget_userns+0x208/0xd30 [ 1228.289087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1228.289099] ? vsnprintf+0x32f/0x19b0 [ 1228.289130] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1228.372801] ? up_write+0x1c/0x150 [ 1228.376358] ? snprintf+0xbb/0xf0 [ 1228.380317] ? vsprintf+0x40/0x40 [ 1228.383777] ? wait_for_completion+0x440/0x440 [ 1228.388367] ? ns_test_super+0x50/0x50 [ 1228.392270] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1228.397387] ? set_blocksize+0x2bf/0x340 [ 1228.401479] mount_bdev+0x307/0x3c0 [ 1228.405122] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1228.410251] ? mount_bdev+0x307/0x3c0 [ 1228.414061] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1228.419262] ext4_mount+0x35/0x40 [ 1228.422733] mount_fs+0xae/0x331 [ 1228.426113] vfs_kern_mount.part.0+0x6f/0x410 [ 1228.430629] do_mount+0x53e/0x2bc0 [ 1228.434202] ? copy_mount_string+0x40/0x40 [ 1228.438451] ? _copy_from_user+0xdd/0x150 [ 1228.442794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.448352] ? copy_mount_options+0x280/0x3a0 [ 1228.452862] ksys_mount+0xdb/0x150 [ 1228.456421] __x64_sys_mount+0xbe/0x150 [ 1228.460412] do_syscall_64+0x103/0x610 [ 1228.464312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1228.469597] RIP: 0033:0x45b81a [ 1228.472796] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1228.493971] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1228.501709] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1228.509002] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1228.516286] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1228.523582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 03:55:31 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x20000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1228.530874] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 [ 1228.582215] binder: undelivered TRANSACTION_ERROR: 29189 [ 1228.605840] binder: undelivered TRANSACTION_ERROR: 29189 03:55:31 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) r2 = epoll_create1(0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffff7, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000240)={"fde4a2aebb994242c699b96e5f5e68cc4b9a1280f18b7f308905a9b4d67ce5ade27121c67b933ddfbaae0fe81f951064f2374f97215bf47fbf7d9cf8cfe9a42e78db40befffe9f83d56dbd0f2db63d95585c23e79c02bb195368268d37f35dd24f1c51a91ee5920fe8a4a68781c71c9fd8cb803d8422cd8bac9c0a8a50572addddbe08a0a4ea34fc3956d455376771abdb12e16d024e8db96f0ab1247b049d9e6018cb79e402255f788b561f2f86596bcf1aece45ee56591bb8778aa40daeaf217f07d524b0bf6e3775ab847f65515b202dd763014a8165b0f8490161ca2d0ff0198fe2ad7550993f84a09c9ef9aaec38f535f26f07c4888e5e7a02829c42525a5125dc20e0d330587205692fd94b4832ea6e696fa6fed334b49a409f1ab553b2baa0f0750ef4a878949943609d28834c04cbe6f0ea408385a6ed5dd426dadd8256df9aa049d087c69ed5517c9fab5a5baf2ef64efc1df1a01fe106fb7b06bee5397d697fe6de89b13d24f46a7289c74c1d8de170456a192a00ccb6b5eb972a36d8608e3fa415492d908a0a18271753fc1a681d8eb95b5527a96196da855ddc426a80dced660d2351097c2e93d47d60b9c015813132e5f0b344b6718c3dbfcd7b23773f85849df77b8091847f37b2e982dfd0989d641350decbabbaf130e13c0cc875f913d74b313da5157198b4a47db4bf0f1d7f45d08ab89e71e7650a1b75986797147f8c72d5fdf0e27d8bdd970ddea256849fd5a9a5692d5e9f42439f8b0a0644f51c62236caa749a3ed43ba0d10294b4fdefa86a6fa175321dddda0b77e344a11a66832ffa88d37dc556efd62a6ab64a213a3ab658056f870b3905f00b28a5ca1aafe3203a6b3ba6c70ce207db7896617c8237d9d71a1bc8725c38cd57ee6e29f59aa42355c41aff5eb016e1d65dabc1d293eeec114107601708b279fed1a026480d78b188ac037a54624e5eb35204a8faad09279259d3725fadd9b1a2627eeaa76f9a63d47afdbd3e9e0e07ad5a23374f71b25d58b13c294699f1d590c57369dae740b3e6f64c010f31684b9eed3aef461dfcb2e221e8c75d31d28e8a7f31769d5d91abd8036e0074efda90c8773725dcf2c5e59e8e757b868b2a8cc88cd6777b454f33e11b04a1cdf4a3aebfa8e179464f9dd7e464e385fbf9014ba0ea82776263303199e44201d10788b6446d193710122b0bbe48f2d600519932307b90926b021d7b1eda0ac8a6d4745e22f5971f39b1aeb654ef057c35e1b235ca861996e68b76d0527bb35f390f84bc195cba552adfeb37b90ca178d3758ae4742d2d46622c6466a2a01658dca6b40cd5ae009665441b7a51988d0a75df68fd43ecdf6e18d17b92d8df7ed7dcc227a10dbff0505afcd9a38de547b4731a25384e75bab166f3970b8af94b46317da145c1bb2d80f8943295db8057d2eb848f349df"}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000001c0)={0xfffbffff80000013}) syz_open_dev$media(0x0, 0x0, 0x0) 03:55:31 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB="7b000000a27b59afadae9c052b59db5480390c2acb40a653656b3ca6110c5e6d541c30543115d31e537d0fd2b316630cbfb15ae823486e9da8567637b8f584f31fe79d86cb6521d75207814454401c60cbeffadc01595bcd8dd40c837eedfc0a9a22a2b0559ae320ee4e5f5ea24dcf2aaa7efbc6af3de316d539055a517e3af1ac853bb1b3da8b37d1e2"], &(0x7f0000000140)=0x83) bind$tipc(r1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={r2, 0x5, 0x20}, &(0x7f0000000280)=0xc) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syz_execute_func(&(0x7f0000000180)="1c13b5b598cd801b69e4f56962f5696200d9d9d017795bf9f2680c0000008fe9589b26c7e4c753fbc4e101edfec4427d82663ed107c4c2b90a23f2168f4808eebce00000802000c422b18cb6070000005151c4a27d181ec1ea01ef7265dc5f00c35b5b304545e269a8419966030faee42c240f54635bdef2460f5e6061a1e1e0ef26400f0d18c401fe5ff6e30fad6736660fd2938c000000c4c1f913376666450f17720d2e440fc7bf0d000080450fa8") syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x2d, 0x101000) 03:55:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:31 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='subvolid=+']) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x100) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0x9], 0x1, 0x0, 0xe8e, 0xfffffffffffffffe, 0x3ff, 0x0, {0x4, 0x9, 0x1, 0x6, 0x8, 0x9, 0x5, 0x7f, 0x7, 0xed, 0x7, 0x3, 0x1, 0x0, "c0704e6a513a07a6232a3eac7e764e5b27aacfc514a280986eca3e9a4c552569"}}) 03:55:31 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:31 executing program 2 (fault-call:2 fault-nth:94): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1228.800915] audit: type=1804 audit(2000001331.470:288): pid=18823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir098719244/syzkaller.KUPM7L/1496/bus" dev="sda1" ino=16771 res=1 [ 1228.839429] binder_alloc: 18883: binder_alloc_buf failed to map page at 20002000 in userspace [ 1228.873555] FAULT_INJECTION: forcing a failure. [ 1228.873555] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.890927] audit: type=1804 audit(2000001331.470:289): pid=18880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir098719244/syzkaller.KUPM7L/1496/bus" dev="sda1" ino=16771 res=1 03:55:31 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000200)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000040)={0x400000000000, 0x3, 0xb}) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x700) [ 1228.925603] binder_alloc: 18883: binder_alloc_buf failed to map page at 20002000 in userspace [ 1228.946801] binder: undelivered TRANSACTION_ERROR: 29201 [ 1228.967334] binder: BINDER_SET_CONTEXT_MGR already set [ 1228.973153] binder: 18883:18884 ioctl 40046207 0 returned -16 [ 1228.983247] binder: undelivered TRANSACTION_ERROR: 29201 [ 1228.991018] CPU: 1 PID: 18889 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 1228.991690] binder: undelivered TRANSACTION_ERROR: 29189 [ 1228.998063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1228.998070] Call Trace: [ 1228.998099] dump_stack+0x172/0x1f0 [ 1228.998126] should_fail.cold+0xa/0x1b [ 1228.998158] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1228.998180] ? lock_downgrade+0x810/0x810 [ 1228.998203] ? ___might_sleep+0x163/0x280 [ 1229.019246] __should_failslab+0x121/0x190 [ 1229.019270] should_failslab+0x9/0x14 [ 1229.028310] kmem_cache_alloc_trace+0x2cf/0x760 [ 1229.049347] ? kasan_unpoison_shadow+0x35/0x50 [ 1229.053966] __memcg_init_list_lru_node+0x8a/0x1e0 [ 1229.058937] __list_lru_init+0x3d3/0x6e0 [ 1229.063032] sget_userns+0x84d/0xd30 [ 1229.066772] ? kill_litter_super+0x60/0x60 [ 1229.071179] ? ns_test_super+0x50/0x50 [ 1229.075104] ? ns_test_super+0x50/0x50 [ 1229.079021] ? kill_litter_super+0x60/0x60 [ 1229.083297] sget+0x10c/0x150 [ 1229.086440] mount_bdev+0xff/0x3c0 [ 1229.090011] ? ext4_calculate_overhead+0x11b0/0x11b0 [ 1229.095152] ext4_mount+0x35/0x40 [ 1229.098644] mount_fs+0xae/0x331 [ 1229.102043] vfs_kern_mount.part.0+0x6f/0x410 [ 1229.106587] do_mount+0x53e/0x2bc0 [ 1229.110165] ? copy_mount_string+0x40/0x40 [ 1229.114426] ? _copy_from_user+0xdd/0x150 [ 1229.118602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:55:31 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = shmget$private(0x0, 0x2000, 0x10, &(0x7f0000ffd000/0x2000)=nil) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000180)=""/41) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x40000, 0x0) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000000100)=0x7, &(0x7f0000000140)=0x4) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0xa5d98e4119f97ec2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f0000000000), 0x2) setsockopt$RDS_FREE_MR(r3, 0x114, 0x3, &(0x7f0000000080)={{0x0, 0x9}, 0x10}, 0x10) [ 1229.124174] ? copy_mount_options+0x280/0x3a0 [ 1229.128727] ksys_mount+0xdb/0x150 [ 1229.132299] __x64_sys_mount+0xbe/0x150 [ 1229.136302] do_syscall_64+0x103/0x610 [ 1229.140219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1229.145431] RIP: 0033:0x45b81a [ 1229.148652] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1229.167578] RSP: 002b:00007f35c6955a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:55:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = gettid() clone(0x2106001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) poll(0x0, 0x0, 0x8000000000040) ptrace(0x10, r1) ptrace(0x11, r1) r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xa9f, 0x600) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r2, &(0x7f0000000100)={0xf, 0x8, 0xfa00, {r3, 0x5}}, 0x10) [ 1229.175344] RAX: ffffffffffffffda RBX: 00007f35c6955b40 RCX: 000000000045b81a [ 1229.182654] RDX: 00007f35c6955ae0 RSI: 0000000020000000 RDI: 00007f35c6955b00 [ 1229.189952] RBP: 0000000000000001 R08: 00007f35c6955b40 R09: 00007f35c6955ae0 [ 1229.197250] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 1229.204550] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000004 03:55:31 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:32 executing program 1: timer_create(0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000200)="0adc1f123c123f319bd070") r1 = getegid() r2 = getgid() fstat(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x4, &(0x7f0000000180)=[r1, r2, r3, r4]) timer_gettime(0x0, &(0x7f0000500ff0)) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x10000, 0x400200) 03:55:32 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00') ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000080)={0x7, {0x4, 0xd4d2, 0x7f, 0x3}}) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000180)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000140)) r3 = inotify_init1(0x0) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000100)=0x401000000) ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f00000001c0)) dup(r1) r4 = socket$inet_udplite(0x2, 0x2, 0x88) syz_execute_func(&(0x7f0000000400)="b11391cd808e6b006969ef69dc00d9c462b93816d090c4413927fdfdf91cc1c7c7e4c653fbc1c481b486e71010f4a95ff9f345a67950ea01ef420f62850000000018675dd1d97c7c730f5726400f2d4d181801fe5ff6a9c1066200c482fdbae53300b1b182010804f40ebd890f000000") ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000200)={'bridge_slave_0\x00', 0x2}) 03:55:32 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rtc0\x00', 0x0, 0x0) semctl$GETPID(0x0, 0x0, 0xb, 0x0) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000400)={0x1, 0x0, {0x0, 0x0, 0x0, 0x12, 0x2, 0xff}}) r1 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000000)={{}, [@null, @netrom, @rose, @rose, @bcast, @rose, @bcast, @null]}, &(0x7f0000000080)=0x48, 0x800) getsockname(r1, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, &(0x7f0000000140)=0x80) sendmsg(r2, &(0x7f0000000280)={&(0x7f0000000180)=@l2={0x1f, 0xfffffffffffffbff, {0x2, 0x400, 0x8, 0x0, 0x10000, 0x8}, 0x8000}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000200)="1a5c7454c223224180d4cd9f87d9aba4cf23f334de87dbee97e9d486683ec93ded98312284655934fa65ebdc5f0fb4a64cce67764f", 0x35}], 0x1, &(0x7f0000000440)=[{0x90, 0x111, 0x1, "e31d686fd88441bce5838cb19516beb7595d1d1207c82238f7f2ac1fb8c6ac133d76a5d6a81849cddd8ddf69ebe9923a849a290ebc973c970445f752d51bd438dbad6ad7ab6b07fcac3d98ed8b5c94f69b8951de6d6a9be2eb3628ac868e59c30dfdcd2508e17f18676daede60640c9b4cc9aa1dce50ec944db097535c98da"}, {0x18, 0x10c, 0x401, "3d100b8c"}, {0x80, 0x0, 0x9, "93c1911b80bef6e7028b330a9b9b9bc825862eb360902f0cd4e280846b9a9db9753cee9708bae27272f5600bb4a3078bc9cf8bf3acfecd5e101962790490be5b1fd44f14d02a2c2f8c2bce09a318f8939d2c9e379e435226589f7040abc88fb7ec00e21a95a802fd86e3b0e441"}, {0x58, 0x116, 0x5, "77292f48e57211aa3388837c57da8f987e773fc9d32b139d342bf79157039907a6981468f4cc331974994a870e5648e44abc7242fbe76988952fab96e15cac0bda3775acd55ce7"}, {0x58, 0x0, 0x9, "7fb6de64bba8be7b36d5a23b468c10ff67f12f50f231c40ec2dbf10e5d85a05a902ff58b64db1f06f92ce1f59f6d85cc5f105a6e7b3bd4da2e56c3180d40bb5611"}, {0xc8, 0x103, 0x7423, "7a4adba9001a1569c7638949f747d18afc22638b6434e8f1dffa114a322e0d862e29cf17da1f10bf57335a134e9e3405f7c754cfb8c129f693b4d6ad1db55d70e9e48e30a4a35e00127c5cc3c1c326ddbd549d76b6c826bf2443d5ddaba66d33db2b67b0093b329f4e113bba6accae0dcc7ea4eb7df26c07b4917f01270b55027e5ebb71ab1e50af1aab8708b160cf2141869fd8bb99ce4e002d7e6076a997c3fc94b2b232c2ca98ee39987a3c2605f54e2beef89fe4"}, {0x70, 0x112, 0xffffffff, "749adcd3f06c83caf6732882c2f30d38243dde9606f80a7a91ec50ba5af94617dbde2a590448fc18b70b3e2334caba41bda80d7b3119e742d1876beeb0a469d5b2f19bbf7f5435c83daaac851483a40f3d58d8772623f6e8e0caf6f7d6"}, {0xf0, 0x109, 0x5, "7448c1e2868ba6604bd3c62a279683d034195e505ea9c121858befdf041f8d63277667c89e745358eb70c13b403ffac938038a76225455e991371dfa2163c3799980c374b46150a54e21c7bbbedf3a2a17e0c6ae16cb7c6cdd98066581822a63d366ce15f83581320a8a8a7b4e364842b8d7264050a322479926101867615d05ed2d607b0b519ac18377629674d4043533c389d5fbbd693dc6551e4084579604d22c83aa669bf9b4dcebdaa5a71c8021ff226ab9d9c58d15dfbc51468bd22b23ef2b36d8c9b0422a6297516d54ebb184ade6b7d5059076c51bf51db9508e"}, {0x90, 0x186, 0x81, "2712b1fe134de7cca094a3772e87286957e705abbbbc05545b499028c764b89a5c223fd7a029b681f31073c05b2d34a6626b5efe8adc765d9f651732f32cd6a9317a4dd983de65de54ee9e339570db50a9065d5281fad148ad50774d1c9b51e21343be8ae4b2f2823b8f7a7566fbe7cc7d366d842a2f64e31cc2"}], 0x490}, 0x40000) [ 1229.512972] binder_alloc: 18921: binder_alloc_buf failed to map page at 20002000 in userspace [ 1229.565041] binder_alloc: 18921: binder_alloc_buf failed to map page at 20002000 in userspace [ 1229.585343] binder_alloc: 18921: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:32 executing program 1: userfaultfd(0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x400080, 0x0) ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000080)=0x6) getsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f00000000c0), &(0x7f0000000180)=0xffffff09) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x2000, 0x0) ioctl$VIDIOC_S_AUDOUT(r2, 0x40345632, &(0x7f0000000200)={0x5, "ea1d2723dddbfadea2b41494023eaa2da4011b6258aa10add445313cc16cfef2", 0x3, 0x1}) openat$userio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/userio\x00', 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, &(0x7f0000000280)={0x1, &(0x7f0000000240)=[{0x0, 0x0, 0x0, @random}]}) pselect6(0x40, &(0x7f0000000140), 0x0, &(0x7f0000000380)={0x7f, 0x20000000000}, &(0x7f0000000400)={0x0, 0x1c9c380}, 0x0) [ 1229.620892] binder_alloc: 18921: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:32 executing program 1: socketpair$unix(0x1, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) close(0xffffffffffffffff) getpgrp(0xffffffffffffffff) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, &(0x7f0000000540)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f0000000580)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="ac1d00007f00000100000000090000007f000001ac1414aaac1414bb00000000000000b782cda601ffffffff7f000001ac1414aa"], 0x34) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) add_key(0x0, &(0x7f0000000640)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) request_key(&(0x7f0000000000)='logon\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0) semget$private(0x0, 0x0, 0x200) readahead(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10811, 0xffffffffffffffff, 0x0) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000480), 0x80000) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, 0x0, 0x0) write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000200)={0x7, 0x4b, 0x1}, 0x7) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="2e0000001d008100100f80ecdb4cb9047ec8650400000000000000fb120001000e00da1b40d819a90600150000", 0x2d}], 0x1}, 0x0) 03:55:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1229.851466] binder_alloc: 18942: binder_alloc_buf failed to map page at 20002000 in userspace [ 1229.901434] binder_alloc: 18942: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x13a) ioctl$VIDIOC_DBG_G_CHIP_INFO(r0, 0xc0c85666, &(0x7f0000000100)={{}, "3e2bb21a8b1771316e51954d612bc1a5c7e9db0016fe2b6f4813ddafbfd8a304", 0x3}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) r2 = dup(r1) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) read(r2, &(0x7f0000001900)=""/4096, 0xfec5) ftruncate(r3, 0x8007d) socket$inet6_tcp(0xa, 0x1, 0x0) sendfile(r2, r3, 0x0, 0x2008000fffffffd) 03:55:32 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x7, 0x9, 0x200, 0x7ff, 0x4, 0x101, 0x1, 0x1, 0x0}, &(0x7f00000000c0)=0x20) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={r1, 0xfffffffffffffff7, 0x4, 0x10000}, 0x10) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [0x700000000000000], 0xf}, 0x3}, 0x1c) 03:55:32 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x60000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1230.024592] binder_alloc: 18942: binder_alloc_buf failed to map pages in userspace, no vma 03:55:32 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000002c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0905664, &(0x7f0000000400)={0x0, 0x6, 0x2}) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x40082) r2 = accept4$alg(r1, 0x0, 0x0, 0x80000) r3 = getpgid(0x0) io_setup(0x5, &(0x7f0000000140)=0x0) io_cancel(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x8, r1, &(0x7f0000000180)="723a87cbdad6b3c5bc8488edcfb3f0286bad2046ce5986f202f0f38f8cb7b9a3a8c3dd97e948d1af9aee021682a0add9dec160641058", 0x36, 0x100000000, 0x0, 0x0, r1}, &(0x7f0000000200)) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000000300)={0x3, {{0x2, 0x1e6, @local}}}, 0x88) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000ac0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000bc0)=0xe8) bind$packet(r1, &(0x7f0000000c00)={0x11, 0x16, r5, 0x1, 0x7fff, 0x6, @broadcast}, 0x14) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x100, 0xe3b4, 0x8, 0xfffffffffffffff9, 0x0, 0x3, 0x80, 0x2, 0x7, 0x9, 0x4, 0x2b4, 0x100000001, 0xd4, 0x7, 0x8, 0x4, 0x100, 0x10001, 0x10000, 0x3, 0x100000000, 0x5, 0x800, 0x8, 0x10001, 0x3, 0x0, 0x1, 0x10001, 0x4, 0x3, 0x3, 0x3d63fb6, 0xe, 0xc61f, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x53, 0x101, 0x0, 0xd, 0x560a, 0x3, 0x8080000}, r3, 0x3, 0xffffffffffffffff, 0x8) ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000040)={0x82ab, 0x3}) [ 1230.095180] binder_alloc: 18963: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:32 executing program 4: clone(0x10004103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() pipe2(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0xfaea99dcca69a91c) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="5579a9d8a3fc725da2fba73b0bbbb9d5438bf25c6a5560ce420a7f571557fa91864fd995f7af831315f2ad6dabe535", 0x2f) mq_timedsend(r1, &(0x7f0000000200)="6d0f8f6dab09d3f8d3f7e5af3df126fd1122ae0c93cbe97e05e8a4ddebd813c156187e9c1736d73a81eb2f00c08da4db7b5530058782754a9d0f5abefa1799228b28a87244fd67d611b1f8e684f75c36eabc557765bd98058a195eeaa51cf78e10950659fda5b731ac98b8848cd7ab20c05df1a0e7cd13f1013ece09348c5752a6e908269cbe56c8c0cd37731a8443d570cf34f9fd16e07f1995cbde0aece001d887097699f9295b7ad7deaf38ddd59134e0678d511b28d1005a313b099218502a191b7b6f1b9ca94118a219044a113b62d94f827a57a4519f38ee7d1629", 0xde, 0x8, &(0x7f0000000300)) futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x12) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x80080, 0x0) setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000040), 0x4) read(r4, &(0x7f00000004c0)=""/83, 0x53) tkill(r0, 0xd) recvfrom$unix(r2, &(0x7f0000000340)=""/196, 0xc4, 0x2, &(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e) 03:55:32 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1230.151211] binder_alloc: 18963: binder_alloc_buf failed to map page at 20002000 in userspace [ 1230.180600] binder_alloc: 18963: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:32 executing program 0: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x1) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x81, 0x3, 0x1, 0x3, 0x5, 0x6, 0xc7c, 0xfffffffffffffe01, 0x8615, 0x0, 0x0, 0x38000000000, 0xffffffff, 0x300000000, 0x1}}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r2, r1) 03:55:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000400)) ioctl(r0, 0x2ab8d183, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) gettid() keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000000c0), 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) utimensat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={{0x77359400}, {0x77359400}}, 0x100) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x100, 0x0) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) connect$inet(r4, &(0x7f0000000a40)={0x2, 0x3ffffffffffffffe, @empty}, 0x10) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000180)={@reserved}) write$P9_RREADLINK(r2, &(0x7f00000001c0)=ANY=[], 0x130) r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x200, 0x80000) ioctl$EVIOCGVERSION(r5, 0x80044501, &(0x7f0000000340)=""/188) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000080)={0x2, {0x2, 0x4e20}, {0x2, 0x4e21, @loopback}, {0x2, 0x4e23, @broadcast}, 0x60, 0x8, 0x5, 0x1000, 0x0, 0x0, 0xfd00}) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000680)=[&(0x7f0000000580)=')]\x00', 0x0, 0x0], &(0x7f0000000940)=[&(0x7f00000006c0)='\x00', &(0x7f0000000700)='\x00', &(0x7f0000000780)='cgroup\x00', &(0x7f00000007c0)='syz', &(0x7f0000000800)='!em0\x00', &(0x7f0000000840)='security.SMACK64IPOUT\x00', &(0x7f0000000880)='security.SMACK64IPOUT\x00', &(0x7f00000008c0)='eth1({trusted(em0\x00', 0x0]) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000280)='./file0\x00', 0x8000, 0x1, &(0x7f0000000140)=[{&(0x7f00000002c0)="eb58906d6b66732e66617400020120000200068000f8", 0x16}], 0x0, 0x0) [ 1230.311906] binder_alloc: 18963: binder_alloc_buf failed to map pages in userspace, no vma 03:55:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000000c0)=0x20100001d) accept$unix(r0, &(0x7f0000000100)=@abs, &(0x7f00000001c0)=0x6e) syz_genetlink_get_family_id$SEG6(&(0x7f0000000300)='SEG6\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) clone(0x802102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f0000000080)='\xdd-ppp0,,vboxnet1-\x00') 03:55:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1230.368055] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (b2381809) [ 1230.453454] binder_alloc: 18991: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='\nxt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:33 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) r1 = userfaultfd(0x0) r2 = shmget(0x1, 0x13000, 0x40, &(0x7f0000fea000/0x13000)=nil) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000001180)=""/49) sendto$inet(r0, &(0x7f0000000180)="b71b056dd0f8a325d84a980099545c6923adf65fbccf2aa85632fa4c8f19e3671055bbdddce7a2bb325d94502d99278dda6cfd5aea8b39be0ba5003bb611cc9d5ea4d1dae0d12e16ddca7e8d8bfead56218de662a47c167b2710c5d4ee1d7409da582f2ecc61d7a218db2df8678f236aad99f6841a79100b86900beb4a29cd370d074c18c6802d8de4499db4346d65732ad4c1a91819cc68771a9ee906d9541689bffe189ea80434e94f46673c058de551532d6beef8546472edc0ac78b42b0347a2e88f654a97e37e3db2cb5bd6433dc023276bcbbd0fdd6598e9f829433a03934114ee1eb7c85b2cc1ae6be972e8530d812a59b45a8303a479a811945c12096417116c24fd2e8eba95ab2aac98b5a4fd5cf8f046e3baf93e56e6af37718ede5452adb7ec60aaa6fe863881ce056480776a13b5f5750a2ee3dad0d84e956f383ed353815146c1247a601d66f84e1657b6bd8e76f7d7603fabe3237c3243305aefd912733a509cd7d819b0aca1010f7547a96263bb24b37e8c2001cab6be57e437e50c11095d4e81dabb8909012ba9e6ccd9e55604a7810614eebf36ad5dc8e04b0883f986edaa0048dea7f0052eab5570bbfa07abb7f92e4d04cab583d9aecffdf46d32b50034b63ec1703b041c06cb3c3520feb84f4fd0e3936c13f7db67c6d01eff982830eb14a15999a6d75471503450eef344b7b89c724e9d9ef31c2bb0f476ae2216f0254a94fb77b265f4a642955081b5c9fdc1b26b42648f117f0378fe261c36a80ef05751b031505442554cdf2d7eb8129ca73777ee9b5ef69fda0dc1d494fd5a8b0af3684a6659f38402a19a6e062ab3cedfa8c21141cb9d9863ce73bb2b5e6f9afd388943e4bdd18fac5307e639ce4265f8f20ad26540c685691fca03863e4b5ddfe6db20712f63dd4b3251353ff69d421c5927dbf63f1acec8078a9eb3c62833bd5ed0937c4b355bb4e96d326b27759d68d2100eb2950e793785ad9fe9c769825a110a7bfc3245a7435b68f47987abc60bba4749adba65d25313d2884ee67ee5dc331a8147a1815d4f919a91c717b1f498622f40439f7f2c6bfb0f32698c9c49eca1ebb8b5daa381017d0421e19c1b6b55973855a8ef6690f7ede57ddfe7ff61e040ef1d0ebf6654bcc49c2591e7f3b7ec56f03ba85a938e46e98ef31c9d6fdbf7d3f8255a84d1dff2e88fec2d4957de8eaf6c115cfab5058e67b8acdb2a28e15d993e6e3bed64533d612a6cac714129933c8f70f31b2e606e01a5b59d252fed0bf679425333452a05e089ddb97cb4558bc2c1abf9bfc5d2168a06a4b6913d5f6796ba4441ef8e31267ec51915aa9e88726942f410ae8e65b5a3c380a5a578127540ebc1ba54971dee7f2f0f03a4eb1d01e6320b45b3f09c8b7b41750582e5fa48e676d152afe50eb820edb8df528effecf122dab7f5fe493d9b9a1e8b4e045bf5e141d63148ce2a81dbb60a3a154495773aa5b66e39b35150ff717153979c4f219359a890ad0c6c5c3423057c97364e32c4d35c31059bcd1a8de39bbdba17dfcb8daf89e180af05de7a397ce7605527776a2196c34ea0fc8fe75e3d0e443a7c2922aae4c3c1ef5c4823b73961a527e994c8dca3fd4c6d68cc3b8847a254803280e5ecc0c0475d83ad4d2f246db0c2d62582e514a149d22038c7b41eda1307bf49f40d2705ec44c874b0f80cce69601c082aa8fc10de87f2ff993af07784449bc1fcac26b1e13e3bb8bc89fd4ee80b70047f12500181d9003cb882b54e4f02ca03dc06a33ba8913ccfdcb0816ca3c501546fc16d116c7dae1643bea07e07864b5ebd859e25ed50b233abcd054600ec6d2e05eff46c3fc106b02f7aa0d1a4989ea782b5a2e9b3e0f6adb9f4eaf9ff5ea80a69dc0763f67f60802ebc72ecfa7d13824d451bfdb263ea5eb51eabb26fafb042facdf22860ac1a00eeada30984a941c86322d77066cfa27a94083fda29af8f14617753d32a52e74a2da197206106082983e6ea6263a1292d6861192f960c6c897120951b54d5a36c3b414bc2dd8bb9a91da840987229c508c8b3e26732f2956eb5056922bbf2d22f2c5dd337f64bbeb64698e3ea7431c5532a05e762b9add8d7516c9f41e041ac3c5e7127237ed616677ec2668447acdfe1c6963c3102a58e8dc488ff63007ba7c6d5816713aa022c970eb3025c9f9da42ddb5cd44b1c90f8b4a0b1954db4530556f72b73abbe1361ae19c7aa49045daf85df3f7e45bcc19984d98dfa55d9506b72ef2ffa6ddef9a68e803a2eb6490437806de79bc57afa6a04a427fd10fcfca086f8d3aaf9b7cba49183d1fe3bf68b2ef6b7f8e8b84d19217b6e1a911023b820a2ec055cd67678d1226d0a0801e097ae1b6e331d2f57b039cdfddf17f0fe30bcb610031fd44776d8f939fa0116cb59b41ea6b728ac17050323cbb46b8e396fb8ac6705c126a1ae1bb81999c92a11173af6e665bf795fe0df8692e9963057dcfd01db71a83ce2ec2ebdc4122de79f64eef96b83dfd8e554fb994d9364b05767e4a695e4714f38c1ee839aec8deca7c8ef58bfe24fd173c60a57400bc3e1e4919d3e67ccd4588fb852f561c663768bef0cc1e0f57a5cb62f17e1c16ac82b22059a6808958dce4786c5758b7cc9a3e716204823709b9d32df4d164fee4b9b34f81b7a3f0e66a34bc6582789424dea60ae304b54fe19abe624f9aa81783e3efcfd3c5d7157c98d50ecc1a331110345f01a66da96d7ff5b351f833afe756efe814018ddd8e02018ac6a32861218ddc953e98f71d5bbb68e83f7b8d2c72c2362c3e65aa3cc49c1ad5659ce6746a324d25edbea4db5a6dfebd630c27c306c6df37df96268987d86217f680a636c7d4cf9d281096662f5a03f484e769fdd592e82bd43d1293bb745bc649ffe19418d2cd6d91c70ac59774ca341ce2fa489030e49de7af71bb59319461c317d51f024f53812a9e5c7444e2e8d066890a362010844b8382c6b330818f833cd9796a327ee10d702e660ff44c79073d6138afe8bdfc91e8eddf6c98a8345a05f775cc9514aea39d925f7d713598333447bf9d91f90013e65042776c7a9d8be47d312712bc1429bac821c9def9c854ee9719a312b67dd965c8d55099044dd55dbad03752d2bb703b8c186c473a59a13176fd7ad1028d9c6f36f87457fb56e5a27893ca4c66719eef1dc129bb5010fc678d53c81d8b4488b7f7dd652117d5664a8533087386e4d8b2b15d19cb5acddd1b9350743846d4a2a8e371a6a82c9e7b52048af9adf6ff9dc726177e164635dc167c3caceac1c654692c9d7b21b9eed525d87483d522e20601971de81750c7827fcb80f3b86544c1410aac138ec8b107a352554b690e9a7a8a63198ee13e0fd4c2e66e42907d74578bca97b45719400516159ae768c7787920ee69cd8195bf70cabb6b7678d322e7cd6178cc3ab6ce93b8539dcc03c951bf14a27e51cf1246007d628947d3a57e34735158bb22abde40c135ffd16facf4ef3b6a5b0c5a52e76bca2f1fcf2c0c860af1f3301942b17f1616c3ef81afbfb8988f63fc3855f2a9b9253d10ab4e20464172b4f4d69644251fb871c064d851ea563f15913ad526db275e7e351a5f537ef8ea309edb2bcce5948043f4820204ec034b9000dd520114ddf6ef30fdbbd4132e037152ec1a211b9b78fcf096df37f7b4030df7f7e9206741e14d9b7b5ab46ab19c382095c08968ce0315f258d877f27cd1e770db7d92cd35ff1d503aee412a6ea79d06d4f34cf449d4b48a77255deb162e86903f39115d6ce8106e3b184d556028a2a9c30f160782989fca6db5cc545d8629d5bdbf2397252cc299bdec8814e531db55bed35e9572d9e6cccbb6b4a2fe62e9615d079ba31ba209d5d88f6c4eddcd0ac6f3a49ebced534ffbb4e3cab0139d5160b14eeae4b35dc651717aafc39ee8d1eb68b2f37e8e3666643367525a0119947ec3d06ea913b6c224d32b462b402f04663a4f12fc28e22eb587ed1ad3ba84f29cd615857e171b7dbed5849fa14b4a341468d8b8e6b7468aa97d643d73024bc49b0e4c3b1d8318ccc51e2213b0afabe063290fce86a1d714461f024f9d2d72f951ebf09e667451639a3a9fad2aab50538e18f81c1e2f3a7a06fe31edeee184cf1b1d1b29291ac601516548ebb24432cc01b1e917f673355ca4436e0a5366f7369ac113d6a8775e199372c30a9da568324d6486603b3a77820df2bc77029f485b5a46ecd333586948396d493b1c2eb8fa9db8664790c9214ce14ea007e57fbc36d84899640f77a8beb6649816b28d75062dab680d8ead06eb92654adc6ee8316723ba7af8f3fbe0cfae37d8d596cd62625fa17faeaf7a59a6a39480103556aa7a10c08d367ec65801fdd1847315d5adc50bef97849b84eafaff6e853d2820af467c6a5b72721be46725f7adba7ee5b740ab2152715ad5f4d931ad600c69ffc54d2b384feaf5e5200c3ea5727138775e01c47da8d632e6c845e5ac3f8bb0663b6130e02a1cea050e6b67c2c2551be252d7bb354e26b49207b6a8209d40afb5523ab3fad25069e7b0d0d80ef7d8cbffaf27dc5b4a8c94bb9d50726bfac5777f8ce90dbb0743a62a47c7ccfc43d6d5ba3c5f204d83d12d080cf3bf5ecb24414ab55939c6d9b3b488e99f78099c05780e2265f9d76e90f69817632c7c30fc7448a75ac3dcceff32bb6fa0997efd5fb1a0b38715f709007bdde2bd9b64fc7bc409b6c3cf573d22ba41742f8f22f0defdf251717db55f3a23c20643c6d19c4486b3271e765ada7c37e95b3c7c7a0e58cc00f28aaf2f6dda00b882489a9d59f7bb988a36047b800b8501a829bc6ce38b4c89043b777a5b3c13e813d5942bb0463bbd79fae7d9f326fd4e54872b7a3bd0c70aaa4fca099910c4308fb7e8dc00355757b6ede607606ba9dd6edcd4ca445df05ba5b553c3c96902310c06efda4e84f63ee8f103cce9a100f61f378b12192570d7d31af205d71572d0945eb5feda22c86a89576c4b76bcfbe3096e69084a7d788406b70b22eed036f9e59dd2d603ef7c7f44bd271dae071854b1bae5ff76cea1dc7ae4cf4a4d0a39ba3d7da355f60fff09fc1dcdf2da3c68d5161c1ad4a0189a8cf4448c25aeddebeb9e556e2f3ae65eba2929ca07296eb1cc80ccb85ee85ec20bc944c9de6869194ed4eda1c7567d310d6816451a2861d5f17820806362e0c51dfad9d7842a3f75deb84bbe4c8d28e1f703150c04a0ca026bea01a7289ed62be98285ea7f5e8ebbd84953e5a0b753f1764126ba258c1b3cb8a7b5bf86867f1b1ea8521f3878cb31aeb6a07a34d6ae5db598c0fda3aecf4e224d3aac525b870c5440ad6ebca32c87c94bf4d3ca9dc99bbc4913fb2c12b11a714c0c218843e6152b32448cba623b5f03a9a18ef648ea32cabecab1ed7348c7f7cacd9ccaaecfdf1b972108619a42b2b5a53426e0c4ee4e3ec588afc69df3248171fa69f73ccbba2b592c6b51d3f73475d8d57ae608e1534fe63e1b65e96366d58b065efa34a2f47110230128a81006d93fad38e95b5c9779568d2188dd9b1478ef7e5c9f27181df4947e0d4e2a944fb8bf03957cdf36ea7be1ba2114a6e470ea0e377ebf2b7b1b336870da5b4ec49c08bfa0e3436d158952f7f8d0b4eb86780714b5cdf3f98364f400f04627ff9cc3bf013243098e32179554acddaf43fddcd9c8731d6dc0133751e1103b48efb2a761f7d1566ca88744764f388761d3a06aec40677f1f9b64d4360c031d943ce6f19a3924d821bdab4ddc19184bfd161c08cdd07e7bd3543935d880028e7b4", 0x1000, 0x8000, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) socket$inet6_sctp(0xa, 0x1, 0x84) ppoll(&(0x7f00000000c0)=[{r1}, {r0, 0x8000}, {r0, 0x468a}, {r0}], 0x4, &(0x7f0000000100)={0x0, 0x989680}, &(0x7f0000000140)={0x2}, 0x8) [ 1230.536485] binder_alloc: 18991: binder_alloc_buf failed to map page at 20002000 in userspace [ 1230.552389] NFS: bad mount option value specified: vboxnet1- 03:55:33 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='clear_refs\x00\xb0Ix\xe6\fK\xa3/\xd7\xb9IqK\xcb\xe8\fW\xafYt|a\xa3\x16\x19\xcb\xaf\xea\x03O[k\xb1S2\x86\v\x9f\x14\xc6T\xd1\x01$\x84\xf5\xc9\xd8\xed\xca\xd2\xf0s\xe0\xcaPx\xfcd\xd3\x8d\x1e){\x9df\xa7\x14R\xb9,\xaegV\x96!n\b\xf2\x1e\x87\xb8\xb5M\xa0\xd1\xb5\xf3\xb4\xd6\xf8\xca\xf3J\x15\xed+,\x98\xfc\xbfX\x12\x97\xb3\x1b\xea\xea\xff\xb7gx\xa1\x96\xad\x93\xaa=-z\x06r\b\'') r1 = syz_open_procfs(0x0, &(0x7f0000000bc0)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf\x93\x89t\xf4\x8dB\fI\xe5\xb3\t\x00\x00\x00\x00\x00\x00\x00\x19/?G\xc7\xea\x9a+\x9c5\xbf%32\xe8\x83>\xfa\xb8L\xde\xc6<\x1fs\xe1\xdf\x14\xa2^\xd1\xd9U\xc0\x99$\x8a\'\fx\xa2\xb1\xc9/\xb4\xfdp4\xc3\"\xea\x95\xce\x10R\xa8p\xc6\xdf\xc8|x\x14\xb8\xa2\xbb\xcaG\xebL\x90\xf5P\xc5\x7f\xe2\x97\x1cr\x84\xc7\xba\x86\x96k1v\x17z{\x91+\xe5r0\x0ez4\x12E\xb2[\xb5\x94\x00\x05\x8b\x83Rl\xd1\xec\x89)Xdig\"2*^\xcd=\xdf\xda\x83%4\xe5_q A!I\xbb\x7f\x9c\x13\xff0G\xc9\x92A\xcf\x03\xaa\xc0G\xaerd\x11\xe6\x00\x00\x00\x00|;\xb1@2\xdbs\x8b4Pk\xc2Sl\xc1\x90\xd9\a2eL\xef\x8eGX\x8c\xbbA\xa6') getsockname$netrom(r0, &(0x7f0000000000)={{0x3, @rose}, [@remote, @remote, @bcast, @netrom, @null, @netrom, @remote, @null]}, &(0x7f0000000140)=0x48) sendfile(r0, r1, 0x0, 0x1) 03:55:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x2, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x26}, @exit], &(0x7f0000000240)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0x2f2, &(0x7f0000000480)=""/195, 0x0, 0x0, [0x42]}, 0x48) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x3e, 0x4, 0x6}) 03:55:33 executing program 4: r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x3, 0x8000) ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x0, 0x7, 0x2, 0x80000001, 0x12, 0x200}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x4000, 0x0) mq_unlink(&(0x7f0000000040)='cgroup\xc6em0GPL[\x00') [ 1230.614642] NFS: bad mount option value specified: vboxnet1- [ 1230.633653] binder_alloc: 18991: binder_alloc_buf failed to map pages in userspace, no vma 03:55:33 executing program 1: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r0 = gettid() mknod(&(0x7f0000000200)='./bus\x00', 0x100c, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0xa001, 0x0) ioctl$VIDIOC_EXPBUF(0xffffffffffffff9c, 0xc0405610, &(0x7f0000000080)={0xe, 0x7ff, 0x7, 0x4000, 0xffffffffffffff9c}) splice(r1, &(0x7f0000000040), r2, &(0x7f00000000c0), 0x3ff, 0x4) mknod(&(0x7f0000000180)='./file0\x00', 0x8001420, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x2, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r5 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) splice(r4, 0x0, r5, 0x0, 0xffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) tkill(r0, 0x13) write(r3, &(0x7f0000000240)='#', 0x1) 03:55:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x30]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='\"xt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000280)={0x2, 0x86, "03ccad31094d314e3fab3ee73d220caea6fd1e9a4537a4f7d3541959d5aeffd184c5c8f4a4c589c01fd6e3ddec20f22b8fe06fd668efb875329b50604d97c1a428d33fc741c5d5bcc0c07553b21b22c001ecc9edf70150c3398627ed4e8f938f7dab6edc7b72ca7fd9cd2dd33d90f8cb456dd5947e27db5a7e3575ede64c3da2e44fcd2cc30f"}) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000180)={0x0}, &(0x7f0000000340)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0}, &(0x7f00000003c0)=0xc) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000400)={{{@in=@remote, @in6=@dev={0xfe, 0x80, [], 0x11}, 0x4e24, 0x639a76cb, 0x4e20, 0x5, 0xa, 0x0, 0x80, 0x3a, r1, r2}, {0x47a9, 0xec, 0x3, 0xffffffff, 0x822, 0x20, 0x1, 0x8}, {0x0, 0x0, 0xfff, 0x2}, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d5, 0x2b}, 0xa, @in=@loopback, 0x3505, 0x4, 0x0, 0x9, 0x100000001, 0x8000, 0x4c}}, 0xe8) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x4000000, 0x30}, 0xc) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040), &(0x7f0000000140)=0x4) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000240)='@', 0x1}], 0x1) 03:55:33 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1230.818087] binder_alloc: 19032: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:33 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x10031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) uname(&(0x7f00000003c0)=""/218) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x71, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) mmap(&(0x7f0000000000/0x22000)=nil, 0x22000, 0xfffffbffffffffff, 0x2000000000032, 0xffffffffffffffff, 0x0) close(r0) [ 1230.908262] binder_alloc: 19032: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:33 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0xfffffffffffffffe, 0x4040) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0x9208, 0x0) 03:55:33 executing program 4: r0 = socket$inet(0x2, 0x3, 0x1c) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x5, 0xf0ffffffffffff}]}}}]}, 0x3c}}, 0x0) gettid() 03:55:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1230.965841] binder_alloc: 19032: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0x4008ae48, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x40, 0x0) [ 1231.066049] binder: BINDER_SET_CONTEXT_MGR already set [ 1231.077354] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551615) 03:55:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='%xt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1231.112056] binder: 19063:19064 ioctl 40046207 0 returned -16 [ 1231.129982] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 03:55:33 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1231.163142] binder_alloc: 19063: binder_alloc_buf, no vma 03:55:33 executing program 0: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0xfffffffffffffffa, 0x193400) write$FUSE_INTERRUPT(r2, &(0x7f0000000180)={0x10, 0x0, 0x6}, 0x10) r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r3, &(0x7f0000000380)=ANY=[], 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x11) wait4(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000040)={{0xa, 0x4e22, 0xd4ef, @mcast1, 0x3}, {0xa, 0x4e24, 0x3, @dev={0xfe, 0x80, [], 0xc}, 0x6}, 0x1, [0x6, 0xfffffffffffffffd, 0x5, 0x880, 0x99, 0x1, 0x3f, 0xac]}, 0x5c) socket$inet(0x2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x10000, 0x40000) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f0000000100)=0xffffffffffffffff, 0x4) prctl$PR_SET_FP_MODE(0x2d, 0x0) 03:55:33 executing program 1: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lseek(r0, 0x0, 0x3) pipe(&(0x7f0000000000)={0xffffffffffffffff}) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x0, 0x4) shmget(0xffffffffffffffff, 0x3000, 0x0, &(0x7f0000002000/0x3000)=nil) [ 1231.206217] binder_transaction: 34 callbacks suppressed [ 1231.206234] binder: 19063:19064 transaction failed 29189/-3, size 0-12288 line 2970 03:55:34 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000240)='/dev/usbmon#\x00', 0x9, 0xc000) ioctl$KDSETMODE(r1, 0x4b3a, 0x5) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000004c0)={0xf8, r2, 0x200, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xb0, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x63}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffff0000}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xf98}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x20}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x100000000}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20004804}, 0x40) pwrite64(r0, &(0x7f00000002c0)="0b4c847bacf6e4ab34271b1fedea98da63d4a94a7c70eab1ce3626bf95f758b57911eaa6484c6c0fae40991e20f2544e3a137f6820fc501b04d2a3f2068880f8fda1d6dc383ef633836af964c2424b8ded4430e082819f0289b32c8ccb96a36a8daf1e27619fcbb06619df62bfe8b0dec7561b798c74c5089f11e59318b367db444debef94", 0x85, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) write$UHID_CREATE(r1, &(0x7f0000000380)={0x0, 'syz0\x00', 's\tD\x05\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\xc7\xd0_\x96,\x1fW\xad\x80\x00\x00 \x00', 'syz1\x00', &(0x7f00000000c0)=""/53, 0xffffffffffffff1f, 0x80000000, 0x7ff, 0x2, 0x9, 0x7109}, 0x120) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000000)={0x2, {0x0, 0x0, 0x0, 0x8000}}) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000280)) [ 1231.312575] binder: 19082:19084 transaction failed 29189/-22, size 0-12288 line 2855 03:55:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)=',xt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1231.446119] binder: 19082:19084 transaction failed 29189/-22, size 0-12288 line 2855 03:55:34 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000000cc0)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000d00)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@remote}}, &(0x7f0000000e00)=0xe8) stat(&(0x7f0000000e40)='./file0\x00', &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getgid() setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001b80)=@nat={'XatY\x00\x00\x00\x00\x00\x03\xe0\x01\x00', 0x19, 0x5, 0x680, [0x20000f00, 0x0, 0x0, 0x200011d8, 0x20001468], 0x0, 0x0, &(0x7f0000000f00)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x18, 0x40, 0x1e, 'sit0\x00', 'team0\x00', 'b\x00\x00\x00\x00\x00\x00\x00\x10\x00', 'veth0_to_bond\x00', @remote, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], @local, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x128, 0x198, 0x1d0, [@statistic={'statistic\x00', 0x18}, @ip6={'ip6\x00', 0x50, {{@local, @dev}}}]}, [@arpreply={'arpreply\x00', 0x10, {{@random="b3ce4700db2c", 0xfffffffffffffffc}}}, @arpreply={'arpreply\x00', 0x10, {{@broadcast}}}]}, @snat={'snat\x00', 0x10}}, {{{0x3, 0x0, 0x0, 'vcan0\x00', 'nr0\x00', 'netdevsim0\x00', 'ip6gretap0\x00', @remote, [], @remote, [0xff, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc], 0x70, 0xa8, 0xd8}, [@snat={'snat\x00', 0x10}]}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x2, [{{{0x9, 0x4, 0x892f, 'team0\x00', 'irlan0\x00', 'bcsf0\x00', 'bpq0\x00', @broadcast, [0xff, 0x0, 0x0, 0x0, 0x0, 0xff], @broadcast, [0xff, 0xff, 0x0, 0x101, 0xff, 0xff], 0xf8, 0x130, 0x168, [@owner={'owner\x00', 0x18, {{r2, r3, r4, r5, 0x4, 0x4}}}, @limit={'limit\x00', 0x20, {{0x200, 0x7fffffff, 0x0, 0x200, 0x3, 0xffffffffffffffc1}}}]}, [@common=@dnat={'dnat\x00', 0x10, {{@random="6d3399d12b6e", 0x10}}}]}, @arpreply={'arpreply\x00', 0x10, {{@local, 0xfffffffffffffffd}}}}, {{{0x9, 0x8, 0x8937, 'veth0_to_hsr\x00', 'hwsim0\x00', 'ip_vti0\x00', 'vcan0\x00', @empty, [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], @broadcast, [0x0, 0x0, 0xff, 0x0, 0xff, 0xff], 0xb0, 0xb0, 0xf8, [@connbytes={'connbytes\x00', 0x18, {{0x7fff, 0x5, 0x2, 0x1}}}]}}, @common=@ERROR={'ERROR\x00', 0x20, {"ab1fee3d0930b6614a28e340fc6aa6e65de3f82648f2ff9b7cae019cbba9"}}}]}, {0x0, '\x00', 0x4, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x0, 0x0, 'ifb0\x00', 'dummy0\x00', '\x00\x00\x00\x00\x03\x00', 'ip6tnl0\x00', @broadcast, [0x0, 0xff], @link_local, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0xb0, 0xb0, 0xe8, [@mark_m={'mark_m\x00', 0x18, {{0x8, 0x5, 0x1, 0x1}}}]}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x6f8) openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x501000, 0x0) [ 1231.499414] binder_alloc: 19101: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:34 executing program 1: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x80000000000000) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) socket(0x0, 0x5, 0x0) r1 = socket(0xa, 0x6, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00pI\x00', 0x8}, 0x10) ioctl(r1, 0x8918, &(0x7f0000000000)) 03:55:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = syz_open_dev$admmidi(&(0x7f0000001cc0)='/dev/admmidi#\x00', 0x9ccd, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001d40)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000001e40)={&(0x7f0000001d00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001e00)={&(0x7f0000001d80)={0x68, r4, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x8, 0x6, 0x5}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x5}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_SECRET={0x10, 0x4, [0xffffffffffff8001, 0x81, 0x1]}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x22eb5a82}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1ff}, @SEG6_ATTR_DST={0x14, 0x1, @remote}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) write$P9_RVERSION(r3, &(0x7f0000001e80)={0x15, 0x65, 0xffff, 0x9, 0x8, '9P2000.u'}, 0x15) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000001980)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@mcast1}}, &(0x7f0000001a80)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001ac0)={{{@in, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000001bc0)=0xe8) syz_mount_image$f2fs(&(0x7f0000000100)='f2fs\x00', &(0x7f0000000140)='./file0\x00', 0x7, 0xa, &(0x7f0000001880)=[{&(0x7f0000000180)="a3a99eb6dde622fd2ddbaba3db6faf46c4433240334a44afc989a37b2e0a3e00bc446b26", 0x24, 0x9}, {&(0x7f00000001c0)="0e599eeb59db83e6eb42859ece07eba0183c0a1ff954de439910654abe94765eacf8b24352704ae89634ccaa9babcbf1845457acf82cee316bd24b3d0887d30d82cdc30ac5fa4b9beb077796a422907f1a8cfcbd1ad341909183d4025931f6d76a28608ecd84bff845fb7046a2cb99544f0d0d4e170a23dfbe9cfaf4c10cdcdc1de6ab2c718c17cb85ad07b6385a37cc3178481bdbe8a5530906dc0f08358e32e02a5ce97ad4aae3e83eea8753bfa3f25f670bca99b6f2a4b4000b2a66534319c020e8d40f635b14c22977d7babfff60269d6db2fcd3be13ae2a", 0xda, 0xe3d}, {&(0x7f00000002c0)="0e944f6c1542dab50c33f46415797b524f6062", 0x13, 0x100}, {&(0x7f0000000300)="2e88e838629ac7cb4c0f14539764b4a0f341815a748f361424ea30d2072d060b0b12c25a9b51ff4c67218f341d72ad0ecafbbc0f4cb7fe27667759fa3ca52d64fc379f29e3d7b46ee503df8b0767e935c7c3f376738cf8a388ae73abd8f9be5d9f88b71a759dd75a9d26c8578e1195a21c9ecc903f97fa0070a15d08932b2ff15bdf016698566f6dab03a7e0f1f2576ba9f5293c7da8b5dbf78e65e416d6f24229ec096931dfae9284a2d25ee7b73e17c7be91c7c8105abda350195f", 0xbc, 0x3}, {&(0x7f00000003c0)="0408e55cdb36cd7ccb1b52dc050ff192627d4f4e674dbc243edaf06bc54f5b0fa08eb1286d78d87f1f137db9364234307d3a57f50f5907eb4c15d6b70fbbcab8ee7c02230d26f224918fa80f7cadb2affdc62a69d37920bc558efd4da64563e0a2bd68e5354cd2bb6be09eafee42affbe6fd45efb5294e448c62f81e50ea39aa02d490ea3e5bb1bc08c3c648a8930676a0e52842da527c20f9165542f78e66af4c51f773e3e50e4d41b3c49ad79aa9a8b06f53e0706a037087ec0570429bcee21f008a7f91353c4bf9b35e1cb346b38bf9938688da3ff641b067c400da396d", 0xdf}, {&(0x7f00000004c0)="6f240906a7550dce26aa233c726f401658a52b90de8fa83f284d5f4c88099fb91497bc2a9e83d14846f3f60e2cc41b7831c13ed7f72ef9ecba1d04ee941bd31554725c9812bd9d3e9877ea893405327355e78755a2af9a619f1dab51e53bdd4d438e3e0bb8c81776c69552a56fa6d80d311c8ae4d2c1d09c9586bf61213f2cfcf0f777158d5d7443b215dc767b7b9460389413e2f925dfba9ec30a7a4db104f8040350c0565d33ca668cfa63365c2a40ea29e43bf48277307c3fd83aadf38eea67d0b85dcbf635380fc023db880b98cd16e0546fbacfa5e95d0444026ea04792f9378d", 0xe3, 0x82f}, {&(0x7f00000005c0)="b2e5098e36889ee1c219ebe6dd6fd147f56dde1f82481850fac79d2ce3737b2f6dcc4f571bfd03c505f59685401fc114cd0c67deb0343d2680ab470cb88df647897941161d2ae75a90dfb049ad8c4d7e996f1e2011b2302f63d8ee15f79baca47013617a3989338b54e78a4701a8ca37c689d445b3ce3f93b97758f367e6bcaba3de2e67a2946d8df402bd55ca9d37014adda58afc37dcc0d8d0c22ff7040fb0888de9202ed1688053acd05353a48d9ee8f46cdf57a8909c306713eb1bfe62705c0a0ce4511826776619fe835409fc8743821c647bb88c4b70302ae0790502a4806caea6bd5eb5ab723b9818b27e8cc1bd586a8882c0f21fa81255e54402", 0xfe, 0x5}, {&(0x7f00000006c0)="998617e9fe74e85ab2bfc13d0d96c597fa4fe789561f6186c398132148e9ff18999d5a48882d4c79356bef1253da9c98cfc19d9ca09e3e36af73a185380fd7669c39ad681b7a292cb81775d8beb68d0fd189030ed7923c434013d559d86660d0797630099d45ee042d65f0445483868340318999230d346b3e1b3978dce2797143acce3bf99f", 0x86, 0x85}, {&(0x7f0000000780)="23cd33f05e3c49b04cd9cafc1dc20e66c8d42f0bbac48be033e6982a839de25b7dc7e4261e9244473edcd892d05c495467ad4a3f36910731966ce39d4eaa4e9b225cd1ef8fdddf93d5f978a36051b439ef608b4d1c0cc5b19fdb2642d07d5da61dd2ec1220b6eeaef528f908551d90ff9c64ba17ff62b018f0be4f3bf61cce992646f0e34bb36401e2bee91beb7ef8c0aad3eed25ebad25f3ac0708ca20bb0b9b7766594908198ee7055bd7788df69baf10889914286fda282381d13e9173247655f354de8a5", 0xc6, 0x237}, {&(0x7f0000000880)="16aeb24c1cf9bd6fac1488094237f8e8a8e8ca70f8a7ca2962805cd2bc94ab9e838606367f2fa84e542c52e946dfbb92aeae692d7a8305583348fbf73f8d7311f10a27c3cf0f86f73d9958636c3ce22019f90393e4a8da827cdf8a083de5171be5b153380da8da45f008149f1ca5a1fd23a64004b68e846f175218867c7c12f02f90eac5f14c33aa310dfbc28005dcb171cc21631ede3cbdb5ae8baecfb99e8c7885533fbef009425383c6e2fdc2fde7a82c00ea7f134ecb16522fac4603001fb14dbe56fc4936b90adf452d9e08e37379361e5f02899a4c643c64f1f850b26d176c21d7d0299a4a6cfc167bcff268eb7be32832a3976c41a40c2a42dd7fedb8e1eb771e4b5d8ece0c18c4f5d7f1a7e5e765953ca23c5b43334428a9512c361082464312f926f3435fcd6f6f259731446e4423a2d61d6edffdc8ced72156b7222ee75bd249f5ac32104bbed3b6f51a83e27a0e359b624cca38506fb13cd29cb3998f2a0d302997deb0e1d0cf5cc06c9b5c173bec5b1bdd45830c428d7cff1f1341d0757cfd5635d723851863e3704335bd628049013bfd7f84fb0918858f6ca586a0d7db27a9be6fa34dd90f4cb1151c535cab71d20238481f2b16973f46166495f36b367c8744e438f9f07d56949e237c833d4e34dcdc0cb38282a67f5341d2d404843a6cc73a3a278b7e346e56f7d03f037f418ebfd88f7366056c985ff2044f35fb279554b05c00f347215eab1914ffd1cfc2d2b05e708cf534b074cfb251b8d637f4f7749c9504a3d0cab501e5ed86e7dad493911463991c44f74f8e52224cf7d66629d4c0f0171bdcb8ee539e1c8164344478bc4e0535c81419b403e2313195c62b2f59d2f8dec059b2e834bb449c630022b4fb53f95f0db48c64075fef21624eba1b04693172d6f5896c3791cdc1abfdf0ff03ae69201e7c57f056813440e426505988323b19dc5f755468af859e8a33bc84012c3a4f2e5617f563cdfbcda795b91aac48285034ca323ce1443a0bd5f722c500f65b3750806dfa6884cdb466482f9a67870e19ae4502ab5b04b29ef667a219a884efe9b33a4eee0ce26f5692433e3297012b123949022e95469b314f1f7b3ae320c6af2fa08d245fcacb62be28cc0b09696850d223d3b857432b88d635397d91c101d26894c91b676efd5aa8beaafe2edc8060af9713eab87acd06742979fd951565fc425dba38dc0c7f07f98280a1068a5b1efabeec0b5be8ca96c7d269688a9c053d066aabde1f443d8adf76fa49a83eb2c6cf7cd923954bcd34450525d88ae367fa40ae17df2459c0b41d7d47e5ac35bfb4def1334d0bda64af4f1ac1b3a5526a8b898e9b48f01b4915c99764e61ce0dc1b1ffdb3d861ff2a120993f0d4f7f1cc3593c246315bf4850a8052f479fad81ae050b463dd3e9e413035b0496a98e70b0922c7ca9218008a5276d18e4cd717283dc2c28600032836cb020415416adf215728d1884945fadc8e9d869b037ec858c0a0adf621c283464e9f0c5ca8e8151dead278a226f929172f0c11a101b7cce98c519d031f1238ad01daea4c6ad6bd4fe6651b3072ddbdc902019cbecdaef215594463bc6551f00b50d7bc5530ff77175152aa32bbbdaca0a0cebbc9de0420a1a80dd01fadc40dcb2465b40a8c5d0cd7cf0bc7cc6875b898c50aab2ff9987afb82d6f89d6b7e40db24e961f50334b16b88c9f7a6362f3c0cf9757a491b859e302be53b76d00335b8ad16ec4c5f39153fe9cfac62ba3751208d60c4aff53e2964a22b1c2e7ec329b531087051f72763f8385da8a4ba5e72de26578509d29dd300e868981c33419d9f14863256907811675693dab7eacdfff6dd60bb1ec289933055215b0d698d7f05b185c04b9cfad900a9400da85fa59037ad96cea7c330f62fcc30d524fd2aabc70d96af2a4986a7b59cc69f8c0f02818e4045181ce46b01d08930684ac6b978ee19227dd6a1ed74a245f9d1871c301c52c978a3c85e9a68c7e974256389fee83577d507385b9f05f30a3dd7eb871bc26873e310b23868de6d87671eb184e243be0dee84a9c50efe773de090307977fd48d5a76903fc8e8fd06546b502011ffad3d3ccdee3d4b88adb37959119961441bf98231035f59eecdc0e66a9cff70605856592859c39d9a523a45142fc52d883ddd2ae4f56fe2de618d62a90f5b094c3212d401838ae24075f8a7604e00d4f8bb368acea187271552d875446b219e9f7110070519016b455c8c318688d695d138a86047a39467414ba505da3eae6fee7c16c5de0393faa3c005293fb673cfeb5fe3ddf25fc0261aee4785f4d9f9038384d91445b5987c48d59f95ab8b18fc095078ba0be805569463442f3f0f3499f776af2d6d54cb074b7539a62174b5cb3161842897709f027889244a841f7febfc9c3425d307a88f6b8c5d3a398918f41ac45c0a9ad5257b72457bba09cf6826a824d1f91fc9a0273a5e122107970c0aec09aa18f95bce8f55933e908b43edea3e066254c2d9c930176bbe7d5321245b09fca9010c27f35b4d527fa9deeae7a93b4a8c634a4538ab0986ee1ced0c725eca1bc97a88a33be4c553245c5edd4e4420738c954f94a5288b03ffd33b701ea6a0a8572c42047ce3f18f8f4df46e75092134493f6567260aa6d4d18f8025e4958dc0d18f266b2d613ab2469eab02ea9da9dca847036b67514c805775316376d8f2f16ae4d621de31af4e37a5568223f0fc6478c4beb5b7a2f69ef754f9b4f99dad62401c07d987ca7a483836f861576087a23aef2b3c08f97dd2458e43451f97f4e09095b7a14e68ac741f53bed5e4a0830c6683d804e40cc596a508d28b8269ebd4cc6c2595b346b3b8f554873036fa8e3386fa8c8f05ceee86371c0f43c5aa00b534a35fe6505716ffd220687b6f5886eacb815b9878e342b12088bce682577db89503037a0e11a80fdb596d1d2e71fbf7488768c5eeb48288cc8d6df83e925029f5bd98aeee83e64bfa5a703af08eff06f17f86159207363bc4937db99bfd470e6f3e24c549f46c24477a9eeb2f30c7a0a4e302b15d6de72359b6dcabd7d358d06776f89a927ca414f5abe052f2165a12f87ffdd78d139e3b8fbe3e2d280529a4c4b078432d08feaba4d193a814d809b4382e1f9bd43b8a7f6177ed7c3132c06b803d4eeb6223d7c5684a584c58932cde04e64b501d973e4c09cadec7d1fe00fbb6627bed6b887009b5d408072589d09af239b0e09d0ecbed5f16d93d0b685c025c1e6b1b817e4802d0bb2b7f2fc23644db17aaf875cbd3742a1ba9717f8a2ce2e566668113fb38be7b3a48150d2a8c5fa1a4dca3a1387fba20e2f079180a8b961031e337453457c11957c15bd26ca8c27eb89761df05ff94c94d8ba485fa7b98180da78970df59b5e5a38e5562d737c371a9736d70437b5a3124871139f94c912b3d864e9622c11b8fb8942ae00846d575b70b9db31d7093f8211c0ef9a2bea14f4a747acb8e932d89742cb326493972d43a179e5dc3ddc02b34f7783da2a8eb335e993d0d1eedd10e0c7ac819db1f68b29398a63caea43f4a99addf154b9487b2db181981ccd565f1604cf2c8de6279c0752823905227676ebf990194c2ec20a6fa1348bb17470414578820ad931a96f1775a74150f509d9114003b1724a2d6da92b8f961223ff2c7d8e19e21f2868376cd7b4a8dd991ddb75db5da8ee90f58cbd74a8ffa54e1651ea8233773a64e02909cb0e8f633ca9edd289b86f5e321dd65deaee7b8f5f5d1c521c8fafd1cd5472963a6106cb3908a3e928a00acd08fdcc67523718f284356a3ae41a58335f085288403750318ab9d98fda0c2cd40224c931e55ea2199597afe786c1c8df8a9a020c550068201ca67c0f73dc8a07d5798b1090f5182b9e8154aba1026a905535dce460fe6aae4424787eab852ab72bb76dfbb2e3b12e0c3a9eb2aecafe57f6e8cf7b0b2a53d2ff865242f8d64f7e273272a38c8452c8efdcc48f257ade9ae77244eb695f7743586b88c01d3b9537e0eaad43062bc97fcc4b8d7e96058de33f2a7cd25e2d6809f6e49bda6a0c39c22fe4cf5e2aae6d2fde357b1cf54eb546f73f1828cc7e79eb642408be7e52eafdfb8aa210bb842674e369b4a0897cb493c280cf510d724a39c6a1fed7ea338751a0fcabd9fe4ba1b95621bc486b7873b393031719318d4b9fed27439a42769b00edc00c70bcb58a96ad9c4e56a49833f6612a0f52a7034e0113e22c87a1cf2070990b1bdc84ed0e5ebc7a00b4f5c909fe840c94224667fa50e142949c1cb5a2ff5a67e9b549496197bffc1f01c15a85ae248312deb58e1489374bbdb0729e6429420adc76c2b7e23c04d81d940d2b3be3165475141c716190a4f28f1307a95508289ba72d7f3a306621684b506d9fd9472e6b14e7ce6af6b4c2c0f4285c885a462cba582d54f749366055faa0aa96991feacbeb21e063b38fa6542074ac0f9ae40901afb95c572fee5ca6698140892b1ba66ba218b8fcd41b7dbc7bf5a33beeffc03029fae0a3856d38f21f8df1cc53afbad768838da7293ad7329698a5146703a81fc08cc230339ab63f12c5cdb9b1ffe116cad87f4b18c73f9b6ed80e14f666143787fa412392ad5f3034481650a0edc50ca2553e8bb8476660642855ff9711fb5074e75a5f597e854c7d79b675e80208acf029ec9a7bec50998bfa0eed2f88d3eeb4f83c57a8aa21e73343713b7defc4441732772ad8fee381e791709833115da1650509359d0012f89e3116723aaa3e057f082ceae8748a99e7f7d5975605ff9b66c6ca809802ee6173a3f35bdf502ffb356357a7c949bcb298f377fa15c1525d6f78a6332ca36c6ae446ef8aa982564ded1918d39b8759e46686bcd6c00c0654afa844817ba1660a3b11fa311e2d2a3d02872849ad7c52d4cd8a992a8f829489359331fad7076f524e8be65b5a5e43c0478d0a3c1c97bebffd9018b7b7ac8a8427865ca5bffb30f43bf854c3a7b8e6e388956d8c5d594f5d081e7c9ea241e970e5a0a1df440f6923a8cfa1c9b22a15136aa674a6fe47a6c9e6bfef5176d5c2141dacdf763029889eef309242e490b2e2405cfb8b59bc8c4d6fd41291ab16fadf219b2085899479e336dc5a7997b71df2c4ac6d04857e42a694bbe6b871941128bac9528d81a871aa9ba8515b467b88117a1b55de09d04dac11e6425885215a0c72f81b3ae3ce21da46a61eb2dd2c16c8718be908c3d096fb7eebef4493d21dfe7b6d53493abcf0a535d326961dee771a3b7d123a363e615b33979955774ae8836a567e717f0dd24c747721334a794e80ab16f7e58a7e5c90c7fb9b803f6360f27aa3e5392a783d28403d1a44d35d182c9cdf8231c03db7abe9de3342c368e80fde6938f2f9954c6eeafaebd04e5d1852f47248ca191c41ffbb4ee308cd5b49d59f2dd6a740b586b88eb379a05158ec8ded9cf8f73e70c4f776fe4488a8f8c73add81808e38b8ecc0968625b37f70239c356027d8cdeff5dd0c8cdcf18b930792d91e0bc7820bcabf204b30cfba79400252a663ce79d242fda4a99580e319693d0ab673fd882ab781ef8321bf474966713eea23f339c74f096bb73f51c33bce7bce7bc18708d5c9342d945d29eed2d89d07a7573bbdc556d79c0a6b7c9c1c8adee105fdab3c249fd5fe26f278a5a6461ee6c2fd48bb3cc06a3feb7237f49cd7bdf852492389f6e840d6b685450396b14e0b937780c0835da3affd14da50d9b2c7d5e161fed22648f3bde4105270eea5eb9606b2e66f4b6a19f884247a52e2e64ee5", 0x1000, 0x1}], 0x800000, &(0x7f0000001c00)={[{@nobarrier='nobarrier'}, {@adaptive_mode='mode=adaptive'}, {@extent_cache='extent_cache'}, {@lazytime='lazytime'}], [{@uid_lt={'uid<', r6}}, {@fowner_lt={'fowner<', r7}}, {@appraise='appraise'}, {@subj_type={'subj_type', 0x3d, '/dev/kvm\x00'}}]}) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000071, 0x0, 0x1b, 0x4800], [0xc1]}) 03:55:34 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xfdfdffff]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1231.545919] binder: 19101:19103 transaction failed 29201/-12, size 0-12288 line 2970 [ 1231.615678] binder_alloc: 19101: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:34 executing program 0: openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x14981, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x100000005, &(0x7f0000e3dffc)=0x7, 0x4) getsockopt$inet6_tcp_int(r0, 0x6, 0x80000000005, 0x0, &(0x7f0000000000)) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000100)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000", @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000041a92d64601fa7aef2480530e4762b22c715639adb0917ac72ea51d43ded12ad249c6b82a05dee6736cd92538a5c204d4370f852230ed421e723a79d48a9eb22bd59580b6a166ee8fe63f5be267be32cfc40800cfd629c5220495b6c4e2b6208b7153be3affcadbcdca7953b2855ac09c60ac04ab1d9f49c1b6bc88d3b1873b4dbf8c9d2bc431a00000000"], @ANYBLOB='\x00'/40], 0x98) 03:55:34 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0x108) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') ppoll(&(0x7f0000000140)=[{r1, 0x4008}, {r1, 0x4000}, {r1, 0x108}, {r0, 0x14}], 0x4, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0), 0x8) preadv(r2, &(0x7f0000000100), 0x2df, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) [ 1231.663863] IPVS: ftp: loaded support on port[0] = 21 [ 1231.674740] binder: 19101:19103 transaction failed 29201/-12, size 0-12288 line 2970 [ 1231.726001] binder_alloc: 19101: binder_alloc_buf failed to map pages in userspace, no vma 03:55:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x60]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='dxt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1231.796049] binder: 19118:19123 transaction failed 29189/-3, size 0-12288 line 2970 03:55:34 executing program 4: ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) open$dir(0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r1 = socket(0x200000000000011, 0x3, 0x0) inotify_init() ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getpeername$ax25(r1, &(0x7f0000000200)={{0x3, @rose}, [@bcast, @bcast, @default, @null, @null, @default, @null, @netrom]}, &(0x7f0000000280)=0x48) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0x30, 0x5, 0x0, {0x0, 0x0, 0x0, 0x9}}, 0x30) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f00000000c0)={{0x16, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e24, 0x0, 'dh\x00', 0x14, 0x22, 0x1e}, {@multicast2, 0x4e24, 0x0, 0x8, 0x4, 0x7f1}}, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000500)={'sit0\x00\x00\x00\x00\x00\x00\x00\xd6\x00'}) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000180)) ioctl$BLKPG(r0, 0x1269, &(0x7f00000001c0)={0xfa, 0xfffffffffffffffd, 0x3d, &(0x7f0000000140)="077333f601efcae273240dbbd67b85a059882a36ceec90b622ea6576469f0ff605bf96e16364f9b0efff910b7bfaa7285b04bcf9e72f72c09372d9d0d9"}) [ 1231.854464] binder: 19118:19130 transaction failed 29189/-22, size 0-12288 line 2855 03:55:34 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xfffffdfd]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1231.919017] binder_alloc: 19136: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:34 executing program 0: sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000002e008183ad5de0713c444d000a0000001000034014000000000f000037153e370000000060000000d1bd", 0x2e}], 0x1}, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) recvfrom$inet(r0, &(0x7f0000000480)=""/192, 0xc0, 0x40, 0x0, 0x0) clone(0x80008000010ff7e, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpgid(0x0) r2 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r2) mknod(&(0x7f00000000c0)='./file0\x00', 0x1048, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) ptrace(0x10, r2) [ 1231.960998] binder: 19136:19137 transaction failed 29201/-12, size 0-12288 line 2970 [ 1232.040630] binder_alloc: 19136: binder_alloc_buf failed to map page at 20002000 in userspace [ 1232.077223] binder: 19146:19147 transaction failed 29201/-12, size 0-12288 line 2970 [ 1232.088674] binder_alloc: 19136: binder_alloc_buf failed to map page at 20002000 in userspace [ 1232.117001] binder: 19136:19148 transaction failed 29201/-12, size 0-12288 line 2970 03:55:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1232.148720] binder_alloc: 19136: binder_alloc_buf failed to map pages in userspace, no vma 03:55:34 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffff7f]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1232.255406] binder_alloc: 19165: binder_alloc_buf failed to map page at 20002000 in userspace [ 1232.337993] binder: BINDER_SET_CONTEXT_MGR already set [ 1232.367195] binder: 19165:19166 ioctl 40046207 0 returned -16 [ 1232.682351] IPVS: ftp: loaded support on port[0] = 21 03:55:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x2000) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000840)={@caif, {&(0x7f0000000700)=""/253, 0xfd}, &(0x7f0000000800)}, 0xa0) select(0x40, &(0x7f0000000080)={0x7, 0x5, 0x100000001, 0x6, 0x2, 0x2, 0x3f, 0xff}, &(0x7f00000000c0)={0x3, 0x5, 0x10000, 0x9, 0x3, 0xfffffffffffffffb, 0x3, 0x2}, &(0x7f0000000100)={0x100, 0x5, 0x5, 0x3, 0x9, 0x6, 0x81, 0xfffffffffffffff8}, &(0x7f0000000140)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, 0x0, 0x0) 03:55:38 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x100000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:38 executing program 0: madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0xa) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xc) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:55:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='fxt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:38 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x10) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f0000139000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) fanotify_mark(r0, 0x80, 0x8, r0, &(0x7f0000000000)='./file0\x00') writev(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000e8f000)='./file0/bus\x00', 0x0) [ 1235.577629] binder_alloc: 19194: binder_alloc_buf failed to map page at 20002000 in userspace [ 1235.612432] binder_release_work: 36 callbacks suppressed [ 1235.612440] binder: undelivered TRANSACTION_ERROR: 29201 [ 1235.613062] binder_alloc: 19194: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000500)=""/194, 0x4f}], 0x2, 0x7fffffd) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_tables_names\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000269, 0x10400003) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000180)=@assoc_value={r1, 0x9}, 0x8) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) write$evdev(r0, &(0x7f0000000040)=[{{0x0, 0x2710}, 0x5, 0x1, 0xfffffffffffffff8}, {{r2, r3/1000+30000}, 0x0, 0x61d, 0xfffffffffffffbff}, {{0x0, 0x7530}, 0x3, 0x4, 0x5a6}], 0x48) 03:55:38 executing program 4: unshare(0x8000400) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(0xffffffffffffffff, 0x400442c9, 0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) socketpair(0x3, 0x0, 0x0, 0x0) acct(&(0x7f0000000440)='./file0\x00') unshare(0x8000000000000ff) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = mq_open(&(0x7f0000000080)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f00000000c0)={0x0, 0x5, 0x71a}) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f00000021c0)=""/4096, 0x1000, 0x0, 0x0) 03:55:38 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="123f319bd0700000000000") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x8e00, 0x2, 0x0, 0x40000005}) [ 1235.729263] binder: BINDER_SET_CONTEXT_MGR already set [ 1235.743662] binder: undelivered TRANSACTION_ERROR: 29201 [ 1235.758921] binder: 19194:19195 ioctl 40046207 0 returned -16 [ 1235.771774] binder: undelivered TRANSACTION_ERROR: 29189 [ 1235.799258] binder: undelivered TRANSACTION_ERROR: 29189 03:55:38 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e#t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:38 executing program 1: r0 = socket$inet(0x2, 0x2000000080002, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={r0, 0x0, 0x0, 0x2c4622cd, 0x2}) socketpair(0x1b, 0x4, 0x8, &(0x7f0000000380)) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={0x0, {0x2, 0x0, @multicast2}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @initdev}, 0x4}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x101000, 0x0) socketpair(0xa, 0x6, 0x4, &(0x7f00000003c0)) setsockopt$inet_mreqsrc(r0, 0x0, 0x2e, &(0x7f0000000340)={@broadcast, @broadcast, @multicast1}, 0xc) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x1a) getresgid(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000280)={0xa0, 0x0, 0x6, {{0x1, 0x3, 0x80000001, 0x1, 0x0, 0x6, {0x0, 0x7, 0x80000000, 0x8, 0x3, 0x7, 0x2, 0x8, 0x80, 0x8, 0x0, r2, r3, 0x9, 0x2}}, {0x0, 0x1}}}, 0xa0) [ 1236.028025] audit: type=1804 audit(2000001338.690:290): pid=19226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir822172419/syzkaller.haia9v/1635/file0" dev="sda1" ino=16671 res=1 [ 1236.091011] [ 1236.092687] ====================================================== [ 1236.099031] WARNING: possible circular locking dependency detected [ 1236.105744] 4.19.37 #5 Not tainted [ 1236.109292] ------------------------------------------------------ [ 1236.115614] syz-executor.4/19226 is trying to acquire lock: [ 1236.121413] 00000000c1debe94 (&acct->lock#2){+.+.}, at: acct_pin_kill+0x27/0x100 [ 1236.129076] [ 1236.129076] but task is already holding lock: [ 1236.135052] 0000000041409a93 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 1236.142615] [ 1236.142615] which lock already depends on the new lock. [ 1236.142615] [ 1236.150943] [ 1236.150943] the existing dependency chain (in reverse order) is: [ 1236.158564] [ 1236.158564] -> #2 (sb_writers#4){.+.+}: [ 1236.164047] __sb_start_write+0x20b/0x360 [ 1236.168728] mnt_want_write+0x3f/0xc0 [ 1236.173047] ovl_want_write+0x76/0xa0 [ 1236.177545] ovl_link+0x7c/0x2d5 [ 1236.181433] vfs_link+0x7a4/0xb60 [ 1236.185757] do_linkat+0x550/0x770 [ 1236.189828] __x64_sys_link+0x61/0x80 [ 1236.194167] do_syscall_64+0x103/0x610 [ 1236.198584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.204287] [ 1236.204287] -> #1 (&ovl_i_mutex_key[depth]){+.+.}: [ 1236.210727] down_write+0x38/0x90 [ 1236.214719] ovl_write_iter+0x148/0xc20 [ 1236.219227] __vfs_write+0x58e/0x820 [ 1236.223472] __kernel_write+0x110/0x390 [ 1236.227972] do_acct_process+0xd37/0x1150 [ 1236.232734] acct_pin_kill+0x2f/0x100 [ 1236.237065] pin_kill+0x18f/0x860 [ 1236.241043] acct_on+0x574/0x790 [ 1236.244937] __x64_sys_acct+0xae/0x200 [ 1236.249359] do_syscall_64+0x103/0x610 [ 1236.253773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.259478] [ 1236.259478] -> #0 (&acct->lock#2){+.+.}: [ 1236.265143] lock_acquire+0x16f/0x3f0 [ 1236.269468] __mutex_lock+0xf7/0x1300 [ 1236.273879] mutex_lock_nested+0x16/0x20 [ 1236.278465] acct_pin_kill+0x27/0x100 [ 1236.282784] pin_kill+0x18f/0x860 [ 1236.286755] acct_on+0x574/0x790 [ 1236.290647] __x64_sys_acct+0xae/0x200 [ 1236.295057] do_syscall_64+0x103/0x610 [ 1236.299466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.305169] [ 1236.305169] other info that might help us debug this: [ 1236.305169] [ 1236.313321] Chain exists of: [ 1236.313321] &acct->lock#2 --> &ovl_i_mutex_key[depth] --> sb_writers#4 [ 1236.313321] [ 1236.324642] Possible unsafe locking scenario: [ 1236.324642] [ 1236.330724] CPU0 CPU1 [ 1236.335477] ---- ---- [ 1236.340570] lock(sb_writers#4); [ 1236.344049] lock(&ovl_i_mutex_key[depth]); [ 1236.357074] lock(sb_writers#4); [ 1236.363061] lock(&acct->lock#2); [ 1236.366607] [ 1236.366607] *** DEADLOCK *** [ 1236.366607] [ 1236.372688] 2 locks held by syz-executor.4/19226: [ 1236.377524] #0: 0000000088f64ed1 (acct_on_mutex){+.+.}, at: __x64_sys_acct+0xa6/0x200 [ 1236.385802] #1: 0000000041409a93 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 1236.393819] [ 1236.393819] stack backtrace: [ 1236.398343] CPU: 1 PID: 19226 Comm: syz-executor.4 Not tainted 4.19.37 #5 [ 1236.405357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1236.414900] Call Trace: [ 1236.417506] dump_stack+0x172/0x1f0 [ 1236.421151] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 1236.426530] __lock_acquire+0x2e6d/0x48f0 [ 1236.430725] ? mark_held_locks+0x100/0x100 [ 1236.434963] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1236.439548] ? retint_kernel+0x2d/0x2d [ 1236.443457] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1236.448226] ? retint_kernel+0x2d/0x2d [ 1236.452112] ? acct_pin_kill+0x27/0x100 [ 1236.456103] lock_acquire+0x16f/0x3f0 [ 1236.459909] ? acct_pin_kill+0x27/0x100 [ 1236.463887] ? acct_pin_kill+0x27/0x100 [ 1236.467873] __mutex_lock+0xf7/0x1300 [ 1236.471668] ? acct_pin_kill+0x27/0x100 [ 1236.475648] ? mark_held_locks+0xb1/0x100 [ 1236.479799] ? _raw_spin_unlock_irq+0x28/0x90 [ 1236.484322] ? acct_pin_kill+0x27/0x100 [ 1236.489802] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1236.494564] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1236.499245] ? retint_kernel+0x2d/0x2d [ 1236.503145] ? mutex_trylock+0x1e0/0x1e0 [ 1236.507237] ? pin_kill+0x13b/0x860 [ 1236.510875] ? find_held_lock+0x35/0x130 [ 1236.514936] ? pin_kill+0x13b/0x860 [ 1236.518570] ? retint_kernel+0x2d/0x2d [ 1236.522460] mutex_lock_nested+0x16/0x20 [ 1236.526521] ? mutex_lock_nested+0x16/0x20 [ 1236.530757] acct_pin_kill+0x27/0x100 [ 1236.534573] pin_kill+0x18f/0x860 [ 1236.538031] ? pin_insert+0x60/0x60 [ 1236.541920] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1236.546779] ? finish_wait+0x260/0x260 [ 1236.550677] acct_on+0x574/0x790 [ 1236.554049] __x64_sys_acct+0xae/0x200 [ 1236.557941] do_syscall_64+0x103/0x610 [ 1236.561833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1236.567118] RIP: 0033:0x458da9 [ 1236.570320] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1236.595326] RSP: 002b:00007f46afb33c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 1236.603062] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 1236.610352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000440 [ 1236.617633] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1236.624930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f46afb346d4 [ 1236.632391] R13: 00000000004becd2 R14: 00000000004cfa50 R15: 00000000ffffffff 03:55:39 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) [ 1236.646763] kobject: 'gre0' (00000000669f18e5): kobject_cleanup, parent (null) [ 1236.655481] kobject: 'gre0' (00000000669f18e5): auto cleanup 'remove' event [ 1236.669864] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1236.678762] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1236.682119] kobject: 'gre0' (00000000669f18e5): kobject_uevent_env 03:55:39 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) 03:55:39 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) [ 1236.714016] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1236.723601] kobject: 'gre0' (00000000669f18e5): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1236.741303] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1236.758938] kobject: 'gre0' (00000000669f18e5): calling ktype release [ 1236.765566] kobject: 'gre0': free name [ 1236.770245] binder_transaction: 9 callbacks suppressed [ 1236.770262] binder: 19235:19236 transaction failed 29189/-22, size 0-12288 line 2855 [ 1236.784515] kobject: 'rx-0' (00000000dced9ad4): kobject_cleanup, parent 000000001c5c668c [ 1236.790830] binder: undelivered TRANSACTION_ERROR: 29189 [ 1236.801037] binder_alloc: 19237: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:39 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) [ 1236.809831] audit: type=1804 audit(2000001339.470:291): pid=19230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822172419/syzkaller.haia9v/1635/file0" dev="sda1" ino=16671 res=1 [ 1236.838590] Process accounting resumed [ 1236.841213] kobject: 'rx-0' (00000000dced9ad4): auto cleanup 'remove' event [ 1236.855664] binder: 19237:19239 transaction failed 29201/-12, size 0-12288 line 2970 [ 1236.856643] binder_alloc: 19237: binder_alloc_buf failed to map page at 20002000 in userspace [ 1236.872413] kobject: 'rx-0' (00000000dced9ad4): kobject_uevent_env [ 1236.872424] kobject: 'rx-0' (00000000dced9ad4): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1236.872431] kobject: 'rx-0' (00000000dced9ad4): auto cleanup kobject_del [ 1236.872464] kobject: 'rx-0' (00000000dced9ad4): calling ktype release [ 1236.872470] kobject: 'rx-0': free name [ 1236.872512] kobject: 'tx-0' (00000000bc23a9d3): kobject_cleanup, parent 000000001c5c668c 03:55:39 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) [ 1236.942898] binder: undelivered TRANSACTION_ERROR: 29201 [ 1236.952456] kobject: 'tx-0' (00000000bc23a9d3): auto cleanup 'remove' event [ 1236.964961] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1236.966161] audit: type=1804 audit(2000001339.510:292): pid=19238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir822172419/syzkaller.haia9v/1635/file0" dev="sda1" ino=16671 res=1 [ 1236.998272] binder: BINDER_SET_CONTEXT_MGR already set [ 1237.003083] kobject: 'tx-0' (00000000bc23a9d3): kobject_uevent_env [ 1237.003976] binder: 19237:19239 ioctl 40046207 0 returned -16 [ 1237.010129] kobject: 'tx-0' (00000000bc23a9d3): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.029666] kobject: 'tx-0' (00000000bc23a9d3): auto cleanup kobject_del 03:55:39 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) [ 1237.036841] binder: 19235:19236 transaction failed 29201/-12, size 0-12288 line 2970 [ 1237.044893] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1237.061465] kobject: 'tx-0' (00000000bc23a9d3): calling ktype release [ 1237.068630] binder: undelivered TRANSACTION_ERROR: 29201 [ 1237.087013] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1237.093501] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1237.112893] kobject: 'tx-0': free name [ 1237.119890] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1237.131965] kobject: 'queues' (000000001c5c668c): kobject_cleanup, parent (null) 03:55:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:39 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:39 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1237.143356] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1237.160590] Process accounting resumed [ 1237.161910] kobject: 'queues' (000000001c5c668c): calling ktype release [ 1237.182917] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1237.217081] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1237.220080] binder: 19277:19278 transaction failed 29189/-22, size 0-12288 line 2855 [ 1237.233585] kobject: 'queues' (000000001c5c668c): kset_release [ 1237.243417] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1237.254833] kobject: 'queues': free name [ 1237.263915] kobject: 'tunl0' (00000000abb87d0d): kobject_uevent_env [ 1237.267113] binder: undelivered TRANSACTION_ERROR: 29189 [ 1237.274301] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1237.281001] binder: 19277:19278 transaction failed 29189/-22, size 0-12288 line 2855 [ 1237.293407] kobject: 'tunl0' (00000000abb87d0d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.300313] binder: undelivered TRANSACTION_ERROR: 29189 [ 1237.307016] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env 03:55:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e%t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:40 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) epoll_ctl$EPOLL_CTL_MOD(r1, 0x2, r1, 0x0) 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) 03:55:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1237.315795] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' 03:55:40 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1237.358419] binder_alloc: 19287: binder_alloc_buf failed to map page at 20002000 in userspace [ 1237.365393] kobject: 'tunl0' (00000000abb87d0d): kobject_cleanup, parent (null) [ 1237.375613] kobject: 'tunl0' (00000000abb87d0d): auto cleanup 'remove' event [ 1237.400334] kobject: 'tunl0' (00000000abb87d0d): kobject_uevent_env 03:55:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1237.415437] binder: 19287:19288 transaction failed 29201/-12, size 0-12288 line 2970 [ 1237.422933] kobject: 'tunl0' (00000000abb87d0d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.437328] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1237.441886] binder: undelivered TRANSACTION_ERROR: 29201 [ 1237.443930] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) 03:55:40 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1237.450505] binder_alloc: 19287: binder_alloc_buf failed to map page at 20002000 in userspace [ 1237.472880] kobject: 'tunl0' (00000000abb87d0d): calling ktype release [ 1237.480203] kobject: 'tunl0': free name [ 1237.485503] binder: 19287:19288 transaction failed 29201/-12, size 0-12288 line 2970 [ 1237.495211] kobject: 'rx-0' (00000000b8c93c4d): kobject_cleanup, parent 000000000b534fee [ 1237.507037] kobject: 'loop3' (00000000314278fd): kobject_uevent_env 03:55:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1237.513496] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1237.552358] kobject: 'rx-0' (00000000b8c93c4d): auto cleanup 'remove' event 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:40 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1237.570381] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1237.582230] binder_alloc: 19308: binder_alloc_buf failed to map page at 20002000 in userspace [ 1237.589122] kobject: 'rx-0' (00000000b8c93c4d): kobject_uevent_env [ 1237.595406] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1237.609350] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1237.616034] binder_alloc: 19308: binder_alloc_buf failed to map page at 20002000 in userspace [ 1237.620931] kobject: 'rx-0' (00000000b8c93c4d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.624828] binder: 19308:19309 transaction failed 29201/-12, size 0-12288 line 2970 [ 1237.648218] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1237.658319] binder: 19306:19307 transaction failed 29201/-12, size 0-12288 line 2970 [ 1237.666870] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1237.673325] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1237.684349] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1237.689812] kobject: 'rx-0' (00000000b8c93c4d): auto cleanup kobject_del [ 1237.693548] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1237.708400] binder_alloc: 19308: binder_alloc_buf failed to map page at 20002000 in userspace [ 1237.723433] kobject: 'rx-0' (00000000b8c93c4d): calling ktype release [ 1237.733111] kobject: 'rx-0': free name [ 1237.737621] binder_alloc: 19308: binder_alloc_buf failed to map page at 20002000 in userspace [ 1237.746447] binder: 19306:19317 transaction failed 29201/-12, size 0-12288 line 2970 [ 1237.747517] kobject: 'tx-0' (00000000b236f53b): kobject_cleanup, parent 000000000b534fee [ 1237.763071] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1237.778757] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1237.791990] kobject: 'tx-0' (00000000b236f53b): auto cleanup 'remove' event [ 1237.807968] kobject: 'tx-0' (00000000b236f53b): kobject_uevent_env [ 1237.810993] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1237.815260] kobject: 'tx-0' (00000000b236f53b): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.840700] kobject: 'tx-0' (00000000b236f53b): auto cleanup kobject_del [ 1237.844714] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1237.852864] kobject: 'tx-0' (00000000b236f53b): calling ktype release [ 1237.864112] kobject: 'tx-0': free name [ 1237.868347] kobject: 'queues' (000000000b534fee): kobject_cleanup, parent (null) [ 1237.877376] kobject: 'queues' (000000000b534fee): calling ktype release [ 1237.884242] kobject: 'queues' (000000000b534fee): kset_release [ 1237.890548] kobject: 'queues': free name [ 1237.894816] kobject: 'lo' (000000000538fea2): kobject_uevent_env [ 1237.901091] kobject: 'lo' (000000000538fea2): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.912673] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1237.919687] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1237.937276] kobject: 'lo' (000000000538fea2): kobject_cleanup, parent (null) [ 1237.945411] kobject: 'lo' (000000000538fea2): auto cleanup 'remove' event [ 1237.952572] kobject: 'lo' (000000000538fea2): kobject_uevent_env [ 1237.959377] kobject: 'lo' (000000000538fea2): kobject_uevent_env: uevent_suppress caused the event to drop! [ 1237.969783] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1237.970600] kobject: 'lo' (000000000538fea2): calling ktype release 03:55:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e*t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:40 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:40 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:40 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1237.976276] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1237.985598] kobject: 'lo': free name 03:55:40 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1238.044313] binder_alloc: 19339: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.081814] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env 03:55:40 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ppoll(&(0x7f0000000040)=[{r2, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {r2}, {r2, 0x8000}, {r1, 0x1044}, {r2, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:40 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1238.088366] binder_alloc: 19339: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.105432] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1238.127185] binder_alloc: 19339: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.144589] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1238.161590] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1238.181000] binder_alloc: 19339: binder_alloc_buf failed to map pages in userspace, no vma 03:55:40 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x6, 0x17, 0x1, "34c100aef43443fbcdefc1e3d058907d2528096c38e768dd434c93dc332908492ecc719512a33f6ce67d5ec3a8ab94c7aed06095542049b2cd11b3d485967d49", "41288a02d08a44f913473d84ec2cc870beba9ca095b996e2ff88ecfd9edc55e3af4e316712f4c12d299b6ddc2afcaad998e21979cafdeac665eacf4df461cef9", "4b76be2095f270df45e513d2bcc06a7c7cb2546416d8fed51ae37a98df0762e4", [0xa1, 0x400]}) 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) [ 1238.189914] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1238.212386] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1238.227149] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env 03:55:40 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r1, 0x1}, {r1, 0x4001}, {r1, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {r1, 0x1044}, {0xffffffffffffffff, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e+t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:40 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) 03:55:40 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1238.246009] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1238.279456] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1238.285941] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:55:41 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) 03:55:41 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x1}, {0xffffffffffffffff, 0x4001}, {0xffffffffffffffff, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x1044}, {0xffffffffffffffff, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1238.361109] binder_alloc: 19369: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.361392] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env 03:55:41 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) [ 1238.422587] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1238.435948] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1238.440166] binder_alloc: 19369: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.449831] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:41 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:41 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x1}, {0xffffffffffffffff, 0x4001}, {0xffffffffffffffff, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x1044}, {0xffffffffffffffff, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:41 executing program 1: openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) [ 1238.471581] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1238.490090] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1238.498066] binder_alloc: 19369: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:41 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) [ 1238.567100] binder_alloc: 19369: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.575987] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1238.597443] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1238.647430] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1238.653989] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1238.668114] binder: BINDER_SET_CONTEXT_MGR already set [ 1238.671802] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1238.683592] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1238.696439] binder: 19402:19403 ioctl 40046207 0 returned -16 [ 1238.712302] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1238.719486] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1238.741919] binder_alloc: 19402: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e-t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:41 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x1}, {0xffffffffffffffff, 0x4001}, {0xffffffffffffffff, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x1044}, {0xffffffffffffffff, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:41 executing program 1: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) 03:55:41 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:41 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1238.797584] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1238.807200] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' 03:55:41 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) [ 1238.854104] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1238.866920] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1238.881042] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1238.890444] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:41 executing program 1: epoll_create1(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)) 03:55:41 executing program 0: openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}, {r0, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {r0, 0x1044}, {0xffffffffffffffff, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1238.902812] binder_alloc: 19419: binder_alloc_buf failed to map page at 20002000 in userspace [ 1238.958502] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1238.964994] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1238.966963] binder_alloc: 19419: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:41 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:41 executing program 1: epoll_create1(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)) 03:55:41 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) [ 1239.003989] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.037377] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.087416] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1239.093896] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1239.145168] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1239.155273] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1239.169508] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.176212] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.192599] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.207703] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.233987] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.240611] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e.t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:42 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}, {r0, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {r0, 0x1044}, {0xffffffffffffffff, 0x404}], 0x8, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:42 executing program 1: epoll_create1(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)) 03:55:42 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000140)={{0x4, 0x100000001}, {0x4, 0xce00000000000000}, 0x6, 0x2, 0x100000000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) 03:55:42 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1239.296887] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.303360] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:42 executing program 0: epoll_create1(0x0) ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1239.349360] binder_alloc: 19458: binder_alloc_buf failed to map page at 20002000 in userspace [ 1239.367116] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.373626] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:42 executing program 1: r0 = epoll_create1(0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:42 executing program 4: openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400000, 0x0) r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) 03:55:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1239.407498] binder_alloc: 19458: binder_alloc_buf failed to map page at 20002000 in userspace [ 1239.423444] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.430496] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.442613] binder_alloc: 19458: binder_alloc_buf failed to map page at 20002000 in userspace [ 1239.456971] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1239.464009] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1239.489733] binder: BINDER_SET_CONTEXT_MGR already set [ 1239.495102] binder: 19474:19476 ioctl 40046207 0 returned -16 03:55:42 executing program 1: r0 = epoll_create1(0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) [ 1239.517624] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1239.533525] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1239.549967] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.557879] binder_alloc: 19458: binder_alloc_buf, no vma 03:55:42 executing program 4: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) [ 1239.564766] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.639672] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1239.652233] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1239.670798] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.685564] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1239.696281] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.703128] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:55:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e0t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:42 executing program 0: epoll_create1(0x0) ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:42 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f00]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:42 executing program 1: r0 = epoll_create1(0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:42 executing program 4: epoll_create1(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)) [ 1239.758973] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.765507] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.806920] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.815215] binder_alloc: 19502: binder_alloc_buf failed to map page at 20002000 in userspace [ 1239.828518] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:42 executing program 1: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) 03:55:42 executing program 4: epoll_create1(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)) 03:55:42 executing program 0: epoll_create1(0x0) ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1239.859184] binder_alloc: 19502: binder_alloc_buf failed to map page at 20002000 in userspace [ 1239.875628] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.886188] binder_alloc: 19502: binder_alloc_buf failed to map page at 20002000 in userspace [ 1239.897620] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1239.915289] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1239.927545] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' 03:55:42 executing program 4: epoll_create1(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)) 03:55:42 executing program 1: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) [ 1239.977125] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1239.993411] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.023249] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1240.042515] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1240.053606] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1240.062553] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.062793] binder_alloc: 19531: binder_alloc_buf failed to map page at 20002000 in userspace [ 1240.069254] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.087871] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1240.103727] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1240.116046] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' 03:55:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='eXt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:42 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}, {r0, 0x2010}, {}, {0xffffffffffffffff, 0x8000}, {r0, 0x1044}], 0x7, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:42 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:42 executing program 1: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) 03:55:42 executing program 4: r0 = epoll_create1(0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) [ 1240.132362] binder_alloc: 19531: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:42 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}, {r0, 0x2010}, {}, {0xffffffffffffffff, 0x8000}], 0x6, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:42 executing program 4: r0 = epoll_create1(0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:42 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1240.218159] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.224798] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:42 executing program 4: r0 = epoll_create1(0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:55:42 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1240.263018] binder_alloc: 19557: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:43 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}, {r0, 0x2010}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1240.304577] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1240.315615] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1240.325361] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.335977] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.348844] binder_alloc: 19557: binder_alloc_buf failed to map page at 20002000 in userspace [ 1240.369369] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1240.383549] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1240.407972] binder_alloc: 19557: binder_alloc_buf failed to map page at 20002000 in userspace [ 1240.447182] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.453827] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.472524] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1240.480920] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1240.482050] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.497303] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1240.502598] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.509288] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' 03:55:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='ect4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:43 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:43 executing program 4: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) 03:55:43 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}, {r0, 0x2010}], 0x4, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:43 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:43 executing program 4: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) 03:55:43 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1240.615560] binder_alloc: 19590: binder_alloc_buf failed to map page at 20002000 in userspace [ 1240.636969] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.644102] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.655546] binder_release_work: 43 callbacks suppressed 03:55:43 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}, {r0, 0x4001}], 0x3, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:43 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1240.655552] binder: undelivered TRANSACTION_ERROR: 29201 [ 1240.667690] binder: BINDER_SET_CONTEXT_MGR already set [ 1240.679331] binder: 19590:19601 ioctl 40046207 0 returned -16 [ 1240.679649] binder_alloc: 19590: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1240.715103] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1240.726646] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1240.741516] binder: undelivered TRANSACTION_ERROR: 29201 [ 1240.754958] binder_alloc: 19590: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1240.769831] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1240.794225] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1240.804422] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.814222] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.840149] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1240.848998] binder: undelivered TRANSACTION_ERROR: 29201 [ 1240.856714] binder: undelivered TRANSACTION_ERROR: 29189 [ 1240.870667] binder_alloc: 19620: binder_alloc_buf failed to map page at 20002000 in userspace [ 1240.882181] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1240.897088] binder: undelivered TRANSACTION_ERROR: 29201 [ 1240.903917] binder: BINDER_SET_CONTEXT_MGR already set [ 1240.910394] binder_alloc: 19620: binder_alloc_buf, no vma [ 1240.915315] binder: 19620:19625 ioctl 40046207 0 returned -16 [ 1240.922540] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.922787] binder: undelivered TRANSACTION_ERROR: 29189 [ 1240.931449] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.945191] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1240.960407] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1240.964514] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1240.976754] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1240.987363] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1241.000376] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:55:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='edt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:43 executing program 4: r0 = epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) 03:55:43 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0, 0x1}], 0x2, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:43 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1241.019567] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.026205] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.041505] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.052086] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1241.091627] binder_alloc: 19642: binder_alloc_buf failed to map page at 20002000 in userspace [ 1241.115324] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.127120] binder_alloc: 19642: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:43 executing program 4: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:43 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}], 0x1, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1241.136785] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.153769] binder: undelivered TRANSACTION_ERROR: 29201 [ 1241.162485] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1241.165148] binder_alloc: 19642: binder_alloc_buf failed to map page at 20002000 in userspace [ 1241.184449] binder: undelivered TRANSACTION_ERROR: 29201 03:55:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:43 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}], 0x1, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1241.185002] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1241.224547] binder: BINDER_SET_CONTEXT_MGR already set 03:55:43 executing program 4: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1241.251124] binder: 19642:19644 ioctl 40046207 0 returned -16 [ 1241.257329] binder: undelivered TRANSACTION_ERROR: 29201 [ 1241.267285] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.285544] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.295926] binder: undelivered TRANSACTION_ERROR: 29189 [ 1241.318935] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1241.324213] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.325422] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1241.346098] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.358576] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1241.370194] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:55:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='eit4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:44 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:44 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}], 0x1, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:44 executing program 4: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1241.416773] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.423394] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.435793] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1241.449830] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1241.479402] binder_alloc: 19680: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:44 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x1}], 0x2, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1241.524888] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.524985] binder_alloc: 19680: binder_alloc_buf failed to map page at 20002000 in userspace [ 1241.543283] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.562613] binder: BINDER_SET_CONTEXT_MGR already set [ 1241.592010] binder: 19680:19682 ioctl 40046207 0 returned -16 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xfdfdffff00000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) [ 1241.637392] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.662509] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.696957] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1241.703528] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1241.721750] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.730766] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.745310] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1241.762938] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1241.774598] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1241.781337] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:55:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:44 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x1}], 0x2, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='elt4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) 03:55:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:44 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffff7f00000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1241.809084] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.815697] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1241.865855] binder_transaction: 55 callbacks suppressed [ 1241.866127] binder: 19724:19725 transaction failed 29189/-22, size 0-12288 line 2855 [ 1241.884294] binder_alloc: 19726: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x1}], 0x2, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='e%t4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1241.911339] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1241.921741] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1241.941817] binder: 19726:19728 transaction failed 29201/-12, size 0-12288 line 2970 [ 1241.950022] binder_alloc: 19726: binder_alloc_buf failed to map page at 20002000 in userspace [ 1241.971155] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1241.983900] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1242.003189] binder_alloc: 19726: binder_alloc_buf failed to map page at 20002000 in userspace [ 1242.012765] binder: 19724:19725 transaction failed 29201/-12, size 0-12288 line 2970 03:55:44 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}, {r0}], 0x2, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:44 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1242.039632] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1242.046158] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1242.052176] binder: 19726:19728 transaction failed 29201/-12, size 0-12288 line 2970 03:55:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00]}}], 0x0, 0x0, &(0x7f0000000300)}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 4: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$ext4(&(0x7f00000000c0)='eot4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="800f00001000110019000300e600040000000102dfffffff0100000009000000004000000040000080000000000000006d5ebe5a0000fff053ef08064310292e9be790e506b743dcf8a6939ac9c22cd06c386fc639c6f259612f0e8b51a49b950fbd38b2585bdca543f11c14467fe1f913b7f2fb3039d8abbde57fd533176deb5eaddaa07a3e9d69c5f8005355380368309032e72ac18688f9967806b88ee9c0bb8190150c877e49543da48317ded52ff0f8fdadfdee3976a08c89843674a192ff66e594cb27beed6d71570bb8cd894d49ea1288f2c418dfbf5a340f90a67602082549fdb1b1f9cd6992d626c4b5f0562dab3f01b11217bdb344f52b9c64a08f37", 0x101, 0x400}], 0x0, 0x0) [ 1242.101425] kobject: 'loop3' (00000000314278fd): kobject_uevent_env [ 1242.120227] kobject: 'loop3' (00000000314278fd): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1242.146347] binder: 19750:19751 transaction failed 29189/-22, size 0-12288 line 2855 [ 1242.153059] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1242.175340] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env [ 1242.185772] binder_alloc: 19761: binder_alloc_buf failed to map page at 20002000 in userspace 03:55:44 executing program 0: r0 = epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) 03:55:44 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:44 executing program 4: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1242.193640] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1242.210315] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1242.227172] binder_alloc: 19761: binder_alloc_buf failed to map page at 20002000 in userspace [ 1242.232419] kobject: 'loop5' (00000000364eb379): kobject_uevent_env [ 1242.246014] binder: 19761:19762 transaction failed 29201/-12, size 0-12288 line 2970 [ 1242.249594] kobject: 'loop5' (00000000364eb379): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1242.266846] binder: 19750:19751 transaction failed 29201/-12, size 0-12288 line 2970 03:55:45 executing program 3: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) [ 1242.293015] kobject: 'loop0' (0000000070e8dfe9): kobject_uevent_env [ 1242.313246] kobject: 'loop0' (0000000070e8dfe9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1242.327265] kobject: 'loop2' (000000004f774cb1): kobject_uevent_env 03:55:45 executing program 0: epoll_create1(0x0) ppoll(&(0x7f0000000040)=[{}], 0x1, &(0x7f0000000080), &(0x7f00000000c0)={0x4}, 0x8) [ 1242.334231] kobject: 'loop2' (000000004f774cb1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1242.346247] binder_alloc: 19761: binder_alloc_buf failed to map page at 20002000 in userspace [ 1242.374656] kobject: 'loop3' (00000000314278fd): kobject_uevent_env 03:55:45 executing program 4: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000000443) 03:55:45 executing program 1: opena