led after BC_ENTER_LOOPER [ 785.613721] binder: 29823:29831 got reply transaction with no transaction stack 08:43:29 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) setsockopt$inet_int(r1, 0x0, 0x7, &(0x7f0000000280)=0xa3, 0x4) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=0x0, &(0x7f0000000300)=0x4) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={r2, @in={{0x2, 0x4e23, @loopback}}, 0x3, 0x5, 0x80000001, 0x1, 0x12}, &(0x7f0000000400)=0x98) r3 = socket$inet(0x2b, 0x100007, 0x3) r4 = memfd_create(&(0x7f0000000100)='./cgroup\x00', 0x4) ioctl$UI_BEGIN_FF_ERASE(r4, 0xc00c55ca, &(0x7f00000002c0)={0xb, 0x8, 0x9}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000000)={0xff, 0x820f, 0xa, 0x4, 0x0}, &(0x7f0000000040)=0x10) ioctl$SNDRV_CTL_IOCTL_PVERSION(r4, 0x80045500, &(0x7f0000000080)) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000001c0)=ANY=[@ANYRES32=r5, @ANYBLOB="93dd496a7163f66164b7692c250984c9e0577cec896d4d3ba8865116b4da108d99193d44ed98978b3027fc49db9682c1de736c44b2af0b0803382028540312e47437090e35cd7e4edf1252557617971a9855349e36b5ad45560ea036bd6b79ca9b375beceeff211b3a928ed010905d7a6f9d9a5af7714d3bc0cd6c160cc5d008cbffa3ba52a5ef0039872773fef4a22ef4b8ae370a19e6eafb77022fec1dc624dbff67fbe58944962862"], &(0x7f00000000c0)=0xc) sendfile(r3, r1, 0x0, 0xb) 08:43:29 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='rdma.current\x00', 0x0, 0x0) r2 = gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000140)={{0x6, 0x0, 0x9, 0xfffffffffffffff9, '\x00', 0xffff}, 0x5, 0x10000033, 0x3, r2, 0x3, 0x9, 'syz1\x00', &(0x7f0000000080)=['\x00', 'bpf\x00', '-{keyring\x00'], 0xf, [], [0x1, 0x2, 0x89, 0x800]}) r3 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:29 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x200, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000040)={0x80000000, 0x8}) r2 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) r3 = socket$inet(0x2b, 0x1, 0x0) sendfile(r3, r2, 0x0, 0xb) [ 785.644487] binder_transaction: 11 callbacks suppressed [ 785.644506] binder: 29823:29831 transaction failed 29201/-71, size 0-0 line 2741 [ 785.676069] binder_release_work: 11 callbacks suppressed [ 785.676077] binder: undelivered TRANSACTION_ERROR: 29201 08:43:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 785.764216] binder: 29850:29852 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 785.789017] binder: 29850:29852 got reply transaction with no transaction stack [ 785.796732] binder: 29850:29852 transaction failed 29201/-71, size 0-0 line 2741 [ 785.807032] binder: undelivered TRANSACTION_ERROR: 29201 [ 785.808279] binder: 29850:29852 got reply transaction with no transaction stack [ 785.820606] binder: 29850:29852 transaction failed 29201/-71, size 0-0 line 2741 [ 785.828403] binder: undelivered TRANSACTION_ERROR: 29201 08:43:30 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="de"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) setsockopt$inet_udp_int(r1, 0x11, 0x65, &(0x7f0000000040)=0x200, 0x4) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:30 executing program 3: socketpair$unix(0x1, 0x800000000003, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000000)='\x00', 0x4) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000240)={0x8, 0x14, [0x6, 0x9, 0x0, 0x7fff, 0xe514]}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clock_adjtime(0x0, &(0x7f0000000140)={0xcc73}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000080)={0x81, {{0x2, 0x4e20, @multicast2}}}, 0x88) r4 = socket$inet(0x2b, 0x1, 0x0) sendfile(r4, r3, 0x0, 0xb) 08:43:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)="2e2f6367726f75702e6e65742f73797a3100c517750d233aa1a8e48b26a92bb5fa122f20a0cdcd2cd9686a6cea5ce7a230ede13c1242f458be0db29c5bcab979cbd9164e4e761e1a53a78017f75478d3a31e21c036d6eb69e28bf31c05332e35c4b4fa0b24ea1cfbfe01ad6e5c15acbb70ef3fce724e77b88b390b1734900aefc2df2245ce2dffd1118b3180f44af8c221ccf502aaf98c50be56ccefc7d596ac9599f7fdc079e27ca920ca05663c87c143f27d5658628e6a9cdcfaab84f8b08458b6d909654de1bef0fcd711937344d3f835e4f657df4be2", 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) accept4$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, &(0x7f0000000040)=0x10, 0x800) r2 = socket$inet(0x2b, 0x1, 0x0) sendfile(r2, r1, 0x0, 0xb) 08:43:30 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x2010, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:30 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x1020, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)="2e2f6367726f75702e090000007379823000", 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0) r2 = socket$inet(0x2b, 0x1, 0x0) ioctl$KDDISABIO(r1, 0x4b37) sendfile(r2, r1, 0x0, 0xb) [ 786.522601] binder: 29860:29871 got reply transaction with no transaction stack 08:43:30 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x9, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:30 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x9000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) r2 = socket$inet(0x2b, 0x1, 0x0) sendfile(r2, r1, 0x0, 0xb) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000000), 0xffffffffffffffe7) 08:43:30 executing program 5: r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0xfff, 0x900) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x716}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140)={r1, 0x3}, &(0x7f0000000180)=0x8) mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r2 = timerfd_create(0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80080}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@mpls_delroute={0x34, 0x19, 0x702, 0x70bd26, 0x25dfdbfe, {0x1c, 0x10, 0x0, 0x400, 0xff, 0x7, 0xfd, 0x6, 0x1200}, [@RTA_TTL_PROPAGATE={0x8, 0x1a, 0x3}, @RTA_OIF={0x8, 0x4, r3}, @RTA_OIF={0x8, 0x4, r4}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = dup(r2) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r5, 0x40085400, &(0x7f0000000000)={0x7}) timerfd_create(0x7, 0x80000) [ 786.576851] binder: 29860:29871 transaction failed 29201/-71, size 0-0 line 2741 [ 786.600058] binder: undelivered TRANSACTION_ERROR: 29201 08:43:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) r2 = socket$inet(0x2b, 0x1, 0x0) sendfile(r2, r1, 0x0, 0xb) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) write$sndseq(r1, &(0x7f0000000300)=[{0x101, 0x1, 0x9, 0x7fffffff, @time={r3, r4+30000000}, {0x9, 0x7}, {0xffff, 0x4}, @ext={0x7a, &(0x7f0000000040)="31fec8de89262d22f62283317416adee82837ae028ba3be9dc7b1ac29a41e25696c59938095a4b14cdd7ab81ce9f83ded532fbd7a5722b02572b83ad8f5cdbf2cfdadc8ad53a47efe8c35a531d75a8ee2e7eb30f7a27d2ee7c969111fa2cad97a9a1852032004cc5cb586c55c88877e3f7c7be0f29076a4c4257"}}, {0x2, 0x100000000, 0x5, 0x1ff, @tick=0x6, {0x4, 0x79f}, {0x6, 0x1}, @ext={0xdb, &(0x7f00000001c0)="9d5cacc70fd5f8a41c9c8fd6c2f55e5454a6d812c17e955af8d1842fbbfe2addc27aa0489f6bb09df0643d9db46353d7b9b61c4c88b086b93ddf8f55629d7019388ab268b18892d974b0f9cb6b0685b556f6d52ceb972be9fcc40598f5e5ad5a103fc14dc4470764ce46bc4f1e319c3ae79aa68139e7902b680507d2e6f1e3efaa3b62680f0e30fe2f06226542ed45bbb9e7931193db9de2e598326f2ca5cd3141d1fb067bf546775af3822ab21a9306e41b8af46112d0b972d014ae5508b231909c35e549a895aa4ff37d47ad0836bb983ac716002f6f31d2d643"}}, {0x6, 0x2, 0x2, 0x4, @time={0x77359400}, {0x6, 0xffffffff}, {0x5, 0x8}, @raw8={"3db5bb66229172c0d3ef6b58"}}, {0x100, 0x5, 0x8, 0x9a, @tick=0xe4, {0x4e, 0x1000}, {0xfff, 0xffffffffffffd09d}, @raw8={"8456adb9cdf1dd994f8478da"}}, {0x512b, 0x10001, 0x1, 0x2, @time={r5, r6+30000000}, {0x1f, 0x30000000}, {0x80000001, 0x3f}, @addr={0xa3, 0x194000}}, {0x81, 0x31c9, 0x80000001, 0x8, @tick=0x3f, {0x59, 0x10000}, {0x1, 0x7fffffff}, @addr={0x4, 0x6}}, {0x6, 0x5, 0x2, 0x7, @tick=0x3ff, {0x80000001}, {0x7, 0xd0c1}, @quote={{0xffffffffffffffff, 0x7}, 0x8, &(0x7f0000000100)={0x72e0ddea, 0x6, 0x1, 0x400, @tick=0x9, {0x400, 0x376}, {0x1, 0x3f78000000}, @control={0xdef, 0x4, 0xfffffffffffffffb}}}}, {0x5, 0x1, 0x100000000, 0x6, @time={r7, r8+10000000}, {0x401, 0x1}, {0x5, 0x3}, @time=@time={0x0, 0x1c9c380}}, {0x100000000, 0x4, 0x4, 0x3, @time={r9, r10+10000000}, {0x0, 0x9}, {0x0, 0x5}, @raw32={[0x800, 0x41700, 0x800]}}, {0x0, 0x7f, 0x8, 0xffffffffffff8001, @tick=0xfffffffffffffffd, {0x0, 0x40}, {0x1e55e353, 0xff}, @queue={0x80, {0x101, 0x8001}}}], 0x1e0) 08:43:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:30 executing program 3 (fault-call:3 fault-nth:0): r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:30 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="d0"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 786.722058] binder: 29891:29893 transaction failed 29201/-71, size 0-0 line 2741 [ 786.732020] binder: undelivered TRANSACTION_ERROR: 29201 08:43:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-des3_ede-asm\x00'}, 0x58) r2 = socket$inet(0x2b, 0x1, 0x0) sendfile(r2, r1, 0x0, 0xb) 08:43:30 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:30 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) close(r0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 786.819456] binder: 29898:29901 transaction failed 29201/-71, size 0-0 line 2741 [ 786.846589] binder: 29898:29901 transaction failed 29201/-71, size 0-0 line 2741 [ 786.862803] binder: undelivered TRANSACTION_ERROR: 29201 [ 786.869772] binder: undelivered TRANSACTION_ERROR: 29201 08:43:31 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xfeffffff00000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x4020940d, &(0x7f0000000000)={0x7}) 08:43:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:31 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) r2 = socket$inet(0x2b, 0x1, 0x0) sendfile(r2, r1, 0x0, 0x10002) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000000)=0xcc44d06, 0x1) 08:43:31 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB=' ']) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$TIOCSBRK(r1, 0x5427) sysfs$3(0x3) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:31 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xedc0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:31 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) r2 = socket$inet(0x2b, 0x1, 0x0) sendfile(r2, r1, 0x0, 0xb) 08:43:31 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0xfffffffffffffffe, &(0x7f0000000040)=ANY=[@ANYBLOB="77f9bd52fed183f7715500003ce239ac15561fb5e9aecba6ae750c9009e80b74db721f0e1f8d8b5c0770deca46a1b81c8aa6a1c2d5dbf1c6f156534e90f92992dc58d3026fecd7268e4daa47840d7127453cd2dada11c6c1ec9f31a4ca000000"]) r0 = timerfd_create(0x7ffffff, 0x80000) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) [ 787.579474] binder: 29915:29927 transaction failed 29201/-71, size 0-0 line 2741 [ 787.592971] binder: undelivered TRANSACTION_ERROR: 29201 08:43:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0045878, &(0x7f0000000000)={0x7}) 08:43:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:31 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x8cffffff, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:31 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x3000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:31 executing program 5: getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000300)=0xe8) mount$bpf(0x20000000, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='bpf\x00', 0x0, &(0x7f0000000440)={[], [{@hash='hash'}, {@subj_role={'subj_role', 0x3d, 'vmnet0em1%:mime_type%+GPLsystem'}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@fowner_lt={'fowner<', r0}}, {@smackfsdef={'smackfsdef', 0x3d, 'bpf\x00'}}]}) r1 = timerfd_create(0x0, 0x0) r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000000c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfcd3, @loopback, 0x4}, r3}}, 0x30) 08:43:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x5460, &(0x7f0000000000)={0x7}) [ 787.724484] binder: 29932:29943 transaction failed 29201/-71, size 0-0 line 2741 08:43:31 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007140)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) fchown(r0, r2, r3) r4 = socket$inet(0x2b, 0x1, 0x0) sendfile(r4, r1, 0x0, 0xb) 08:43:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 787.797612] binder: undelivered TRANSACTION_ERROR: 29201 08:43:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x5421, &(0x7f0000000000)={0x7}) 08:43:31 executing program 4 (fault-call:7 fault-nth:0): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:31 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x10, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:31 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="e8cbf7a815b43e685d347a4ae6a1f3683218e101a69700f065c239602e003163099abfb8092ebea21f565e88677ae9147c1b885bc7a459573ce50f4da18e2bd498355844ec934c6bdb371e3a6424dbc1f9"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) write$FUSE_INTERRUPT(r1, &(0x7f00000000c0)={0x10, 0xfffffffffffffff5, 0x6}, 0x10) 08:43:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x5450, &(0x7f0000000000)={0x7}) 08:43:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 787.908889] binder: 29959:29962 transaction failed 29201/-71, size 0-0 line 2741 [ 787.941654] binder: undelivered TRANSACTION_ERROR: 29201 08:43:31 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x8) 08:43:32 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tran%=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc020660b, &(0x7f0000000000)={0x7}) 08:43:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:32 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006c6efb"]) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x100000001, 0x4000) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000140)={0x10001, 0x1, 0x0, {r1, r2+10000000}, 0x2}) r3 = timerfd_create(0x0, 0x0) syz_read_part_table(0x40, 0x3, &(0x7f0000000480)=[{&(0x7f0000000240)="8523e318526a2f52e66cd7b2b6ea9ab76c36d0cc0d2395e836f6ef8dd93ebcf9ec9a21260aaad2a019c3f83aa09e006e338402f8651e84de570805292e16b800c5f9efb965b2edbb23a288e418108644db6b1fa6ce169e007819069de368b220cf1066b74abe55e6085645321917e83d438a5ad4cac8bd94a1f0d6eb7baf42d45e207d708627edc1c3eec5e99548fba784e4326ba09f04aa3b9ac82bd84bd1977a2e949dfd68b31feae2bdeb310b2abd4a59f176164a740473bc2267c526cb77", 0xc0, 0x8}, {&(0x7f0000000300)="aa29c27725e3495e83a7b6cc89e3ee6fad40fa2ffb18e99a86cec52efc0b1741a64c1ee234febdb65786566dbf3d5f0744a03dc6d2", 0x35, 0x480}, {&(0x7f00000003c0)="2f968950df775e8eb01178a1492487bb8491f74aa75a68e213a21eeed0bb319103bfcfcb1478d6b41ee0caf15bc38fb065147f95be010b39a7e9f79ecf002899973613e3c93c313416a039e1845cd4c52e251bba0dde40d97fc9e210d313345b0d7ffc35f263ed3ed6d0e439b1120d4f4bafbaa941b673334a7bf2d802436303886addeaff783e6564c4bfefe77c4414df7e29a7d23b6677c11d94dcdc281fffed0adfe259d52d80bc", 0xa9, 0xd}]) r4 = dup(r3) setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000000340)=0x6657, 0x2) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$EVIOCGABS2F(r4, 0x8018456f, &(0x7f0000000500)=""/126) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) fsetxattr$security_ima(r4, &(0x7f00000001c0)='security.ima\x00', &(0x7f0000000200)=@md5={0x1, "40c8c597e902d9c0b77b4ea4d6a9db1b"}, 0x11, 0x2) 08:43:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0045878, &(0x7f0000000000)={0x7}) 08:43:32 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f00000002c0)='/dev/audio#\x00', 0x8aae, 0x8000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r2, 0x10, 0x0, @in={0x2, 0x4e24, @rand_addr=0x1d}}}, 0x90) r3 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$TIOCGSOFTCAR(r3, 0x5419, &(0x7f0000000080)) prctl$setname(0xf, &(0x7f0000000040)='bpf\x00') ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f0000000280)={0x1, 0x26, 0x1f, 0x1000, 0x6, 0x6, 0x20}) mlockall(0x2080000000000002) [ 788.633615] binder_thread_write: 9 callbacks suppressed [ 788.633626] binder: 29985:29990 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 788.661110] binder_transaction: 7 callbacks suppressed [ 788.661121] binder: 29985:29990 got reply transaction with no transaction stack 08:43:32 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xfffffffe, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:32 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranT=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:32 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3ff, 0x101080) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000140)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) r2 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0189436, &(0x7f0000000000)={0x7}) 08:43:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x3f000000, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x2, &(0x7f0000000000)={0x7}) 08:43:32 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = shmget(0x1, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000280)=0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000002c0)=0x0) shmctl$IPC_SET(r1, 0x1, &(0x7f0000000300)={{0x7, r2, r3, r4, r5, 0x40, 0x10001}, 0x3, 0x6, 0xffff, 0x91, r6, r7, 0x7}) r8 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r8, 0x40085400, &(0x7f0000000000)={0x7}) [ 788.871944] binder: 30009:30019 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 788.889402] binder: 30009:30019 got reply transaction with no transaction stack 08:43:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:32 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranV=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:32 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x400000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x5451, &(0x7f0000000000)={0x7}) [ 788.971327] binder: 30027:30029 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 788.980193] binder: 30027:30029 got reply transaction with no transaction stack 08:43:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:32 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="000cc5c11842e98782cca0818880adb4fffb2b577e78039340b89b4a8c22215ebcf457460d15b367101c1d56afaa6f91d340e016cc1330df04b49b23755cd5358f65171614468562fdbce3f582feda742211c0c36a85d3590610e41211c74c42df172844e8c11571fbd7661ba5b9cd2c3ad1a97990d184f60c0088d84b7bfbae13c035c7ae64d3ac242870e1cf021504354d62da9ab93c267dc2281c6bb624b43ca8ec5808411b569c4a8ab663fd0cc55583a4209041541865"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) socket$inet6(0xa, 0x7, 0x0) 08:43:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x3f00, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:32 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranR=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x5452, &(0x7f0000000000)={0x7}) 08:43:32 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xffffffff00000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 789.141440] binder: 30047:30049 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 789.162817] binder: 30047:30049 got reply transaction with no transaction stack 08:43:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40049409, &(0x7f0000000000)={0x7}) 08:43:32 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="009901305f229771eb62d57ec34e5ac18ebe64a6eca188c362bdd3dc179401000000eef589290d00020000000000013168dd584aaf545359b91b4e92150b6cf0f3f747214327"]) r0 = timerfd_create(0x0, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x10400, 0x0) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000080), &(0x7f00000000c0)=0xc) r2 = dup(r0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranu=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x2000000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0xe00, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0xfffffdfd}) [ 789.373990] binder: 30070:30074 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 08:43:33 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x2010000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$sock_inet_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) 08:43:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranb=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 789.428863] binder: 30070:30074 got reply transaction with no transaction stack 08:43:33 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xf6ffffff, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0xfdfdffff00000000}) 08:43:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0xe, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:33 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x2000, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000140)={{{@in=@multicast2, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@local}}, &(0x7f0000000080)=0xe8) sendmsg$xdp(r0, &(0x7f0000000700)={&(0x7f00000000c0)={0x2c, 0x7, r1, 0x4}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000240)="b200610f531647fe42f869b4ec5a66fcf0e386bdc3c81e1899a26ee074334d23ef29de28648c5b7ad980ffdb85cdff2b647fde17626ec551bcd9c045906693efbed51d34c9af9fdde46ff056818ff846ccbbc31e11768e1b62aeba7bc662cfe45bed8bb0df16b35e4f0b6e3ee23e8edd93eb2c3913010d8a365801f7c3485dda89e312e868982f7dce0a9e", 0x8b}, {&(0x7f00000003c0)="bb34fa422bf40df5213ada5a73e50a256b0ee244b255e7d4333eb0a2f86e0e7cb75fed24992a95b88baef7d7f0b32791ec28dcbbeee0850a5697bca6f3cd6e2f1ef9de9678c3f6f90638afc525139bb765ecb62285fdbd92e420291c493df311b7e43f7689118e46d591f43ed6584af92dc1c1eb46b093846bc71d0b7d6c4a4a344c07aeae74d089def56216a58ddd5c3b", 0x91}, {&(0x7f0000000300)="e7bc0b26a2", 0x5}, {&(0x7f00000004c0)="c9eba39d50b8da14dd1bd051e464bcf5d79c26108463287144349b078f569311f12654754b66faa0177d29cb6bbd88a9dd8bfb39e9bc4460d3c62324b052a0f059094e33d16c057c8912efae062c75ef9627a6f302625b566eadfaa2c07131220f89ba260530b7a077f8a55b3cfc735833acc140e7e0fbe0edd52676d2798589afc63ec440b9a0f72d1e45dbcb7b60f3ca9dade958a374c2b50cbfb06d9758bbca4c454f37d4991c56f3ebfc044d03f12ec5c7d8be66ef7898a823189077241203aafd2119fceb0d0f2dd97eca838557722baac6dcba", 0xd6}, {&(0x7f0000000340)="ea562f28f91b974a49efc42b781fce3070f15e2de1dbe6", 0x17}, {&(0x7f00000005c0)="cdccf58e3b3f9064f4f21eb779f679fd47148346d9b1b9ddc1caeca908b8f69176157b000c8bfbac7a830dc919686aad4218a17c9f331f26d25316ddf35bb3825501fe665baf6b9371caadb6f25ecae56136d9a0ca1e978f423c4af40fd1ce3d9c57c096e3a4ee", 0x67}, {&(0x7f0000000640)="e0ac74ca1bf4a61f66e2396ed11bc0f47d4bf2689ff04e16c306d4d541a74439206c63afb43bba86b3", 0x29}], 0x7, 0x0, 0x0, 0x40000}, 0x8000) mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) setxattr$trusted_overlay_origin(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='trusted.overlay.origin\x00', &(0x7f00000007c0)='y\x00', 0x2, 0x1) r2 = timerfd_create(0x0, 0x0) r3 = dup(r2) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trang=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x80ffff00000000}) [ 789.595873] binder: 30103:30104 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 789.612075] binder: 30103:30104 got reply transaction with no transaction stack [ 789.621057] binder: 30103:30104 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 789.630878] binder: 30103:30104 got reply transaction with no transaction stack 08:43:33 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x2000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x80ffff}) 08:43:33 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='\x00']) r0 = timerfd_create(0xfffffffffffffffc, 0x0) r1 = dup(r0) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x0, 0xfffffffffffffff8, 0x10001}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x8, 0x6, 0x3, 0xfffffffffffffff9, 0x8, 0x8, 0x4, 0x5, r2}, &(0x7f0000000140)=0x20) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranQ=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x3, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 789.778980] binder: 30126:30128 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 08:43:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0xe00000000000000, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0xfdfdffff}) [ 789.821073] binder: 30126:30128 got reply transaction with no transaction stack 08:43:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:33 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x105100, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000200)={{{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000300)=0xe8) stat(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000540)=0xc) fstat(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000600)={{{@in=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000700)=0xe8) lstat(&(0x7f0000000740)='./file1\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000800)={0x0, 0x0}, &(0x7f0000000840)=0xc) r13 = getgid() getresuid(&(0x7f0000000880)=0x0, &(0x7f00000008c0), &(0x7f0000000900)) r15 = getgid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000940)={0x0, 0x0}, &(0x7f0000000980)=0xc) stat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000a80)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@multicast2}}, &(0x7f0000000b80)=0xe8) mount$9p_rdma(&(0x7f0000001300)='127.0.0.1\x00', &(0x7f0000001340)='./file2\x00', &(0x7f0000001380)='9p\x00', 0x4020, &(0x7f00000013c0)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x7ff}}, {@rq={'rq', 0x3d, 0x401}}], [{@fowner_lt={'fowner<', r18}}, {@uid_lt={'uid<', r6}}, {@uid_eq={'uid', 0x3d, r10}}]}}) r19 = getgid() getresuid(&(0x7f0000000bc0), &(0x7f0000000c00), &(0x7f0000000c40)=0x0) r21 = getegid() write$FUSE_DIRENTPLUS(r1, &(0x7f0000001480)=ANY=[@ANYBLOB="70060000f5ffffff04000000000000000500000000000000060000000000000008000000000000008000000000000000000200000400000003000000000000000900000000000000ff00000000000000090000000000000001000000000000007f000000000000000700000003000000010000800002000006000000", @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="060000000700000000000000040000000000000001000080000000000400000008000000627066000000000005000000000000000000000000000000240b00000000000001000000000000000800000003000000000000000000000008000000000000000800000000000000040000000000000004000000000000000000000000000000feffffff00000000f9ffffff0000000003000000", @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="0300000004000000000000000200000000000000340900000000000004000000010001006270660000000000010000000000000003000000000000000000000000000000000000000000bf0e09000000020000000000000000000000070000000000000003000000000000000000000000000000050000000000000000000000000000000000000065020000090000000100010000000000", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20000000000000000000000005000000000000000700000000000000040000000500000062706600000000000100000000000000020000000000000008000000000000000800000000000000c6080000ff0700000100000000000000000000000000000007000000000000000000000000000000010000000000000000000000000000003bbf2965800000000000ffff0500000000000100", @ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="010000009e0200000000000000000000000000003e55000000000000040000007f00000062706600000000000600000000000000000000000000000007000000000000000200000000000000020000000500000005000000000000000000000080030000ff7f000000000000fbffffffffffffff1f000000000000000600000000000000d7e5000007000000000000000900000000100000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="ff070000030000000000000006000000000000009900000000000000000000000400000005000000000000000000000000000000010000000100000009000000000000000800000000000000030000000000000007000000000000000004000000000000040000000000000009000000000000001f00000000000000080000001f000000030000002b04000001000000", @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB="1705000004030000000000000100000000000000000000000000000004000000000800006270660000000000020000000000000000000000000000000000008000000000090000000000000001000000030000000100000000000000050000000000000032f3ffffffffffff0900000000000000f901000000000000ead2000000000000ff00000008000000020000000400000000800000", @ANYRES32=r14, @ANYRES32=r15, @ANYBLOB="00000000bb1c933800000000030000000000000081ffffffffffffff04000000080000006270660000000000040000000000000003000000000000000001000000000000a3f700000000000000000000e10a000000000000000000000400000000000000ff0f00000000000008000000000000000800000000000000810000000000000000020000d7090000000400008100000014030000", @ANYRES32=r16, @ANYRES32=r17, @ANYBLOB="07a00000000000000000000001000000000000000500000000000000040000000600000062706600000000000000000000000000010000000000000005000000000000000500000000000000050000007bfb000004000000000000000100000000000000f8ffffffffffffff0300000000000000280400000000000000000100000000000900000007000000050000000100008006000000", @ANYRES32=r18, @ANYRES32=r19, @ANYBLOB="000000000600000000007988abed9183a4b5cd7c5d7c44da9e000004000000000000000500000000000000290000007b0e00006c6f40776c616e302a28706f7369785f61636c5f610200000073766d6e657431292d6b657972696e67000000000000000100000000000000020000000000000006000000000000000300000000000000010400000800000001000000000000007f000000000000009f000000000000003558000000000000ffffff7f000000003400000000000000090000005a57000016000000e200000000000000", @ANYRES32=r20, @ANYRES32=r21, @ANYBLOB="2000000002000000000000000200000000000000030000000000000004000000070000006270660000000000"], 0x670) r22 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r22, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0xffff8000}) [ 789.911529] binder: 30144:30148 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 789.920516] binder: 30144:30148 got reply transaction with no transaction stack 08:43:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trand=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0xfdfdffff}) 08:43:33 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000040)={0x6, 0x1f, 0xdfb}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x3f00000000000000, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0xfffffdfd}) [ 790.012477] binder: 30156:30157 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 790.039723] binder: 30156:30157 got reply transaction with no transaction stack 08:43:34 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x600000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:34 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x80, 0x0) write$P9_RSTAT(r1, &(0x7f0000000080)={0x4d, 0x7d, 0x1, {0x0, 0x46, 0x98, 0x3, {0x21, 0x1}, 0x20000000, 0x8000, 0x401, 0x0, 0x9, 'md5sum/)*', 0x1, '%', 0x5, 'eth1\'', 0x4, 'bpf\x00'}}, 0x4d) r2 = dup(r0) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranS=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0xffff8000}) 08:43:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0xe000000, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:34 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xf6ffffff00000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x80ffff00000000}) 08:43:34 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="01"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={r1, 0x50, &(0x7f0000000240)}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)) ioctl$FS_IOC_GETFLAGS(r2, 0x80046601, &(0x7f0000000200)) r3 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f00000001c0)) tkill(r3, 0x1000000000016) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 790.778981] binder_transaction: 11 callbacks suppressed [ 790.778998] binder: 30180:30188 transaction failed 29201/-71, size 0-0 line 2741 08:43:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranq=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 790.859051] binder_release_work: 11 callbacks suppressed [ 790.859059] binder: undelivered TRANSACTION_ERROR: 29201 08:43:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranI=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0xe, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0xfdfdffff00000000}) 08:43:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranw=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:34 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xedc0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 791.009234] binder: 30214:30217 transaction failed 29201/-71, size 0-0 line 2741 08:43:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x80ffff}) 08:43:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:34 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x900, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 791.055516] binder: undelivered TRANSACTION_ERROR: 29201 08:43:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranx=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 791.141995] binder: 30234:30235 transaction failed 29201/-71, size 0-0 line 2741 [ 791.176023] binder: undelivered TRANSACTION_ERROR: 29201 08:43:35 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='6']) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000040)=""/155) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000140), &(0x7f0000000180)=0x4) 08:43:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0xffff8000}) 08:43:35 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0xe00000000000000, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:35 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trano=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:35 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=.d,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 791.778359] binder: 30244:30248 transaction failed 29201/-71, size 0-0 line 2741 [ 791.786894] binder: undelivered TRANSACTION_ERROR: 29201 08:43:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0xfffffdfd}) 08:43:35 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="d21fc2a2e55b8495eb7f4048229d11ed2d93e2784a600e70176c7bc8bd1cd43cf2ae9a833c1ec20f60eaf283e11f9aef906100cf1c90ea98e8809338413eea7f341c3220822b18855444bd7c15936818727348d4bd328233a03814d1febc6aabe264db0a82da6b53c3f2323426cb422593a828712cc0d592ebd75ede842647c8d49f8d32bad7a973b446c4fab951fb734ad234ca00633f9bd71890150ab4a32175b9dad0537e2571bccf13cc09ab6444bbaacec76272e477e0068c21111b76d5bc6057c62912f73ef57b6500bc6238b9015beb9bb17c40d67afde012486d63b24ec660562cdbc6761aa271388aa35a65bd5eb4"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x80ffff00000000}) [ 791.863941] binder: 30257:30258 transaction failed 29201/-71, size 0-0 line 2741 [ 791.875005] binder: 30257:30258 transaction failed 29201/-71, size 0-0 line 2741 [ 791.888588] binder: undelivered TRANSACTION_ERROR: 29201 [ 791.900784] binder: undelivered TRANSACTION_ERROR: 29201 [ 791.907899] 9pnet: Could not find request transport: .d [ 791.952129] 9pnet: Could not find request transport: .d 08:43:35 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xc0ed0000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:35 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x3f00000000000000, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:35 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$KVM_GET_TSC_KHZ(r1, 0xaea3) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:35 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=/d,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0xfdfdffff00000000}) [ 792.050994] binder: 30276:30281 transaction failed 29201/-71, size 0-0 line 2741 [ 792.081640] 9pnet: Could not find request transport: /d [ 792.090373] binder: 30276:30281 transaction failed 29201/-71, size 0-0 line 2741 08:43:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x80ffff}) 08:43:35 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x20) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000140)=0x1000, 0x4) timerfd_create(0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4) 08:43:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 792.091345] binder: undelivered TRANSACTION_ERROR: 29201 [ 792.108636] binder: undelivered TRANSACTION_ERROR: 29201 08:43:35 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fq,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0xfdfdffff}) 08:43:35 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0xe000000, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 792.207042] binder: 30298:30301 transaction failed 29201/-71, size 0-0 line 2741 [ 792.227919] 9pnet: Could not find request transport: fq [ 792.236821] binder: 30298:30301 transaction failed 29201/-71, size 0-0 line 2741 [ 792.236911] binder: undelivered TRANSACTION_ERROR: 29201 [ 792.266609] binder: undelivered TRANSACTION_ERROR: 29201 08:43:36 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xffff000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:36 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000040)={0xffffffffffffff9c}) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) r1 = timerfd_create(0x0, 0x0) r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) setns(r2, 0x30000000) 08:43:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:36 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0xfffffdfd}) 08:43:36 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fu,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:36 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x3f000000, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:36 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x80ffff00000000}) [ 792.982221] 9pnet: Could not find request transport: fu 08:43:36 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="a06217b33313645ee9c2706bb66c"]) r0 = timerfd_create(0x1fffffffffff7ff8, 0x80800) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f00000000c0)={0x0, 0x5, 0x44b, &(0x7f0000000080)=0x5}) r2 = dup(r0) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000240)='team\x00') getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000540)={0x0, @loopback, @remote}, &(0x7f0000000580)=0xc) setsockopt$packet_buf(r1, 0x107, 0x5, &(0x7f0000000440)="1320b3dc321c30e0926bae6b468c9fa9e4c1cb30231e7bb4071615c56de534f054344bb3a9f38203a270", 0x2a) recvmmsg(r2, &(0x7f0000004dc0)=[{{&(0x7f00000005c0)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000640)=""/85, 0x55}, {&(0x7f00000006c0)=""/49, 0x31}, {&(0x7f0000000700)}, {&(0x7f0000000740)=""/215, 0xd7}, {&(0x7f0000000840)=""/87, 0x57}], 0x5, &(0x7f0000000940)=""/85, 0x55, 0x5}, 0xfffffffffffff826}, {{&(0x7f00000009c0)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000a40)=""/153, 0x99}, {&(0x7f0000000b00)=""/63, 0x3f}, {&(0x7f0000000b40)=""/84, 0x54}, {&(0x7f0000000bc0)=""/111, 0x6f}, {&(0x7f0000000c40)=""/18, 0x12}, {&(0x7f0000000c80)=""/92, 0x5c}, {&(0x7f0000000d00)=""/229, 0xe5}], 0x7, &(0x7f0000000e80)=""/4096, 0x1000, 0x9}}, {{&(0x7f0000001e80)=@l2, 0x80, &(0x7f0000002400)=[{&(0x7f0000001f00)=""/249, 0xf9}, {&(0x7f0000002000)=""/106, 0x6a}, {&(0x7f0000002080)=""/117, 0x75}, {&(0x7f0000002100)=""/215, 0xd7}, {&(0x7f0000002200)=""/71, 0x47}, {&(0x7f0000002280)=""/166, 0xa6}, {&(0x7f0000002340)=""/166, 0xa6}], 0x7, 0x0, 0x0, 0x10001}, 0x80000001}, {{0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000002480)=""/108, 0x6c}, {&(0x7f0000002500)=""/97, 0x61}, {&(0x7f0000002580)=""/244, 0xf4}, {&(0x7f0000002680)=""/36, 0x24}, {&(0x7f00000026c0)=""/111, 0x6f}, {&(0x7f0000002740)=""/143, 0x8f}, {&(0x7f0000002800)=""/208, 0xd0}], 0x7, &(0x7f0000002980)=""/127, 0x7f, 0x1ae0000000}, 0xffff}, {{&(0x7f0000002a00)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000002a80)=""/147, 0x93}, {&(0x7f0000002b40)=""/142, 0x8e}, {&(0x7f0000002c00)=""/149, 0x95}], 0x3, &(0x7f0000002d00)=""/236, 0xec, 0x9}, 0x224}, {{0x0, 0x0, &(0x7f00000043c0)=[{&(0x7f0000002e00)=""/108, 0x6c}, {&(0x7f0000002e80)=""/245, 0xf5}, {&(0x7f0000002f80)=""/154, 0x9a}, {&(0x7f0000003040)=""/38, 0x26}, {&(0x7f0000003080)=""/103, 0x67}, {&(0x7f0000003100)=""/167, 0xa7}, {&(0x7f00000031c0)=""/52, 0x34}, {&(0x7f0000003200)=""/4096, 0x1000}, {&(0x7f0000004200)=""/178, 0xb2}, {&(0x7f00000042c0)=""/234, 0xea}], 0xa, &(0x7f0000004480)=""/255, 0xff, 0x9}, 0x3}, {{&(0x7f0000004580)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000004c00)=[{&(0x7f0000004600)=""/144, 0x90}, {&(0x7f00000046c0)=""/227, 0xe3}, {&(0x7f00000047c0)=""/48, 0x30}, {&(0x7f0000004800)=""/165, 0xa5}, {&(0x7f00000048c0)=""/222, 0xde}, {&(0x7f00000049c0)=""/93, 0x5d}, {&(0x7f0000004a40)=""/155, 0x9b}, {&(0x7f0000004b00)=""/27, 0x1b}, {&(0x7f0000004b40)=""/145, 0x91}], 0x9, &(0x7f0000004cc0)=""/248, 0xf8, 0x81}, 0x4}], 0x7, 0x100, &(0x7f0000004f80)) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000004fc0)={0x0, @rand_addr, @dev}, &(0x7f0000005000)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000005040)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@loopback}}, &(0x7f00000003c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000005180)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000051c0)={{{@in6=@mcast1, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000180)=0x2d9) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000400)) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000005680)={{{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000005780)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000057c0)={{{@in6=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@loopback}}, &(0x7f00000058c0)=0xe8) getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000300)={@ipv4}, &(0x7f0000000340)=0x14) accept$packet(r1, &(0x7f0000005900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000005940)=0x14) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x3, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000005b00)={@dev, @multicast1, 0x0}, &(0x7f0000005b40)=0xc) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000005e80)={&(0x7f0000000140), 0xc, &(0x7f0000005e40)={&(0x7f00000052c0)=ANY=[@ANYBLOB="9c020000", @ANYRES16=r3, @ANYBLOB="110225bd7000fbdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="f001020040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000200000008000600", @ANYRES32=r5, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000900000008000600", @ANYRES32=r6, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r8, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r9, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000500000008000600", @ANYRES32=r10, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000300000008000600", @ANYRES32=r11, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000600000008000100", @ANYRES32=r12, @ANYBLOB="3c00020038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400209a000008000100", @ANYRES32=r13, @ANYBLOB="44000200400001002400000000000000000000000600000000000000000000000000000800030005006e64726f62696e0000331233587f46dd9c1590fb60589eca6a547c1f5dc90aa1f942009b4d5f091ae0e80064910ed14272"], 0x29c}, 0x1, 0x0, 0x0, 0x4000}, 0x800) r14 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x7, 0x40400) ioctl$VT_RESIZEX(r14, 0x560a, &(0x7f0000000200)={0xffff, 0xfff, 0x1, 0xfffffffffffffff8, 0x5, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:36 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fQ,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:36 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 08:43:36 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x900000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:36 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x3f00, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:36 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x400, 0x1f) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000140)={0x4, 0x1, 0x6, 'queue0\x00', 0x3}) pread64(r0, &(0x7f00000000c0)=""/18, 0x12, 0x0) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000200)={0x7f, @loopback, 0x4e21, 0x2, 'sh\x00', 0x8, 0x7f, 0x37}, 0x2c) r1 = timerfd_create(0x0, 0x0) bind$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x401, {0xfffe, 0x100000001, 0x6394, 0x80000001, 0xfffffffffffffd88, 0x3}, 0x8, 0x2d13}, 0xe) fstatfs(r1, &(0x7f0000000280)=""/245) r2 = dup(r1) open$dir(&(0x7f0000000040)='./file0\x00', 0x44942, 0x8) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) [ 793.154710] 9pnet: Could not find request transport: fQ 08:43:36 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x80ffff}) [ 793.233225] audit: type=1800 audit(1540025016.932:54): pid=30356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor5" name="file0" dev="sda1" ino=17249 res=0 08:43:37 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fR,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 793.266704] audit: type=1804 audit(1540025016.962:55): pid=30356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor5" name="/root/syzkaller-testdir204152371/syzkaller.sn4KSj/1319/file0" dev="sda1" ino=17249 res=1 [ 793.306352] audit: type=1804 audit(1540025016.962:56): pid=30356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor5" name="/root/syzkaller-testdir204152371/syzkaller.sn4KSj/1319/file0" dev="sda1" ino=17249 res=1 08:43:37 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0xfdfdffff}) 08:43:37 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getegid() write$FUSE_CREATE_OPEN(r1, &(0x7f0000000140)={0xa0, 0x0, 0x1, {{0x2, 0x0, 0x80000000, 0x10000, 0x7, 0x0, {0x1, 0xfffffffffffffcc5, 0x80, 0x4, 0x64, 0x5, 0x1f2400, 0x7, 0xaff6, 0x4, 0x1420, r2, r3, 0x2, 0x4}}, {0x0, 0x1}}}, 0xa0) 08:43:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:37 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xfeffffff, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 793.344551] 9pnet: Could not find request transport: fR 08:43:37 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0xe00, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:37 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fg,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:37 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x4000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:37 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x7, 0x200000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000200)={0x7, 0x6, 0x1, 'queue0\x00', 0x6}) r1 = timerfd_create(0x3, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x581, 0x10000) fcntl$getownex(r2, 0x10, &(0x7f00000000c0)={0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r2, 0x0, 0x1, &(0x7f0000000140)='\x00', 0xffffffffffffffff}, 0x30) ioctl$KVM_ASSIGN_SET_INTX_MASK(r2, 0x4040aea4, &(0x7f0000000080)={0x80, 0x0, 0x1, 0x2, 0x7fff}) r4 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0x40085400, &(0x7f0000000000)={0x7}) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 08:43:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:37 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0xffff8000}) 08:43:37 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 793.535907] 9pnet: Could not find request transport: fg 08:43:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:37 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0032893ee0942ae294af624fe1bee3568b78628cdcc08c0c38b301a4219f47f789a6c38717bc161adc4fbb01baef0e489ae232f3c4e02a59a2868b069ba356c7c15140e2139f46309178c8acf8371a6069d160dca4344d366c9d39d0f904eb8366ff620c4f3a8c65d59742b1182ded1b37a4e120d870ef06ba6d8a264b11c664cecdaa3c036f6bf7f4019f91333dbee6a8033986738b8e502727ce12ffe3bb1a2de66d3066114feb281b3710e8864cdb09bd30aeb5f4b8b4f00d2afcd5ee4de843779cefd7f21e22459ccf86ac570f5aa65f075dc12eb4a3b989063aff7bbc68"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:37 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fs,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:37 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0xffff8000}) 08:43:37 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0x3f000000}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 793.653499] 9pnet: Could not find request transport: fs [ 793.654563] binder_thread_write: 16 callbacks suppressed [ 793.654573] binder: 30402:30405 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 793.686525] binder_transaction: 16 callbacks suppressed [ 793.686534] binder: 30402:30405 got reply transaction with no transaction stack 08:43:37 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x800, 0x0) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) pwrite64(r0, &(0x7f0000000180)="65e5417216be17a0e7cb3ff98719d6ea102b771f51a998f4f8ff58b43516550153b645cec8ae9d1350ac8e4a52e0d82c53ef6ca444402228ff9676a08cee6590895da572769969bdfbb0d193e4cacccbba644c887bfef0a49aa18feb3141a81bb48fc6cefad8e0502332dcad0220c03792de4655c6e145ad842a672b59f26485fa461540eec358a9685066b72dbee73e4c009d6de15c27a1d480c98cc2e37438bac28e4e3b61e3029268e6d3d15639cc2d47a5ab6e63a6fc1bc3c3545a846d15a35dcd2c8782675bbe3d8ced9cf139dde71b9bfd27268e58d6a0eda413f94c8917d8cfa90fb03cf4cfa6bbc8000ad6f3fed11c946d14966e6f", 0xf9, 0x0) r1 = timerfd_create(0x0, 0x80000) r2 = dup(r1) lsetxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U-', 0xfff}, 0x28, 0x1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:37 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) [ 793.700083] 9pnet: Could not find request transport: fs 08:43:38 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x9000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:38 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fS,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:38 executing program 5: mount$bpf(0x20000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="960c14358d448c37accfc21d8d5ca30841e0445e606184e103a02ea596740e246f51466be82cd1c6b1f5db83a38a777239937c3cbf0614384922840e81e250562dd4ccae4059b265acace736b665e558391d3cf72d6ddbdf0600000000000000a2abd627e87fa8c0f56e7fbdccfb2eda693a5954c18cfa488b06cbef5a5f5fa761f3fb59a58f2a7dd3e389f32a66aa6f9530db6db5b2d35d7119efeb42e254a62aeb11ef304176bdb2f6d275dbf1fb3dc32506b0c1c831f5d9c45513d75ab036fb5b924b4910cd2074aa283f3312f4afb5d9a6a831d2f6c928225855aa037cba86f3077e465ee3e27d530933e0aa9943a884e800"]) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) getsockopt$inet6_int(r0, 0x29, 0x9, &(0x7f00000002c0), &(0x7f0000000300)=0x4) r1 = timerfd_create(0x0, 0x80000) r2 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x2, 0x200000) ioctl$BLKSECDISCARD(r2, 0x127d, &(0x7f0000000240)=0xfffffffffffffff8) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x400001, 0x0) setxattr$security_selinux(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='security.selinux\x00', &(0x7f00000003c0)='system_u:object_r:ssh_keysign_exec_t:s0\x00', 0x28, 0x3) ioctl$TUNSETLINK(r3, 0x400454cd, 0x4) r4 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0x40085400, &(0x7f0000000000)={0x28000, 0x2, 0x0, 0x2, 0x0, 0x1}) 08:43:38 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000}) 08:43:38 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0xe00}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:38 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xffffffff, 0x80000) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000080)={0x422f, 0x0, 0xb1, 0x9, 0x153f, 0x36}) r2 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) open_by_handle_at(r1, &(0x7f0000000140)={0x7f, 0x1000, "2ef8aeaa5720c7d161296a68afbd4277656d7a25b8b40b95de26312cb7f1368e3bda44764f0b3fe402dbc45d13712801b350a326361689b6345debf9edbbf08ab04e41c69c994ddb89d99e32855bd68a76a5457fcd18992f4b536642388abe52ceb580b829a9275fb0e367ae0c5725f62310f2a8da3908"}, 0x341000) [ 794.409201] binder: 30424:30432 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 794.446844] 9pnet: Could not find request transport: fS 08:43:38 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 08:43:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:38 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fT,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 794.465966] binder: 30424:30432 got reply transaction with no transaction stack 08:43:38 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0x3f00}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:38 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006cf0cd645b42d14d6b06ee79aad2ec8184e935011a3374044da7d4738837589b0b1032bdce35c66c3fc85270fe794d5d8610ef8c5a6699d06e51da75e2e76b"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_create(0x0, 0x80800) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) sendto$inet6(r1, &(0x7f00000003c0)="62fe032a2f7450396dd291c7d45ad5de45cdb6583a2ed18b5bac1dbf2ec517c07b6aac76e2fa26ac50c4a770f9a6e5a9559b1056423a5fd033db6bed87c6c21d45733727f4576dc6a9f4847bde9afdb029c96f79280e4f31d7f51fcd23", 0x5d, 0x4000041, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x2014008, &(0x7f0000000600)={[{@mode={'mode'}}, {@mode={'mode', 0x3d, 0x1}}], [{@dont_appraise='dont_appraise'}, {@dont_appraise='dont_appraise'}, {@fsname={'fsname', 0x3d, '1+ppp0eth1vboxnet0-vboxnet1self]md5sum.\''}}, {@subj_user={'subj_user', 0x3d, 'bpf\x00'}}, {@obj_role={'obj_role', 0x3d, 'bpf\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x80}}]}) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f0000000080)={0x5, 0x78, [{0x8, 0x0, 0x159b}, {0x0, 0x0, 0x6}, {0x5, 0x0, 0x9}, {0x400, 0x0, 0x3f}, {0x401, 0x0, 0xffffffffffff8000}]}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x10) [ 794.553931] binder: 30442:30449 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 794.567968] binder: 30442:30449 got reply transaction with no transaction stack [ 794.581514] 9pnet: Could not find request transport: fT [ 794.610588] 9pnet: Could not find request transport: fT 08:43:39 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x600, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:39 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x80ffff}) 08:43:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:39 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fV,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:39 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0004aaf83a6444989f1fbbb25182eea1c809161e6771257958fd75da9a80f7cb28c05fbec6d2f392b7019d607da301c7c2e4cce9bb2f6229870cea112294392332d46da08e19b40e8803865811cb84664ac9803195ed274664fbdc4c2427c969cd25c122f135bb1a3ec1b370d59ea10a7077e73160e01dadc6f8952c0b3804a18343ea3576db74b527dc9572750f3e230c6d924db9133667aad1f170978f49629680db2057236cd006dc4856245b36158d03a272617f452260a9448e3a5e79163db2bc87f0494026cc6232c884c8fb750bb22f87f1e3260149ceba9b2a4e75dd3e3af64c874bdb5f039d53ce801d5fd6d6eec87f88934248c8e92a2c7a913ed29fd0b94d1a4ad2daaa721afcea602304cb23b8ca2547f1416afc5bbd39dc4a8c39dee8de441bf0b14cdae30d4cee23c07a137db6b56c9a15e1a8a2fae1a3075a0812ebc707b718d0b93f3d55918cdc4ee49a3afb59a323d9a41950b0270fccd385733777902115048f243230d3daf841d5ff95f93f5fa3d3b6352ec4fe489934b5"]) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000040)=""/27) getsockname$packet(r1, &(0x7f0000001c00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000001c40)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000001c80)={'team0\x00', r2}) 08:43:39 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0xe}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:39 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) [ 795.397421] binder: 30462:30470 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 795.408789] 9pnet: Could not find request transport: fV [ 795.414421] binder: 30462:30470 got reply transaction with no transaction stack 08:43:39 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='h']) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:39 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fb,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:39 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="f1"]) r0 = timerfd_create(0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x80000, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) r2 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:39 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0xe00000000000000}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 795.554798] binder: 30487:30488 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 795.563848] binder: 30487:30488 got reply transaction with no transaction stack [ 795.577407] 9pnet: Could not find request transport: fb 08:43:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0xfdfdffff]}) 08:43:40 executing program 5: mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000480)) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e23, @local}], 0x10) r2 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:43:40 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xffffff8c, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:40 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0x3f00000000000000}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:40 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fI,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 796.323041] binder: 30499:30501 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 796.356466] binder: 30499:30501 got reply transaction with no transaction stack 08:43:40 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0xe00000000000000}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0xffff8000]}) [ 796.376488] 9pnet: Could not find request transport: fI [ 796.381826] binder_transaction: 11 callbacks suppressed [ 796.381843] binder: 30499:30501 transaction failed 29201/-71, size 0-0 line 2741 08:43:40 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fw,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 796.422401] binder_release_work: 11 callbacks suppressed [ 796.422409] binder: undelivered TRANSACTION_ERROR: 29201 08:43:40 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x2, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:40 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my, 0xe000000}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0xfffffdfd]}) [ 796.493291] 9pnet: Could not find request transport: fw 08:43:40 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'r.dno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:40 executing program 5 (fault-call:1 fault-nth:0): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffff00000000]}) [ 796.580210] binder: 30529:30535 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 796.600427] binder: 30529:30535 got reply transaction with no transaction stack [ 796.621734] 9pnet: Insufficient options for proto=fd [ 796.628232] binder: 30529:30535 transaction failed 29201/-71, size 0-0 line 2741 [ 796.639095] FAULT_INJECTION: forcing a failure. [ 796.639095] name failslab, interval 1, probability 0, space 0, times 0 [ 796.662142] CPU: 1 PID: 30541 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 796.670655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.679668] binder: undelivered TRANSACTION_ERROR: 29201 [ 796.680022] Call Trace: [ 796.688070] dump_stack+0x244/0x39d [ 796.691723] ? dump_stack_print_info.cold.1+0x20/0x20 [ 796.696946] should_fail.cold.4+0xa/0x17 [ 796.701027] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 796.706148] ? perf_trace_lock_acquire+0x15b/0x800 [ 796.711103] ? perf_trace_lock+0x7a0/0x7a0 [ 796.715351] ? __lock_acquire+0x62f/0x4c20 [ 796.719616] ? find_held_lock+0x36/0x1c0 [ 796.723722] ? perf_trace_sched_process_exec+0x860/0x860 [ 796.729197] ? copy_process+0x949/0x8770 [ 796.733276] ? _raw_spin_unlock_irq+0x27/0x80 [ 796.737791] __should_failslab+0x124/0x180 [ 796.742050] should_failslab+0x9/0x14 [ 796.745867] kmem_cache_alloc_node+0x26e/0x730 [ 796.750472] ? debug_smp_processor_id+0x1c/0x20 [ 796.755174] copy_process+0x1ff3/0x8770 [ 796.759177] ? check_preemption_disabled+0x48/0x280 [ 796.764231] ? mark_held_locks+0x130/0x130 [ 796.768479] ? perf_trace_lock+0x7a0/0x7a0 [ 796.772745] ? __cleanup_sighand+0x70/0x70 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0xfdfdffff00000000]}) 08:43:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:40 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'r/dno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffff]}) [ 796.774885] binder: 30551:30553 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 796.776997] ? check_preemption_disabled+0x48/0x280 [ 796.777019] ? debug_smp_processor_id+0x1c/0x20 [ 796.777036] ? perf_trace_lock_acquire+0x15b/0x800 [ 796.777056] ? lock_unpin_lock+0x4a0/0x4a0 [ 796.777075] ? print_usage_bug+0xc0/0xc0 [ 796.777098] ? ima_match_policy+0x848/0x1560 [ 796.777114] ? print_usage_bug+0xc0/0xc0 [ 796.777128] ? check_preemption_disabled+0x48/0x280 [ 796.777147] ? print_usage_bug+0xc0/0xc0 [ 796.777176] ? print_usage_bug+0xc0/0xc0 [ 796.812699] binder: 30551:30553 got reply transaction with no transaction stack [ 796.816545] ? kasan_check_read+0x11/0x20 [ 796.816568] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 796.816592] ? __lock_acquire+0x62f/0x4c20 [ 796.816609] ? find_held_lock+0x36/0x1c0 [ 796.816642] ? mark_held_locks+0x130/0x130 [ 796.816672] ? mark_held_locks+0x130/0x130 [ 796.832285] binder: 30551:30553 transaction failed 29201/-71, size 0-0 line 2741 [ 796.837758] ? print_usage_bug+0xc0/0xc0 [ 796.837777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:43:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xffff8000]}) 08:43:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 796.837795] ? check_preemption_disabled+0x48/0x280 [ 796.837817] ? debug_smp_processor_id+0x1c/0x20 [ 796.837835] ? print_usage_bug+0xc0/0xc0 [ 796.837849] ? check_preemption_disabled+0x48/0x280 [ 796.837865] ? print_usage_bug+0xc0/0xc0 [ 796.837886] ? print_usage_bug+0xc0/0xc0 [ 796.837907] ? __lock_acquire+0x62f/0x4c20 [ 796.837922] ? perf_trace_lock_acquire+0x15b/0x800 [ 796.837938] ? zap_class+0x640/0x640 [ 796.837970] ? print_usage_bug+0xc0/0xc0 [ 796.837989] ? __lock_acquire+0x62f/0x4c20 [ 796.838019] ? mark_held_locks+0x130/0x130 [ 796.838042] ? __lock_acquire+0x62f/0x4c20 [ 796.838058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.838073] ? check_preemption_disabled+0x48/0x280 [ 796.838090] ? dput.part.25+0x241/0x860 [ 796.838106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.838121] ? check_preemption_disabled+0x48/0x280 [ 796.838141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.855089] binder: undelivered TRANSACTION_ERROR: 29201 [ 796.855846] ? mark_held_locks+0x130/0x130 [ 796.974243] 9pnet: Insufficient options for proto=fd [ 796.978102] ? perf_trace_lock_acquire+0x15b/0x800 [ 796.978136] ? zap_class+0x640/0x640 [ 796.978155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.978181] ? check_preemption_disabled+0x48/0x280 [ 796.978202] ? debug_smp_processor_id+0x1c/0x20 [ 796.978219] ? perf_trace_lock_acquire+0x15b/0x800 [ 796.978246] ? perf_trace_lock+0x7a0/0x7a0 [ 796.978260] ? find_held_lock+0x36/0x1c0 [ 796.978281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.998487] binder: 30560:30564 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 797.002568] ? _parse_integer+0x134/0x180 [ 797.002589] ? zap_class+0x640/0x640 [ 797.002608] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 797.002624] ? _kstrtoull+0x188/0x250 [ 797.002645] ? _parse_integer+0x180/0x180 [ 797.007570] binder: 30560:30564 got reply transaction with no transaction stack [ 797.012236] ? zap_class+0x640/0x640 [ 797.012255] ? lock_release+0xa10/0xa10 [ 797.012278] ? find_held_lock+0x36/0x1c0 [ 797.012297] ? zap_class+0x640/0x640 [ 797.012318] ? get_pid_task+0xd6/0x1a0 [ 797.018606] binder: 30560:30564 transaction failed 29201/-71, size 0-0 line 2741 [ 797.020595] ? lock_downgrade+0x900/0x900 [ 797.020612] ? check_preemption_disabled+0x48/0x280 [ 797.020638] ? find_held_lock+0x36/0x1c0 [ 797.020665] ? __f_unlock_pos+0x19/0x20 [ 797.029168] binder: undelivered TRANSACTION_ERROR: 29201 [ 797.034244] ? lock_downgrade+0x900/0x900 [ 797.034266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 797.034283] ? proc_fail_nth_write+0x9e/0x210 [ 797.034300] ? proc_cwd_link+0x1d0/0x1d0 [ 797.034325] ? find_held_lock+0x36/0x1c0 [ 797.034348] _do_fork+0x1cb/0x11c0 [ 797.138258] ? fork_idle+0x1d0/0x1d0 [ 797.141964] ? __lock_is_held+0xb5/0x140 [ 797.146036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.151576] ? check_preemption_disabled+0x48/0x280 [ 797.156584] ? __sb_end_write+0xd9/0x110 [ 797.160637] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 797.166170] ? fput+0x130/0x1a0 [ 797.169442] ? do_syscall_64+0x9a/0x820 [ 797.173426] ? do_syscall_64+0x9a/0x820 [ 797.177410] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 797.181985] ? trace_hardirqs_on+0xbd/0x310 [ 797.186293] ? __ia32_sys_read+0xb0/0xb0 [ 797.190349] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.195726] ? trace_hardirqs_off_caller+0x300/0x300 [ 797.200822] __x64_sys_clone+0xbf/0x150 [ 797.204786] do_syscall_64+0x1b9/0x820 [ 797.208671] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 797.214026] ? syscall_return_slowpath+0x5e0/0x5e0 [ 797.218941] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 797.223775] ? trace_hardirqs_on_caller+0x310/0x310 [ 797.228780] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 797.233783] ? prepare_exit_to_usermode+0x291/0x3b0 [ 797.238792] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 797.243644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.248837] RIP: 0033:0x457569 [ 797.252017] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 797.270912] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 797.278621] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 797.285884] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 797.293140] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 797.300407] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 797.307749] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 797.422941] binder: 30568:30569 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 797.431339] binder: 30568:30569 got reply transaction with no transaction stack [ 797.439022] binder: 30568:30569 transaction failed 29201/-71, size 0-0 line 2741 [ 797.447806] binder: undelivered TRANSACTION_ERROR: 29201 [ 797.448893] binder: 30568:30569 transaction failed 29201/-71, size 0-0 line 2741 [ 797.461192] binder: undelivered TRANSACTION_ERROR: 29201 08:43:43 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfuno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:43 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffdfd]}) 08:43:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:43 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x20000090) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:43 executing program 5 (fault-call:1 fault-nth:1): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:43 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0xedc000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:43 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x80ffff00000000]}) [ 799.606082] FAULT_INJECTION: forcing a failure. [ 799.606082] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 799.619838] binder_thread_write: 1 callbacks suppressed [ 799.619848] binder: 30575:30581 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 799.642086] 9pnet: Insufficient options for proto=fd [ 799.645349] CPU: 0 PID: 30576 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 799.655678] binder_transaction: 1 callbacks suppressed [ 799.655688] binder: 30575:30581 got reply transaction with no transaction stack [ 799.655715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.667987] binder: 30575:30581 transaction failed 29201/-71, size 0-0 line 2741 [ 799.668430] Call Trace: [ 799.687898] dump_stack+0x244/0x39d [ 799.690953] binder: 30575:30581 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 799.691540] ? dump_stack_print_info.cold.1+0x20/0x20 [ 799.704967] ? debug_smp_processor_id+0x1c/0x20 [ 799.709653] ? perf_trace_lock_acquire+0x15b/0x800 [ 799.714617] should_fail.cold.4+0xa/0x17 [ 799.715363] binder: undelivered TRANSACTION_ERROR: 29201 [ 799.718698] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 799.718718] ? zap_class+0x640/0x640 [ 799.718742] ? kernel_text_address+0x79/0xf0 [ 799.718768] ? find_held_lock+0x36/0x1c0 [ 799.724634] binder: 30575:30581 got reply transaction with no transaction stack [ 799.729339] ? lock_release+0xa10/0xa10 [ 799.729358] ? perf_trace_sched_process_exec+0x860/0x860 [ 799.729375] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.729411] ? __might_sleep+0x95/0x190 [ 799.733244] binder: 30575:30581 transaction failed 29201/-71, size 0-0 line 2741 [ 799.737523] __alloc_pages_nodemask+0x34b/0xdd0 [ 799.737545] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 799.737567] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 799.737585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.737603] ? check_preemption_disabled+0x48/0x280 [ 799.741817] binder: undelivered TRANSACTION_ERROR: 29201 08:43:43 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x2000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 799.749105] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 799.749125] ? rcu_pm_notify+0xc0/0xc0 [ 799.749153] ? copy_process+0x1ff3/0x8770 [ 799.749169] ? rcu_read_lock_sched_held+0x14f/0x180 [ 799.749188] ? kmem_cache_alloc_node+0x349/0x730 [ 799.749206] ? debug_smp_processor_id+0x1c/0x20 [ 799.795905] copy_process+0xa09/0x8770 [ 799.795923] ? check_preemption_disabled+0x48/0x280 [ 799.795954] ? mark_held_locks+0x130/0x130 [ 799.806415] ? perf_trace_lock+0x7a0/0x7a0 [ 799.806446] ? __cleanup_sighand+0x70/0x70 [ 799.806463] ? check_preemption_disabled+0x48/0x280 [ 799.806484] ? debug_smp_processor_id+0x1c/0x20 [ 799.806501] ? perf_trace_lock_acquire+0x15b/0x800 [ 799.806521] ? lock_unpin_lock+0x4a0/0x4a0 [ 799.806540] ? print_usage_bug+0xc0/0xc0 [ 799.879196] ? ima_match_policy+0x848/0x1560 [ 799.883611] ? print_usage_bug+0xc0/0xc0 [ 799.887680] ? check_preemption_disabled+0x48/0x280 [ 799.892690] ? print_usage_bug+0xc0/0xc0 [ 799.896740] ? print_usage_bug+0xc0/0xc0 [ 799.900801] ? kasan_check_read+0x11/0x20 [ 799.904955] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 799.910223] ? __lock_acquire+0x62f/0x4c20 [ 799.914456] ? find_held_lock+0x36/0x1c0 [ 799.918538] ? mark_held_locks+0x130/0x130 [ 799.922804] ? mark_held_locks+0x130/0x130 [ 799.927035] ? print_usage_bug+0xc0/0xc0 [ 799.931086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.936611] ? check_preemption_disabled+0x48/0x280 [ 799.941622] ? debug_smp_processor_id+0x1c/0x20 [ 799.946287] ? print_usage_bug+0xc0/0xc0 [ 799.950348] ? check_preemption_disabled+0x48/0x280 [ 799.955363] ? print_usage_bug+0xc0/0xc0 [ 799.959440] ? print_usage_bug+0xc0/0xc0 [ 799.963491] ? __lock_acquire+0x62f/0x4c20 [ 799.967725] ? perf_trace_lock_acquire+0x15b/0x800 [ 799.972657] ? zap_class+0x640/0x640 [ 799.976376] ? print_usage_bug+0xc0/0xc0 [ 799.980437] ? __lock_acquire+0x62f/0x4c20 [ 799.984694] ? mark_held_locks+0x130/0x130 [ 799.988938] ? __lock_acquire+0x62f/0x4c20 [ 799.993177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.998702] ? check_preemption_disabled+0x48/0x280 [ 800.003721] ? dput.part.25+0x241/0x860 [ 800.007714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.013240] ? check_preemption_disabled+0x48/0x280 [ 800.018247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.023778] ? mark_held_locks+0x130/0x130 [ 800.027999] ? perf_trace_lock_acquire+0x15b/0x800 [ 800.032941] ? zap_class+0x640/0x640 [ 800.036684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.042238] ? check_preemption_disabled+0x48/0x280 [ 800.047262] ? debug_smp_processor_id+0x1c/0x20 [ 800.051922] ? perf_trace_lock_acquire+0x15b/0x800 [ 800.056867] ? perf_trace_lock+0x7a0/0x7a0 [ 800.061116] ? find_held_lock+0x36/0x1c0 [ 800.065180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.070708] ? _parse_integer+0x134/0x180 [ 800.074844] ? zap_class+0x640/0x640 [ 800.078550] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.084091] ? _kstrtoull+0x188/0x250 [ 800.087897] ? _parse_integer+0x180/0x180 [ 800.092045] ? zap_class+0x640/0x640 [ 800.095756] ? lock_release+0xa10/0xa10 [ 800.099756] ? find_held_lock+0x36/0x1c0 [ 800.103824] ? zap_class+0x640/0x640 [ 800.107529] ? get_pid_task+0xd6/0x1a0 [ 800.111425] ? lock_downgrade+0x900/0x900 [ 800.115586] ? check_preemption_disabled+0x48/0x280 [ 800.120604] ? find_held_lock+0x36/0x1c0 [ 800.124657] ? __f_unlock_pos+0x19/0x20 [ 800.128630] ? lock_downgrade+0x900/0x900 [ 800.132768] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.138301] ? proc_fail_nth_write+0x9e/0x210 [ 800.142808] ? proc_cwd_link+0x1d0/0x1d0 [ 800.146864] ? find_held_lock+0x36/0x1c0 [ 800.150925] _do_fork+0x1cb/0x11c0 [ 800.154458] ? fork_idle+0x1d0/0x1d0 [ 800.158177] ? __lock_is_held+0xb5/0x140 [ 800.162245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.167774] ? check_preemption_disabled+0x48/0x280 [ 800.172799] ? __sb_end_write+0xd9/0x110 [ 800.176865] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.182401] ? fput+0x130/0x1a0 [ 800.185679] ? do_syscall_64+0x9a/0x820 [ 800.189655] ? do_syscall_64+0x9a/0x820 [ 800.193641] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 800.198220] ? trace_hardirqs_on+0xbd/0x310 [ 800.202531] ? __ia32_sys_read+0xb0/0xb0 [ 800.206594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.211977] ? trace_hardirqs_off_caller+0x300/0x300 [ 800.217087] __x64_sys_clone+0xbf/0x150 [ 800.221066] do_syscall_64+0x1b9/0x820 [ 800.224947] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 800.230323] ? syscall_return_slowpath+0x5e0/0x5e0 [ 800.235248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 800.240079] ? trace_hardirqs_on_caller+0x310/0x310 [ 800.245090] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 800.250130] ? prepare_exit_to_usermode+0x291/0x3b0 [ 800.255148] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 800.260000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.265193] RIP: 0033:0x457569 [ 800.268380] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 800.287293] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 800.294995] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 800.302266] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 08:43:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:44 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfTno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 800.309525] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 800.316783] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 800.324039] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:44 executing program 5 (fault-call:1 fault-nth:2): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:44 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfdfdffff00000000]}) [ 800.368098] binder: 30590:30593 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 800.379912] binder: 30590:30593 got reply transaction with no transaction stack [ 800.394249] 9pnet: Insufficient options for proto=fd [ 800.403917] binder: 30590:30593 transaction failed 29201/-71, size 0-0 line 2741 08:43:44 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfVno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 800.419181] binder: undelivered TRANSACTION_ERROR: 29201 [ 800.419668] binder: 30590:30593 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 800.448618] binder: 30590:30593 got reply transaction with no transaction stack [ 800.455777] FAULT_INJECTION: forcing a failure. [ 800.455777] name failslab, interval 1, probability 0, space 0, times 0 [ 800.469210] CPU: 1 PID: 30599 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 800.477725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.482531] binder: 30590:30593 transaction failed 29201/-71, size 0-0 line 2741 [ 800.487078] Call Trace: [ 800.487110] dump_stack+0x244/0x39d [ 800.487138] ? dump_stack_print_info.cold.1+0x20/0x20 [ 800.487182] should_fail.cold.4+0xa/0x17 [ 800.487207] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 800.498131] binder: undelivered TRANSACTION_ERROR: 29201 [ 800.500937] ? percpu_ref_put_many+0x11c/0x260 [ 800.500958] ? lock_downgrade+0x900/0x900 [ 800.500978] ? check_preemption_disabled+0x48/0x280 [ 800.534477] ? kasan_check_read+0x11/0x20 [ 800.538658] ? find_held_lock+0x36/0x1c0 [ 800.542763] ? perf_trace_sched_process_exec+0x860/0x860 [ 800.543622] 9pnet: Insufficient options for proto=fd [ 800.548232] ? creds_are_invalid+0x140/0x140 [ 800.548250] ? rcu_pm_notify+0xc0/0xc0 [ 800.548273] __should_failslab+0x124/0x180 [ 800.548296] should_failslab+0x9/0x14 [ 800.548317] kmem_cache_alloc+0x2be/0x730 [ 800.573934] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.579488] ? fpu__copy+0x340/0x850 [ 800.583217] ? fpu__restore+0xa30/0xa30 [ 800.587203] prepare_creds+0xab/0x4d0 [ 800.591013] ? abort_creds+0x2a0/0x2a0 [ 800.594906] ? trace_hardirqs_on+0xbd/0x310 [ 800.599235] ? copy_process+0xd01/0x8770 [ 800.603307] ? trace_hardirqs_off_caller+0x300/0x300 [ 800.609895] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.615439] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 800.620987] ? check_preemption_disabled+0x48/0x280 [ 800.626016] copy_creds+0x79/0x560 [ 800.629567] ? lockdep_init_map+0x9/0x10 [ 800.633640] copy_process+0x1266/0x8770 [ 800.637622] ? check_preemption_disabled+0x48/0x280 [ 800.642660] ? mark_held_locks+0x130/0x130 [ 800.646902] ? perf_trace_lock+0x7a0/0x7a0 [ 800.651155] ? __cleanup_sighand+0x70/0x70 [ 800.655425] ? check_preemption_disabled+0x48/0x280 [ 800.660457] ? debug_smp_processor_id+0x1c/0x20 [ 800.665136] ? perf_trace_lock_acquire+0x15b/0x800 [ 800.670085] ? print_usage_bug+0xc0/0xc0 [ 800.674172] ? ima_match_policy+0x848/0x1560 [ 800.678591] ? check_preemption_disabled+0x48/0x280 [ 800.683613] ? print_usage_bug+0xc0/0xc0 [ 800.687678] ? print_usage_bug+0xc0/0xc0 [ 800.691746] ? kasan_check_read+0x11/0x20 [ 800.695904] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 800.701196] ? __lock_acquire+0x62f/0x4c20 [ 800.705441] ? find_held_lock+0x36/0x1c0 [ 800.709524] ? mark_held_locks+0x130/0x130 [ 800.713783] ? mark_held_locks+0x130/0x130 [ 800.718024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.723566] ? check_preemption_disabled+0x48/0x280 [ 800.728594] ? debug_smp_processor_id+0x1c/0x20 [ 800.733269] ? print_usage_bug+0xc0/0xc0 [ 800.737339] ? check_preemption_disabled+0x48/0x280 [ 800.742363] ? print_usage_bug+0xc0/0xc0 [ 800.746443] ? print_usage_bug+0xc0/0xc0 [ 800.750515] ? __lock_acquire+0x62f/0x4c20 [ 800.754756] ? perf_trace_lock_acquire+0x15b/0x800 [ 800.759691] ? zap_class+0x640/0x640 [ 800.763433] ? print_usage_bug+0xc0/0xc0 [ 800.767510] ? __lock_acquire+0x62f/0x4c20 [ 800.771763] ? mark_held_locks+0x130/0x130 [ 800.776012] ? __lock_acquire+0x62f/0x4c20 [ 800.780253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.785795] ? check_preemption_disabled+0x48/0x280 [ 800.790816] ? dput.part.25+0x241/0x860 [ 800.794798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.800339] ? check_preemption_disabled+0x48/0x280 [ 800.805361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.810923] ? mark_held_locks+0x130/0x130 [ 800.815178] ? perf_trace_lock_acquire+0x15b/0x800 [ 800.820128] ? zap_class+0x640/0x640 [ 800.823858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.829882] ? check_preemption_disabled+0x48/0x280 [ 800.834907] ? debug_smp_processor_id+0x1c/0x20 [ 800.839585] ? perf_trace_lock_acquire+0x15b/0x800 [ 800.844529] ? perf_trace_lock+0x7a0/0x7a0 [ 800.848768] ? find_held_lock+0x36/0x1c0 [ 800.852835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.858377] ? _parse_integer+0x134/0x180 [ 800.862539] ? zap_class+0x640/0x640 [ 800.866260] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.871806] ? _kstrtoull+0x188/0x250 [ 800.875615] ? _parse_integer+0x180/0x180 [ 800.879769] ? zap_class+0x640/0x640 [ 800.883489] ? lock_release+0xa10/0xa10 [ 800.887475] ? find_held_lock+0x36/0x1c0 [ 800.891543] ? zap_class+0x640/0x640 [ 800.895270] ? get_pid_task+0xd6/0x1a0 [ 800.899174] ? lock_downgrade+0x900/0x900 [ 800.903327] ? check_preemption_disabled+0x48/0x280 [ 800.908360] ? find_held_lock+0x36/0x1c0 [ 800.912447] ? __f_unlock_pos+0x19/0x20 [ 800.916442] ? lock_downgrade+0x900/0x900 [ 800.920599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.926141] ? proc_fail_nth_write+0x9e/0x210 [ 800.930645] ? proc_cwd_link+0x1d0/0x1d0 [ 800.934724] ? find_held_lock+0x36/0x1c0 [ 800.938803] _do_fork+0x1cb/0x11c0 [ 800.942354] ? fork_idle+0x1d0/0x1d0 [ 800.946082] ? __lock_is_held+0xb5/0x140 [ 800.950166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.955709] ? check_preemption_disabled+0x48/0x280 [ 800.960740] ? __sb_end_write+0xd9/0x110 [ 800.964816] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 800.970359] ? fput+0x130/0x1a0 [ 800.973654] ? do_syscall_64+0x9a/0x820 [ 800.977633] ? do_syscall_64+0x9a/0x820 [ 800.981612] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 800.986205] ? trace_hardirqs_on+0xbd/0x310 [ 800.990531] ? __ia32_sys_read+0xb0/0xb0 [ 800.994602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.999989] ? trace_hardirqs_off_caller+0x300/0x300 [ 801.005104] __x64_sys_clone+0xbf/0x150 [ 801.009109] do_syscall_64+0x1b9/0x820 [ 801.013001] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 801.018371] ? syscall_return_slowpath+0x5e0/0x5e0 [ 801.023311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 801.028168] ? trace_hardirqs_on_caller+0x310/0x310 [ 801.033199] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 801.038221] ? prepare_exit_to_usermode+0x291/0x3b0 [ 801.043247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 801.048104] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.053297] RIP: 0033:0x457569 [ 801.056498] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 801.075408] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 801.083120] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 801.090401] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 801.097676] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 801.104945] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 801.112229] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x80ffff]}) 08:43:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:46 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfbno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:46 executing program 5 (fault-call:1 fault-nth:3): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:46 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mixer\x00', 0x0, 0x0) sendmsg$nfc_llcp(r1, &(0x7f00000018c0)={&(0x7f0000000280)={0x27, 0x1, 0x2, 0x7, 0x7ff, 0x8000, "cd1c4c7b7bd1673b24de3fac69915ffb9a39617c93cc457c5d8667966beb1f0087d19953accc28f1c6088dc3e465827cbad1877b223d4bc64f842b6fd22d52", 0x34}, 0x60, &(0x7f0000001800)=[{&(0x7f0000000340)="24f6c7ea02efa879a6347d201798fcfa9e986d32452b44f856c87de501f05eb69e0a984b7eac90974e778685664e7afa01c90ba14763c937848ded104813f5b30f417276bb6b823877ac13bb51b707723d1f314589f87426df83c9831ee847a89ea58d85c96836201c247c7043156551089d52b194b91185a153e80e87e88100f06b13158737859269866fd7ccf93bbb2beca3dde914c24fa0ccca8935816b956b9ff61092e93676f9e4aeadb1473f12e6ed9e4d47a22964d91811", 0xbb}, {&(0x7f0000000400)="44e5abf48f6c7a690dcc86e8e9a169b47300e305b8501a70bdf04b94b475b529a10e6542028b5e2ffed87306c4ed47491fcf5f20b10ad2601af0d7450bd8de815e1855a3dcf9c00a06d0c173c7abc6e331d98635a9cf76e56d0a5d26d1bd6665a7612ea7d4d76f7b2b0d558bbeebde17534382c8ada6d66cdabff02f486df3ae12108339476704c577d15f066dd3f4342eb468b5d73eb0d2bbcd90e47b836ea240c58702e8d09139c79b3e7ea1e7993e43f8dbf5de5adb851d8ac869fe9e907ef6b130b6977449e776", 0xc9}, {&(0x7f0000000500)="d15c20bda4c9eec0e6affb4504c09c5fdb9585d9f0e05c6afed9a38cac8f37c4509f4c6227729451680f159c2940a339593bbbd8b137bc72053a688d8f8622237e6d96151129dd49502ac065d5b2a5a707aef1551fe0f01f05fa2dd32ab5a5681fa6bf1942dc9d84b65097e36dc4a6cc5c941049f479496dc48df7e3bf90dfd65d5dab26878f4fa70753158d27524c3d452fe7ebc27085f0c708cb111fce87f1f31639c3ec0ff89a93f4d8f74cc4610158e6dca520e106662e3023913e613a136d933343323d8055669a25d14b0322f744b63e6af053aa30a0d92e584c", 0xdd}, {&(0x7f0000000600)="04931b6b9dde5ef4342dfcd5321d", 0xe}, {&(0x7f0000000640)="a3d7f7f4e10374415c066c1d6c024fef65ed0b79f87b3b57ded8121efb5ed4ee19701671b30b6136a11a7d7d7c6db01a2c4c8c4b2d008eb087d118b28b1201476e87940bc51722d732774cbc45651faa9d51202ab9d50f239af4791231d90b31065518150295f05fd76245f83f38157fd3a72d104bcd93fdee0ef023cb826ff254282aaead7b93944939cd5966a954790ddc4f5bda66e7bb0c30214798a8f0d65526ef0b3384df1481bc2359ad3a35deaee35aeba5753e41e17988016b633c67a940dad25152fb26f124d6cfbfcb25ee9f30fc747f02b77000903e8215a646eb4b15925c87e15c4f26a42ba20d77eaa30b9a70447788530016bf9b63aa88d3cb6bf8c3cdcb8532cca3a927e387a922a641ba2b3b76a9b11b17c9e12b0e9c4abce313ff1cfc32c3a25ba44fe37d02cca8e34d9ecbda68e29fe674d64a0d60e83389cf8d52d330e95e42c198b4f109b4e8e1adcb8ce7bbf67db3b795d784af64be3b1c48d25a6f6c836c816b4af90faa6752c4fae204c27ba05a1c6606949f13aa05ac980d6cb6cb6ca17bba7f5a8fd30f3eb64f9d43ffe4a3aae5620efda0039034e68e87184d6c222399bfa76abb275d6d6b3719e87cd409d5e792d5ff5542e3d004033bdbc57b386eb5a43ea7d382e226c282b76fd5084bbdd5919a768b27baffe82575beedc64568e350cf61ec03a397729d21ab2fe9af64b4cc7eee4abd198af65ce0ca67505ccb28de6aea9b7cea052ee4d2c5661826a49bf5ec4489010983e7da0c41dcd8e13ea90742662109deef26463d9c52995dc72df05206754783e74e3ef1760a09bcce3fc0384d1b657b4ff56d6bb0c764165a18f4b618ac6d57c0d9a1ac905bfc52841fd401d9d49fc9ab4695404e95c74b5c7e9f66a8cefdc3d76935adee65f81cbbd799e37345ba40f791f8c60efa66533eb92d46925bd74297d3c215b466d6161bf7a1a8741d4aa0e15511475d287006179dacf08075ed2db3868039afd9dbab6c1bdfd20d14d5158bfd144e086fc369475ed86fc117c5d60a51713033036a52848b2ff744cb0535974f4400dca6a8d3758a2be87752c259ca877dd0a58a446a6c870e7ab924296cfde5e2025608a931d6542949ce2703252ae0013624c08c0a4a7a6ab5b76a78a13a7f5b5a0ef94dd8717d2b1de9ad0d55f38282ce1ff8a1c002f3d0fdcaf018521d5792b57aca0b1f7b6aa36ac121e7d07412c239f1e39308c081fb7c5f3a53ae12ec1417564177141c654be29e249082ddab629273113722efab621d697476e11176341016d105df919122a7435c79431084e3cbf6f759a915d76d1f4f4644b9ef625fa9d0aae489cdb0cf2658d8db86bc29286bb7c9acdd8782e7a6ff2bdd3ff1ad6985fb2a7a36c8d221747121bfdac2230b8104d3dc65e402de33ff9426048d5aeeb53017a61537e79a2c97485b391c25d75d4d48c8cc6c343195a49faf30c502a0664c7a941951ff5c0dcffb07f9700020bdc8d14118e77a93d11d500929e8ad97700c2d0c49dfdb15e141df2478895ff51947d53eb5bcc24c8d09ed51a4c790a32efd08a80674ce71be48870aa24879385d1dca26d64859d58d063e0becff59e4889f090a38a3b66d3f056044d795edf856f42e22b6bd24a8b104a80280a924e9ffe40c6eff50dffe6892b0f75e2f5067aa1a1f8dd31f51ca70c3a8d8c8397df094935b0eb3c1098d86cbbc9e0592900ff005ccfd68a9a2b2a9fbf8a287cc526a76007e15085c27e99074fdefb4a9275b57ebf447350e62b695b92b61b66cbbe9197c6b271b1e1248708fd7d7bed74f6fa31c062dc10dd9900e4ae2e93d8f2d6c3485be4fe0691925b20b91cc63b6463c4f3f2825003431d16a22a51192f6844f292d8b3b8876c0ea54e8e227147b59decb73777f90d50ed35aac4615bbc7ce5fd1bff0a8b33fe8aac4dfcc471b2b456149b94273158d82482ae271f307882a7c8e66c6fcfc2a72a3a3b4096336cc008f09482b1455b20e6b25a97e027f56f147064f41079433e841915e11fdf5022bf208f886cd71f320ddc859aa0214b5c205e174253f083ec2bc8b91ab784ddbfbb6e1772664ce35bc85ecc01f6bb0f1a6a866317ce019cef48550cd8b7a80322fe4de8838a005b3be455204ebdf012bdd377228f0d4d8c7310af9f1336f713b4f86e010d5153cf28c3298b6d490c62037f9404e0090fb71dc00e9e72668a566b89924fe319bd66251bf25dde8d1be111fcb387aba5feed356a5428be17fd3b6020554fd0af0208a54f3eae90fe7b46e6a0e0ee21a8cb6786f3b6aa2088031e19f2bad1a88bc15e8717d4f638ffc0c1eccabaec34e5cc414ea901826ea6a6308a8e8445fa7dee377bd43c0f4be334be464709c365575f331c8f0ac04cef68bde4c0a8fdc8ef7c35680764b7fafb6c486a65af011a08c413f64de254f644d4b8eed2023ac9bfc87621350c3c99c9877a6bf8355eb825f0884a3fc8a4d05f6019deafd9c9454329e3e76a689f8cf0c23a41b2ec9ebf737f1e5b126d703fc4a0f5192885291b5c4f32a91a1cda2cafba8ef2ce4193b1e88d6457f12fe5555da22563028fe0c4b69399e2485fbe189ad34f8d12e9aa21339f7fe4ce13422cc9d7ae66c77b62cc1ef6d5089eb5f6eed97eb8ea01b81c024250f33d3c583c1c0cdbf04de0e2b1510db9a90087e854c8b45105f4ed3b16b6968262e0e2489e130f2b3525a1cead7e94e91f6e655b2bd377d61e857d116cf9b3055a361122ba31bd2afa5c32fe413b6e54a0204229cf3198abe5a3e1eca7f844237ab01445517c6cbe109e8f0133284b51ac4888fc196436bd5760a7c86eaa89726f905b705cd2dd3647736c9cc8100d71216efc8a5094f844df3e5f14cde9ce966877f08059bf6c50f4f9724264fb8682a11c27a7f820611ffd15774fd78d1be03b5e71d32791b17d6a4a50d5b409fedbd93ca6cd31dc006ccc9fe96597bed65372d237552875b0ae064dcafb7d24319edb6439fe62001cec8581edea0a70199b79f5b83dd92dd5fd33b15802c57d560179c656b7c575186eef7fd1e5c2ba50c4d7690f165acb431abc8f872d1e30740cb77ee330171b2ef03d31d9296a536d722e79b28e1933d0b3463eeabce20c0bbbbaa974bfb3b8bd0411ab4d112fea06d5eba3e6ec5a4734b6b5d86eb38523c992aa92951a7e414d2e9aeb596b4618f49ca0555a0b6ac01a7747e5e4fdb2ec88b0ee43dc5abc30179b8c9e8d2ff21f6f408da069ccc74ffdb6399fd74cddbd6603fe6fdcb87b551bb4cb6a98735c7dcfaa88ff0e7cae3d0519fedf27a20987458201605aae6cf1193bd9627fbf9de9fa771608f55b9d914c2a3b6c69b2baead8ba3add4ad6e22937faefc93a69aaf0a34fe9fdc1aa3e26a111f5ae07070556cf4c448402926a78e864eff1f2fbc4adfaba696af63c0d13274dd1e20fc2ba894deaa71fc8bd3ef59e9297df79314e51dff3e17592356ce0e2dd5704ad4bf5894a428acd3fb97ce2b299ad47f706bf345d0ee8e6f1a0cbc094ad41f28dfe722da3afd6638c3bb50e983aab9303757a2bb62c839cdb232d8d7c72544caa06e9db0203fb05a075eed29638fcb50751f775f1e2f70f66968c796b01e7bf9cde6b60741f60dfda390e5febd35a2b8c8f3511d0e0c412a52e24e8033c434a6bdbaba7df6be301fb27e0d4fa6c7aa697964c8309b5226ce0a7814a3760bf45ff47cf9b5b1be6128355f095e62b589a7137ac797141223b5d94964e7a3cf4520b9f552173545c01a5c9da9f46ae276cfdee941146fa9ab6672a241bf642af40d7b705c379d3e7102838081d7fe3edcb47a77180dcb0ccee74f122ff93a4e062cae6557fe0ab581b74043589dd685f34fea7cc0f24b438330b08d752dff64b055abc740545c6c53f9eb725e43f742d23e840b8c2e27b08d589d706f82954ba32b021b5ee286dab66ccf24e5c7db9a42d76145a475d307dbd93b9b9bf95dc77d771f95df321ac8c7bbf2a4f497d7cad34d0ccb862365fc347cc24803306a1bbc8ef01a30eb48b73593d237f6216ae179cb5a1e490447fc14d1d55e80b5c42426f945a72d543f808fec7acd798d5b3ff3c75f1672edbe8cc5fef5a95ee4c1fcb3fd74ef5028d7fa10ee3d8e9a1f345978cd5681d14cc0c535a8e4406efa9357d5f0ef775d9a3586ae564c42b3d47dfb52ef06591003a9fecec7bc5c95437bb40578e02825a4b179e07b5571a6aea836e1acc75d708bfcaa929c5a23ad69bc316664bf40e8b5b69483ac56581cfb7cfe84df11f6a6ecfaf31cb7babda5d3201662ce692d9f6bd999ad192c8dc959ab13423640e8385e209e34dac29e32129c4be51797b9d9499e7fdbd6700ac7c4933246ede312dbb021a838e1c8aead3e6cf7f2b3342fa6c020cc34f837123287db234cf4e592d592b38185e8c5aa0ebe46afab1939f8ce6943f8561c30c388e3448f759b18bd074b84b077f855416429acd739c0ad151eb4e4cb89698edaa81c1a63b47bf1c60d5e34192562d18c0ecde46900358711fec80bf1e4e726f29014c23ec14e55b7a8f9ec5c54b9ce61e529df715b476b000fc2c20a270326c5baf7f9045c18f2a8c039b7d52fb9c4b959497dee579aa21975a5d0bdc4ef390317184b3200444d0055575e61faf64f97188026710bff4f6d2e442b6bf69f373b94a311fdcbdd45813b6b78a780fc2b5b8604a7b23ff19c97e64313a255741d1a3b0998909bd09358ab258c22af8c64e538c6294487f2b52366371d75a2245427f2a5813e3577bec05ecd71ad25d268a694c7d37f4f4e0f44755c6d6aee550cab72e95889860d5ede6da1711fd192b7cbbde5abc2079431f8ef21144b6b699d49d93cf48024458c333984b019474bb1920b1237d7f2a59621b1551669acf799c8ad79ae5e345a54d11545c420c2ba45a6a75439e83807f6820ce77a7c48ce8747ee4169d339ba5ddeeecd4e88081cad85aa7cf3ad02d10842d09733c7c36c485fd88da2f6bbad1c7366356a0665a930a8feab702123f0bcab9b8add0db74739026c957c796012596071d742f932b2fbcd7f10581675ab056a26ece45822d56dd1092e3a885f064f0c23e3eda63eb097cb83f83bfef45a107b0d62ba10cf05e480e1b4c5ad2399e85b10602b392c5ce1f9fa12bbe40c9ea45e2c37671ec7515f32ff40da16b68f3747a295faa144b0f33fbe0e353da01ec638270c214cf5429c7e905118f2b0eaa60ca810c94d2d34184a884534e733587433f35951e5117f5ee319e73584cbd7376cb464d79b5272a2a886f3285a786e53233a593e1b3cf27ecd8aece4ae8451c4fdce9097f1759d0feb719a18a294e6d07c93d299d7f197f755a1c5e0a728f49715a104b0582994f8572cbdf7a22c43bf1a3c72264fee8b9bc1bcc0e9326f79a864a587e632c685a81f2b4c07d7c0cc13682234e26afc5978b6c47814b42f6853c5a3ddc11312e78fc61a871c92230220c4b2f4a0b29578b4aee3cf2b3c43425b66d36bc4b5071e9dfd010825d1ad730616a03bcc21d86497769d0b1086c15120dfc9a4dee71af2ace637a7f31a0853261d8bb637501662ca2f48569fd00d3476725eb42ed1d85a28d445ba959fe4650e0d44c6856c71815b0aef0983695ef119d200650776b87a25f2abed6785d2da1cadc821cfc5f05f1d1491de7daf68d74dc1c5ac780fadf3be3bb335afec43b649b41ee3db035b12e6e827651b3ce82119090043ebe123a3290367d99cd24cbf16486bb76e5c50c35da6d0db1b2bfd8014d4600092e90a34314315f6a922", 0x1000}, {&(0x7f0000001640)="b44c1f042f004ecd9760951f40911eab013670bcea87a9de2332b825178537aa235dd7a485805a466854bd7dd8403f7687fa1dfa055bc620b25953f04e2cffedf6f0b1797cfd402009927d8186e307d378eee334ffd4d4311686f5228631c7bc47ccaefc01bd88c4b614712f532157604901795d7601ad2d4e278455932b1eb083d518c4fdd6bdda09890a68b938ccc11e6d6fffb2c8537b561dabee8f08035045096883cec818ad253386041e140922bf43c3c31376e49edb23c71c1ece2f0f74cde6f86e524a724f8ccb275fd6e9c2f2c5e8310838735d6e2e5c4c4e955c540d635129fd60818643eb9d5d67a9842ccaad4253c0cff26be399f9", 0xfb}, {&(0x7f0000001740)="50a34f2d9e1bcedb8801bb30faa52e73fe63ca44e41079cc10393e327837b426629a3ed4d048ae817efe7fe912604e0b1d4c4c270d2fce1a79b173254b5fa91bff59b2f9206de890f787dd73438660c8d464927ed7e34002a55f4c5599544252f770f6acd04d31584d8af68f9aaa51ee858c60248ec10fe84c4fdf3d31045255411c123ea12bf3eeb55c111d52c099d5868484ef99cecb1b74ba", 0x9a}], 0x7, &(0x7f0000001880)={0x30, 0x11d, 0x80000000, "622e31b0e129e319e9e8509ec175fee4cc26a00c713b27ad76"}, 0x30, 0x840}, 0x4000) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:46 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x300, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 802.652142] binder: 30610:30615 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 802.667950] 9pnet: Insufficient options for proto=fd [ 802.668788] FAULT_INJECTION: forcing a failure. [ 802.668788] name failslab, interval 1, probability 0, space 0, times 0 [ 802.684826] binder: 30610:30615 got reply transaction with no transaction stack [ 802.687091] CPU: 1 PID: 30618 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 802.700782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.706867] binder: 30610:30615 transaction failed 29201/-71, size 0-0 line 2741 [ 802.710135] Call Trace: [ 802.710168] dump_stack+0x244/0x39d [ 802.710193] ? dump_stack_print_info.cold.1+0x20/0x20 [ 802.710220] should_fail.cold.4+0xa/0x17 [ 802.733184] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 802.737131] binder: undelivered TRANSACTION_ERROR: 29201 [ 802.738307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfdfdffff]}) 08:43:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 802.738328] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 802.738349] ? refcount_add_not_zero_checked+0x330/0x330 [ 802.738372] ? rcu_softirq_qs+0x20/0x20 [ 802.764209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.769760] ? check_preemption_disabled+0x48/0x280 [ 802.774801] ? find_held_lock+0x36/0x1c0 [ 802.778948] ? perf_trace_cfg80211_tdls_oper_request+0x388/0x8a0 [ 802.785132] ? perf_trace_sched_process_exec+0x860/0x860 [ 802.790608] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 802.796159] ? creds_are_invalid+0x122/0x140 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xffff8000]}) [ 802.800590] ? prepare_creds+0x3f1/0x4d0 [ 802.804847] __should_failslab+0x124/0x180 [ 802.809101] should_failslab+0x9/0x14 [ 802.812916] kmem_cache_alloc+0x2be/0x730 [ 802.817081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.822636] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 802.828687] ? creds_are_invalid+0x122/0x140 [ 802.833117] __delayacct_tsk_init+0x20/0x80 [ 802.837548] copy_process+0x3d8b/0x8770 [ 802.841541] ? check_preemption_disabled+0x48/0x280 [ 802.846591] ? mark_held_locks+0x130/0x130 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xfffffdfd]}) [ 802.850839] ? perf_trace_lock+0x7a0/0x7a0 [ 802.855097] ? __cleanup_sighand+0x70/0x70 [ 802.859349] ? check_preemption_disabled+0x48/0x280 [ 802.861144] 9pnet: Insufficient options for proto=fd [ 802.864401] ? debug_smp_processor_id+0x1c/0x20 [ 802.864420] ? perf_trace_lock_acquire+0x15b/0x800 [ 802.864448] ? print_usage_bug+0xc0/0xc0 [ 802.883203] ? ima_match_policy+0x848/0x1560 [ 802.887640] ? check_preemption_disabled+0x48/0x280 [ 802.892674] ? print_usage_bug+0xc0/0xc0 [ 802.896753] ? print_usage_bug+0xc0/0xc0 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x80ffff00000000]}) [ 802.900826] ? kasan_check_read+0x11/0x20 [ 802.904990] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 802.910463] ? __lock_acquire+0x62f/0x4c20 [ 802.914714] ? find_held_lock+0x36/0x1c0 [ 802.918814] ? mark_held_locks+0x130/0x130 [ 802.923085] ? mark_held_locks+0x130/0x130 [ 802.927336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.932893] ? check_preemption_disabled+0x48/0x280 [ 802.937930] ? debug_smp_processor_id+0x1c/0x20 [ 802.942621] ? print_usage_bug+0xc0/0xc0 [ 802.946696] ? check_preemption_disabled+0x48/0x280 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xfdfdffff00000000]}) [ 802.951726] ? print_usage_bug+0xc0/0xc0 [ 802.955804] ? print_usage_bug+0xc0/0xc0 [ 802.959881] ? __lock_acquire+0x62f/0x4c20 [ 802.964127] ? perf_trace_lock_acquire+0x15b/0x800 [ 802.969072] ? zap_class+0x640/0x640 [ 802.972815] ? print_usage_bug+0xc0/0xc0 [ 802.976895] ? __lock_acquire+0x62f/0x4c20 [ 802.981167] ? mark_held_locks+0x130/0x130 [ 802.985431] ? __lock_acquire+0x62f/0x4c20 [ 802.989684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.995241] ? check_preemption_disabled+0x48/0x280 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x80ffff]}) [ 803.000277] ? dput.part.25+0x241/0x860 [ 803.004268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.009820] ? check_preemption_disabled+0x48/0x280 [ 803.014855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.020426] ? mark_held_locks+0x130/0x130 [ 803.024674] ? perf_trace_lock_acquire+0x15b/0x800 [ 803.029630] ? zap_class+0x640/0x640 [ 803.033364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.038929] ? check_preemption_disabled+0x48/0x280 [ 803.043971] ? debug_smp_processor_id+0x1c/0x20 [ 803.048657] ? perf_trace_lock_acquire+0x15b/0x800 08:43:46 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfQno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 803.053610] ? perf_trace_lock+0x7a0/0x7a0 [ 803.057858] ? find_held_lock+0x36/0x1c0 [ 803.061937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.067489] ? _parse_integer+0x134/0x180 [ 803.071654] ? zap_class+0x640/0x640 [ 803.075399] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.080957] ? _kstrtoull+0x188/0x250 [ 803.084777] ? _parse_integer+0x180/0x180 [ 803.088944] ? zap_class+0x640/0x640 [ 803.092693] ? lock_release+0xa10/0xa10 [ 803.096711] ? find_held_lock+0x36/0x1c0 08:43:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xfdfdffff]}) [ 803.100789] ? zap_class+0x640/0x640 [ 803.104551] ? get_pid_task+0xd6/0x1a0 [ 803.108453] ? lock_downgrade+0x900/0x900 [ 803.112641] ? check_preemption_disabled+0x48/0x280 [ 803.117686] ? find_held_lock+0x36/0x1c0 [ 803.121772] ? __f_unlock_pos+0x19/0x20 [ 803.125763] ? lock_downgrade+0x900/0x900 [ 803.129927] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.135479] ? proc_fail_nth_write+0x9e/0x210 [ 803.139984] ? proc_cwd_link+0x1d0/0x1d0 [ 803.144064] ? find_held_lock+0x36/0x1c0 [ 803.148324] _do_fork+0x1cb/0x11c0 [ 803.151883] ? fork_idle+0x1d0/0x1d0 [ 803.155624] ? __lock_is_held+0xb5/0x140 [ 803.159724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.165280] ? check_preemption_disabled+0x48/0x280 [ 803.170319] ? __sb_end_write+0xd9/0x110 [ 803.174407] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.179965] ? fput+0x130/0x1a0 [ 803.183264] ? do_syscall_64+0x9a/0x820 [ 803.187243] ? do_syscall_64+0x9a/0x820 [ 803.191213] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 803.195805] ? trace_hardirqs_on+0xbd/0x310 [ 803.200130] ? __ia32_sys_read+0xb0/0xb0 [ 803.204192] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.209546] ? trace_hardirqs_off_caller+0x300/0x300 [ 803.214643] __x64_sys_clone+0xbf/0x150 [ 803.218633] do_syscall_64+0x1b9/0x820 [ 803.222512] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 803.227866] ? syscall_return_slowpath+0x5e0/0x5e0 [ 803.232786] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.237623] ? trace_hardirqs_on_caller+0x310/0x310 [ 803.242629] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 803.247646] ? prepare_exit_to_usermode+0x291/0x3b0 [ 803.252672] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.257513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.262693] RIP: 0033:0x457569 [ 803.265874] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.284766] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 803.292473] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 803.299729] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 803.306986] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 803.314261] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 803.321530] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:47 executing program 5 (fault-call:1 fault-nth:4): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:47 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffff8000]}) [ 803.363266] 9pnet: Insufficient options for proto=fd [ 803.392612] FAULT_INJECTION: forcing a failure. [ 803.392612] name failslab, interval 1, probability 0, space 0, times 0 [ 803.404032] CPU: 1 PID: 30655 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 803.412543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.421901] Call Trace: [ 803.424510] dump_stack+0x244/0x39d [ 803.428172] ? dump_stack_print_info.cold.1+0x20/0x20 [ 803.433405] should_fail.cold.4+0xa/0x17 [ 803.437488] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 803.442616] ? zap_class+0x640/0x640 [ 803.446340] ? task_fork_fair+0x37e/0x6d0 [ 803.450481] ? lock_downgrade+0x900/0x900 [ 803.454620] ? __lockdep_init_map+0x105/0x590 [ 803.459110] ? find_held_lock+0x36/0x1c0 [ 803.463196] ? perf_trace_sched_process_exec+0x860/0x860 [ 803.468650] ? yield_to_task_fair+0x240/0x240 [ 803.473139] ? audit_filter_inodes+0x720/0x720 [ 803.477719] __should_failslab+0x124/0x180 [ 803.481953] should_failslab+0x9/0x14 [ 803.485748] kmem_cache_alloc_trace+0x2d7/0x750 [ 803.490414] ? perf_event_attrs+0x40/0x40 [ 803.494574] apparmor_task_alloc+0x49/0x290 [ 803.498900] security_task_alloc+0x54/0xb0 [ 803.503146] copy_process+0x2669/0x8770 [ 803.507122] ? check_preemption_disabled+0x48/0x280 [ 803.512145] ? __cleanup_sighand+0x70/0x70 [ 803.516385] ? check_preemption_disabled+0x48/0x280 [ 803.521420] ? debug_smp_processor_id+0x1c/0x20 [ 803.526106] ? perf_trace_lock_acquire+0x15b/0x800 [ 803.531044] ? print_usage_bug+0xc0/0xc0 [ 803.535118] ? ima_match_policy+0x848/0x1560 [ 803.539539] ? check_preemption_disabled+0x48/0x280 [ 803.544559] ? print_usage_bug+0xc0/0xc0 [ 803.548615] ? print_usage_bug+0xc0/0xc0 [ 803.552670] ? kasan_check_read+0x11/0x20 [ 803.556812] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 803.562079] ? __lock_acquire+0x62f/0x4c20 [ 803.566304] ? find_held_lock+0x36/0x1c0 [ 803.570365] ? mark_held_locks+0x130/0x130 [ 803.574601] ? mark_held_locks+0x130/0x130 [ 803.578825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.584349] ? check_preemption_disabled+0x48/0x280 [ 803.589355] ? debug_smp_processor_id+0x1c/0x20 [ 803.594017] ? print_usage_bug+0xc0/0xc0 [ 803.598066] ? check_preemption_disabled+0x48/0x280 [ 803.603071] ? print_usage_bug+0xc0/0xc0 [ 803.607143] ? perf_trace_lock_acquire+0x15b/0x800 [ 803.612069] ? zap_class+0x640/0x640 [ 803.615799] ? __lock_acquire+0x62f/0x4c20 [ 803.620034] ? mark_held_locks+0x130/0x130 [ 803.624261] ? __lock_acquire+0x62f/0x4c20 [ 803.628500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.634037] ? check_preemption_disabled+0x48/0x280 [ 803.639044] ? dput.part.25+0x241/0x860 [ 803.643019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.648547] ? check_preemption_disabled+0x48/0x280 [ 803.653566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.659127] ? mark_held_locks+0x130/0x130 [ 803.663365] ? perf_trace_lock_acquire+0x15b/0x800 [ 803.668300] ? zap_class+0x640/0x640 [ 803.672004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.677532] ? check_preemption_disabled+0x48/0x280 [ 803.682551] ? debug_smp_processor_id+0x1c/0x20 [ 803.687226] ? perf_trace_lock_acquire+0x15b/0x800 [ 803.692150] ? perf_trace_lock+0x7a0/0x7a0 [ 803.696379] ? find_held_lock+0x36/0x1c0 [ 803.700660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.706193] ? _parse_integer+0x134/0x180 [ 803.710331] ? zap_class+0x640/0x640 [ 803.714033] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.719558] ? _kstrtoull+0x188/0x250 [ 803.723359] ? _parse_integer+0x180/0x180 [ 803.727520] ? zap_class+0x640/0x640 [ 803.731234] ? lock_release+0xa10/0xa10 [ 803.735216] ? find_held_lock+0x36/0x1c0 [ 803.739291] ? zap_class+0x640/0x640 [ 803.742996] ? get_pid_task+0xd6/0x1a0 [ 803.746885] ? lock_downgrade+0x900/0x900 [ 803.751028] ? check_preemption_disabled+0x48/0x280 [ 803.756038] ? find_held_lock+0x36/0x1c0 [ 803.760094] ? __f_unlock_pos+0x19/0x20 [ 803.764059] ? lock_downgrade+0x900/0x900 [ 803.768209] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.773741] ? proc_fail_nth_write+0x9e/0x210 [ 803.778229] ? proc_cwd_link+0x1d0/0x1d0 [ 803.782284] ? find_held_lock+0x36/0x1c0 [ 803.786338] _do_fork+0x1cb/0x11c0 [ 803.789874] ? fork_idle+0x1d0/0x1d0 [ 803.793596] ? __lock_is_held+0xb5/0x140 [ 803.797650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.803182] ? check_preemption_disabled+0x48/0x280 [ 803.808195] ? __sb_end_write+0xd9/0x110 [ 803.812246] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.817774] ? fput+0x130/0x1a0 [ 803.821043] ? do_syscall_64+0x9a/0x820 [ 803.825007] ? do_syscall_64+0x9a/0x820 [ 803.828974] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 803.833548] ? trace_hardirqs_on+0xbd/0x310 [ 803.837879] ? __ia32_sys_read+0xb0/0xb0 [ 803.841942] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.847327] ? trace_hardirqs_off_caller+0x300/0x300 [ 803.852427] __x64_sys_clone+0xbf/0x150 [ 803.856404] do_syscall_64+0x1b9/0x820 [ 803.860289] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 803.865642] ? syscall_return_slowpath+0x5e0/0x5e0 [ 803.870563] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.875404] ? trace_hardirqs_on_caller+0x310/0x310 [ 803.880417] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 803.885424] ? prepare_exit_to_usermode+0x291/0x3b0 [ 803.890435] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.895271] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.900447] RIP: 0033:0x457569 [ 803.903633] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.922529] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 803.930230] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 803.937493] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 803.944752] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 803.952007] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 803.959265] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:47 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x1020, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:47 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000280)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={r3}) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f00000002c0)=0x6, 0x4) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(r1, 0x1, &(0x7f00000001c0), &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) r5 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x8001, 0x101000) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000340)={{{@in=@remote, @in=@multicast2}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000100)=0xe8) 08:43:47 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfqno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:47 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffdfd]}) 08:43:47 executing program 5 (fault-call:1 fault-nth:5): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 804.065472] binder: 30661:30666 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 804.082498] 9pnet: Insufficient options for proto=fd [ 804.093604] binder: 30661:30666 got reply transaction with no transaction stack [ 804.094140] FAULT_INJECTION: forcing a failure. [ 804.094140] name failslab, interval 1, probability 0, space 0, times 0 08:43:47 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 804.115777] binder: 30661:30666 transaction failed 29201/-71, size 0-0 line 2741 [ 804.129170] binder: undelivered TRANSACTION_ERROR: 29201 [ 804.145225] CPU: 1 PID: 30670 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 804.153750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.163113] Call Trace: [ 804.165718] dump_stack+0x244/0x39d [ 804.169366] ? dump_stack_print_info.cold.1+0x20/0x20 [ 804.174592] should_fail.cold.4+0xa/0x17 [ 804.178670] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 804.183792] ? rcu_softirq_qs+0x20/0x20 [ 804.187796] ? unwind_dump+0x190/0x190 [ 804.191713] ? is_bpf_text_address+0xd3/0x170 [ 804.196231] ? find_held_lock+0x36/0x1c0 [ 804.200333] ? perf_trace_sched_process_exec+0x860/0x860 [ 804.205792] ? kmem_cache_alloc_trace+0x152/0x750 [ 804.210653] ? apparmor_task_alloc+0x49/0x290 [ 804.215169] ? security_task_alloc+0x54/0xb0 [ 804.219597] ? copy_process+0x2669/0x8770 [ 804.223763] ? do_syscall_64+0x1b9/0x820 [ 804.227838] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.233223] __should_failslab+0x124/0x180 [ 804.237481] should_failslab+0x9/0x14 [ 804.241295] kmem_cache_alloc+0x2be/0x730 [ 804.245468] dup_fd+0x11c/0xf50 [ 804.248765] ? check_preemption_disabled+0x48/0x280 [ 804.253798] ? __fdget+0x20/0x20 [ 804.257184] ? rcu_pm_notify+0xc0/0xc0 [ 804.261099] ? apparmor_task_alloc+0x49/0x290 08:43:47 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfSno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:47 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:43:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 804.265612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 804.271264] ? copy_semundo+0xca/0x370 [ 804.275182] ? __ia32_sys_semop+0xb0/0xb0 [ 804.279361] ? apparmor_task_alloc+0x218/0x290 [ 804.283973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.289529] copy_process+0x2734/0x8770 [ 804.293525] ? check_preemption_disabled+0x48/0x280 [ 804.298590] ? __cleanup_sighand+0x70/0x70 [ 804.302842] ? debug_smp_processor_id+0x1c/0x20 [ 804.307525] ? perf_trace_lock_acquire+0x15b/0x800 [ 804.312475] ? print_usage_bug+0xc0/0xc0 08:43:48 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff]}) 08:43:48 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x300000000000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 804.316558] ? ima_match_policy+0x848/0x1560 [ 804.320981] ? check_preemption_disabled+0x48/0x280 [ 804.326012] ? print_usage_bug+0xc0/0xc0 [ 804.330087] ? print_usage_bug+0xc0/0xc0 [ 804.334175] ? kasan_check_read+0x11/0x20 [ 804.338343] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 804.343643] ? __lock_acquire+0x62f/0x4c20 [ 804.347897] ? find_held_lock+0x36/0x1c0 [ 804.351989] ? mark_held_locks+0x130/0x130 [ 804.356257] ? mark_held_locks+0x130/0x130 [ 804.360509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:43:48 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x80ffff]}) [ 804.366066] ? check_preemption_disabled+0x48/0x280 [ 804.371101] ? debug_smp_processor_id+0x1c/0x20 [ 804.375785] ? print_usage_bug+0xc0/0xc0 [ 804.379864] ? check_preemption_disabled+0x48/0x280 [ 804.384897] ? print_usage_bug+0xc0/0xc0 [ 804.388985] ? perf_trace_lock_acquire+0x15b/0x800 [ 804.393931] ? zap_class+0x640/0x640 [ 804.397683] ? __lock_acquire+0x62f/0x4c20 [ 804.401944] ? mark_held_locks+0x130/0x130 [ 804.406212] ? __lock_acquire+0x62f/0x4c20 [ 804.410466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.416022] ? check_preemption_disabled+0x48/0x280 [ 804.416440] 9pnet: Insufficient options for proto=fd [ 804.421049] ? dput.part.25+0x241/0x860 [ 804.421067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.421088] ? check_preemption_disabled+0x48/0x280 [ 804.440731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.446289] ? mark_held_locks+0x130/0x130 [ 804.446305] ? perf_trace_lock_acquire+0x15b/0x800 [ 804.446335] ? zap_class+0x640/0x640 [ 804.446354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:43:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 804.446372] ? check_preemption_disabled+0x48/0x280 [ 804.469782] ? debug_smp_processor_id+0x1c/0x20 [ 804.474468] ? perf_trace_lock_acquire+0x15b/0x800 [ 804.479437] ? perf_trace_lock+0x7a0/0x7a0 [ 804.483683] ? find_held_lock+0x36/0x1c0 [ 804.487762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.493317] ? _parse_integer+0x134/0x180 [ 804.497486] ? zap_class+0x640/0x640 [ 804.501222] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 804.506780] ? _kstrtoull+0x188/0x250 [ 804.510594] ? _parse_integer+0x180/0x180 [ 804.514758] ? zap_class+0x640/0x640 [ 804.518487] ? lock_release+0xa10/0xa10 [ 804.522481] ? find_held_lock+0x36/0x1c0 [ 804.526559] ? zap_class+0x640/0x640 [ 804.530295] ? get_pid_task+0xd6/0x1a0 [ 804.534205] ? lock_downgrade+0x900/0x900 [ 804.538370] ? check_preemption_disabled+0x48/0x280 [ 804.539850] 9pnet: Insufficient options for proto=fd [ 804.543425] ? find_held_lock+0x36/0x1c0 [ 804.552589] ? __f_unlock_pos+0x19/0x20 [ 804.556576] ? lock_downgrade+0x900/0x900 [ 804.560748] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 804.566304] ? proc_fail_nth_write+0x9e/0x210 [ 804.570811] ? proc_cwd_link+0x1d0/0x1d0 [ 804.574902] ? find_held_lock+0x36/0x1c0 [ 804.578987] _do_fork+0x1cb/0x11c0 [ 804.582551] ? fork_idle+0x1d0/0x1d0 [ 804.586284] ? __lock_is_held+0xb5/0x140 [ 804.590370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.595930] ? check_preemption_disabled+0x48/0x280 [ 804.597738] binder: 30698:30702 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 804.600963] ? __sb_end_write+0xd9/0x110 [ 804.600988] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 804.601005] ? fput+0x130/0x1a0 [ 804.601023] ? do_syscall_64+0x9a/0x820 [ 804.601043] ? do_syscall_64+0x9a/0x820 [ 804.621980] binder: 30698:30702 got reply transaction with no transaction stack [ 804.625922] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 804.625943] ? trace_hardirqs_on+0xbd/0x310 [ 804.625960] ? __ia32_sys_read+0xb0/0xb0 [ 804.625979] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.625997] ? trace_hardirqs_off_caller+0x300/0x300 [ 804.626020] __x64_sys_clone+0xbf/0x150 [ 804.626042] do_syscall_64+0x1b9/0x820 [ 804.626058] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 804.626078] ? syscall_return_slowpath+0x5e0/0x5e0 [ 804.636638] binder: 30698:30702 transaction failed 29201/-71, size 0-0 line 2741 [ 804.637495] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 804.637516] ? trace_hardirqs_on_caller+0x310/0x310 [ 804.637535] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 804.637555] ? prepare_exit_to_usermode+0x291/0x3b0 [ 804.647603] binder: undelivered TRANSACTION_ERROR: 29201 [ 804.650527] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 804.650556] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.650570] RIP: 0033:0x457569 [ 804.650587] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 804.650601] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 804.751767] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 804.759043] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 08:43:48 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x378, 0x400000) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r4, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_1\x00'}]}]}, 0x2c}}, 0x80) tkill(r0, 0x1004000000016) 08:43:48 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:43:48 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfgno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:48 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x3000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:48 executing program 5 (fault-call:1 fault-nth:6): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 804.766301] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 804.773565] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 804.780834] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 804.859445] FAULT_INJECTION: forcing a failure. [ 804.859445] name failslab, interval 1, probability 0, space 0, times 0 [ 804.866588] binder: 30711:30716 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 804.886296] 9pnet: Insufficient options for proto=fd [ 804.896017] binder: 30711:30716 got reply transaction with no transaction stack [ 804.904823] CPU: 0 PID: 30713 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 804.913339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.914271] binder: 30711:30716 transaction failed 29201/-71, size 0-0 line 2741 [ 804.922695] Call Trace: [ 804.922724] dump_stack+0x244/0x39d [ 804.922753] ? dump_stack_print_info.cold.1+0x20/0x20 [ 804.922791] should_fail.cold.4+0xa/0x17 [ 804.940235] binder: undelivered TRANSACTION_ERROR: 29201 [ 804.941709] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 804.941726] ? check_preemption_disabled+0x48/0x280 [ 804.941752] ? perf_trace_lock_acquire+0x15b/0x800 [ 804.941773] ? save_stack+0xa9/0xd0 [ 804.969890] ? __x64_sys_clone+0xbf/0x150 [ 804.974032] ? find_held_lock+0x36/0x1c0 [ 804.978111] ? perf_trace_sched_process_exec+0x860/0x860 [ 804.983565] ? dup_fd+0xa42/0xf50 [ 804.987015] __should_failslab+0x124/0x180 [ 804.991244] should_failslab+0x9/0x14 [ 804.995034] kmem_cache_alloc_trace+0x2d7/0x750 [ 804.999703] ? do_raw_spin_unlock+0xa7/0x330 [ 805.004117] ? do_raw_spin_trylock+0x270/0x270 [ 805.008714] ? __lock_is_held+0xb5/0x140 [ 805.012770] alloc_fdtable+0x89/0x280 [ 805.016578] dup_fd+0xa71/0xf50 [ 805.019867] ? check_preemption_disabled+0x48/0x280 [ 805.024896] ? __fdget+0x20/0x20 [ 805.028253] ? rcu_pm_notify+0xc0/0xc0 [ 805.032140] ? apparmor_task_alloc+0x49/0x290 [ 805.036632] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.042173] ? copy_semundo+0xca/0x370 [ 805.046071] ? __ia32_sys_semop+0xb0/0xb0 [ 805.050212] ? apparmor_task_alloc+0x218/0x290 [ 805.054805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:43:48 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r2 = memfd_create(&(0x7f00000000c0)='vmnet1+wlan1%posix_acl_access\x00', 0x0) write$FUSE_NOTIFY_DELETE(r2, &(0x7f00000001c0)={0x30, 0x6, 0x0, {0x3, 0x0, 0x7, 0x0, 'filter\x00'}}, 0x30) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000000340)={'filter\x00', 0xb7, "d1458e3a64ac47764f0e84b463779e70b0c8e6e90d26852b1356fc7ac263d1852827d3f11587a38e3b6c8756c34903c87787edf88e8da384a9c271daa4d886046476b8fd1df606ea9bf86741ceaf90f538bdf63990f925aca8b83470373a658574b8b0907e29bec82bc5df3477cd7a5cdf4ff314001335e95081183ebed2a7b0796bdf2920dfe92227bdf09b4b7c2a4dcfebabbd13edd8ee6d03b7ed8e323aec13fb57563973fe5ab97c85d412aecd800158ce5ae5ff1e"}, &(0x7f0000000100)=0xdb) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) getsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f0000000240)=0x7fffffff, &(0x7f0000000280)=0x2) tkill(r0, 0x1004000000016) [ 805.060364] copy_process+0x2734/0x8770 [ 805.064364] ? check_preemption_disabled+0x48/0x280 [ 805.069445] ? __cleanup_sighand+0x70/0x70 [ 805.073707] ? debug_smp_processor_id+0x1c/0x20 [ 805.078402] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.083351] ? print_usage_bug+0xc0/0xc0 [ 805.087449] ? ima_match_policy+0x848/0x1560 [ 805.091876] ? check_preemption_disabled+0x48/0x280 [ 805.096908] ? print_usage_bug+0xc0/0xc0 [ 805.100984] ? print_usage_bug+0xc0/0xc0 [ 805.105050] ? kasan_check_read+0x11/0x20 08:43:48 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) syz_open_dev$rtc(&(0x7f00000000c0)='/dev/rtc#\x00', 0x8, 0x620001) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 805.109193] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 805.114463] ? __lock_acquire+0x62f/0x4c20 [ 805.118689] ? find_held_lock+0x36/0x1c0 [ 805.122770] ? mark_held_locks+0x130/0x130 [ 805.127043] ? mark_held_locks+0x130/0x130 [ 805.131300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.136851] ? check_preemption_disabled+0x48/0x280 [ 805.141890] ? debug_smp_processor_id+0x1c/0x20 [ 805.146575] ? print_usage_bug+0xc0/0xc0 [ 805.150655] ? check_preemption_disabled+0x48/0x280 [ 805.155701] ? print_usage_bug+0xc0/0xc0 [ 805.159792] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.164739] ? zap_class+0x640/0x640 [ 805.168469] ? __lock_acquire+0x62f/0x4c20 [ 805.172729] ? mark_held_locks+0x130/0x130 [ 805.176961] ? __lock_acquire+0x62f/0x4c20 [ 805.181188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.186731] ? check_preemption_disabled+0x48/0x280 [ 805.191739] ? dput.part.25+0x241/0x860 [ 805.195704] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.201238] ? check_preemption_disabled+0x48/0x280 [ 805.206245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.211777] ? mark_held_locks+0x130/0x130 [ 805.216007] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.220980] ? zap_class+0x640/0x640 [ 805.224695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.230233] ? check_preemption_disabled+0x48/0x280 [ 805.235259] ? debug_smp_processor_id+0x1c/0x20 [ 805.239916] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.244857] ? perf_trace_lock+0x7a0/0x7a0 [ 805.249096] ? find_held_lock+0x36/0x1c0 [ 805.253146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.258679] ? _parse_integer+0x134/0x180 [ 805.262836] ? zap_class+0x640/0x640 [ 805.266556] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 805.272085] ? _kstrtoull+0x188/0x250 [ 805.275878] ? _parse_integer+0x180/0x180 [ 805.280018] ? zap_class+0x640/0x640 [ 805.283719] ? lock_release+0xa10/0xa10 [ 805.287692] ? find_held_lock+0x36/0x1c0 [ 805.291756] ? zap_class+0x640/0x640 [ 805.295477] ? get_pid_task+0xd6/0x1a0 [ 805.299387] ? lock_downgrade+0x900/0x900 [ 805.303549] ? check_preemption_disabled+0x48/0x280 08:43:49 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f00000000c0)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x80000, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f00000001c0)=0x30, 0x4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x3d3) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 805.308573] ? find_held_lock+0x36/0x1c0 [ 805.312644] ? __f_unlock_pos+0x19/0x20 [ 805.316625] ? lock_downgrade+0x900/0x900 [ 805.320787] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 805.326321] ? proc_fail_nth_write+0x9e/0x210 [ 805.330817] ? proc_cwd_link+0x1d0/0x1d0 [ 805.334898] ? find_held_lock+0x36/0x1c0 [ 805.338977] _do_fork+0x1cb/0x11c0 [ 805.342533] ? fork_idle+0x1d0/0x1d0 [ 805.346262] ? __lock_is_held+0xb5/0x140 [ 805.350349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.355903] ? check_preemption_disabled+0x48/0x280 [ 805.360940] ? __sb_end_write+0xd9/0x110 [ 805.365022] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 805.370575] ? fput+0x130/0x1a0 [ 805.373874] ? do_syscall_64+0x9a/0x820 [ 805.377857] ? do_syscall_64+0x9a/0x820 [ 805.381834] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 805.386418] ? trace_hardirqs_on+0xbd/0x310 [ 805.390738] ? __ia32_sys_read+0xb0/0xb0 [ 805.394803] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.400157] ? trace_hardirqs_off_caller+0x300/0x300 [ 805.405254] __x64_sys_clone+0xbf/0x150 [ 805.409222] do_syscall_64+0x1b9/0x820 [ 805.413098] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 805.418451] ? syscall_return_slowpath+0x5e0/0x5e0 [ 805.423374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 805.428224] ? trace_hardirqs_on_caller+0x310/0x310 [ 805.433245] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 805.438273] ? prepare_exit_to_usermode+0x291/0x3b0 [ 805.443299] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 805.448155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.453343] RIP: 0033:0x457569 08:43:49 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r3 = syz_open_procfs(r0, &(0x7f00000000c0)='net/stat\x00') write$evdev(r3, &(0x7f0000000100), 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 805.456538] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 805.475433] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 805.483133] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 805.490410] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 805.497698] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 805.504975] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:43:49 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfsno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:49 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 805.512256] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:49 executing program 5 (fault-call:1 fault-nth:7): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 805.569368] binder: 30736:30740 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 805.581742] binder: 30736:30740 got reply transaction with no transaction stack [ 805.591579] 9pnet: Insufficient options for proto=fd [ 805.597204] binder: 30736:30740 transaction failed 29201/-71, size 0-0 line 2741 08:43:49 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:43:49 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfIno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 805.617857] binder: undelivered TRANSACTION_ERROR: 29201 [ 805.620795] FAULT_INJECTION: forcing a failure. [ 805.620795] name failslab, interval 1, probability 0, space 0, times 0 [ 805.656725] CPU: 1 PID: 30746 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 805.665255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.674620] Call Trace: [ 805.677236] dump_stack+0x244/0x39d [ 805.680887] ? dump_stack_print_info.cold.1+0x20/0x20 [ 805.686111] should_fail.cold.4+0xa/0x17 [ 805.690193] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 805.695307] ? __save_stack_trace+0x8d/0xf0 [ 805.699820] ? save_stack+0xa9/0xd0 [ 805.703461] ? save_stack+0x43/0xd0 [ 805.707113] ? find_held_lock+0x36/0x1c0 [ 805.711206] ? hci_chan_del+0xa8/0x2d0 [ 805.715130] ? perf_trace_sched_process_exec+0x860/0x860 [ 805.716746] 9pnet: Insufficient options for proto=fd [ 805.720599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.720618] ? check_preemption_disabled+0x48/0x280 [ 805.720646] __should_failslab+0x124/0x180 [ 805.720671] should_failslab+0x9/0x14 [ 805.744339] kmem_cache_alloc_node_trace+0x270/0x740 [ 805.749469] __kmalloc_node+0x3c/0x70 [ 805.753297] kvmalloc_node+0x65/0xf0 [ 805.757030] alloc_fdtable+0xd9/0x280 [ 805.760837] dup_fd+0xa71/0xf50 [ 805.764108] ? check_preemption_disabled+0x48/0x280 [ 805.769131] ? __fdget+0x20/0x20 [ 805.772510] ? rcu_pm_notify+0xc0/0xc0 [ 805.776408] ? apparmor_task_alloc+0x49/0x290 [ 805.780912] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.786439] ? copy_semundo+0xca/0x370 [ 805.790319] ? __ia32_sys_semop+0xb0/0xb0 [ 805.794481] ? apparmor_task_alloc+0x218/0x290 [ 805.799056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.804619] copy_process+0x2734/0x8770 [ 805.808598] ? check_preemption_disabled+0x48/0x280 [ 805.813654] ? __cleanup_sighand+0x70/0x70 [ 805.817899] ? debug_smp_processor_id+0x1c/0x20 [ 805.822559] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.827499] ? print_usage_bug+0xc0/0xc0 [ 805.831566] ? ima_match_policy+0x848/0x1560 [ 805.835967] ? check_preemption_disabled+0x48/0x280 [ 805.840995] ? print_usage_bug+0xc0/0xc0 [ 805.845044] ? print_usage_bug+0xc0/0xc0 [ 805.849101] ? kasan_check_read+0x11/0x20 [ 805.853256] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 805.858525] ? __lock_acquire+0x62f/0x4c20 [ 805.862751] ? find_held_lock+0x36/0x1c0 [ 805.866810] ? mark_held_locks+0x130/0x130 [ 805.871043] ? mark_held_locks+0x130/0x130 [ 805.875269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.880795] ? check_preemption_disabled+0x48/0x280 [ 805.885819] ? debug_smp_processor_id+0x1c/0x20 [ 805.890492] ? print_usage_bug+0xc0/0xc0 [ 805.894541] ? check_preemption_disabled+0x48/0x280 [ 805.899554] ? print_usage_bug+0xc0/0xc0 [ 805.903615] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.908536] ? zap_class+0x640/0x640 [ 805.912252] ? __lock_acquire+0x62f/0x4c20 [ 805.916483] ? mark_held_locks+0x130/0x130 [ 805.920725] ? __lock_acquire+0x62f/0x4c20 [ 805.924950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.930480] ? check_preemption_disabled+0x48/0x280 [ 805.935502] ? dput.part.25+0x241/0x860 [ 805.939467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.944997] ? check_preemption_disabled+0x48/0x280 [ 805.950004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.955538] ? mark_held_locks+0x130/0x130 [ 805.959772] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.964714] ? zap_class+0x640/0x640 [ 805.968427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.973951] ? check_preemption_disabled+0x48/0x280 [ 805.978971] ? debug_smp_processor_id+0x1c/0x20 [ 805.983656] ? perf_trace_lock_acquire+0x15b/0x800 [ 805.988585] ? perf_trace_lock+0x7a0/0x7a0 [ 805.992810] ? find_held_lock+0x36/0x1c0 [ 805.996861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.002399] ? _parse_integer+0x134/0x180 [ 806.006538] ? zap_class+0x640/0x640 [ 806.010244] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 806.015771] ? _kstrtoull+0x188/0x250 [ 806.019578] ? _parse_integer+0x180/0x180 [ 806.023718] ? zap_class+0x640/0x640 [ 806.027424] ? lock_release+0xa10/0xa10 [ 806.031400] ? find_held_lock+0x36/0x1c0 [ 806.035454] ? zap_class+0x640/0x640 [ 806.039177] ? get_pid_task+0xd6/0x1a0 [ 806.043058] ? lock_downgrade+0x900/0x900 [ 806.047194] ? check_preemption_disabled+0x48/0x280 [ 806.052205] ? find_held_lock+0x36/0x1c0 [ 806.056262] ? __f_unlock_pos+0x19/0x20 [ 806.060226] ? lock_downgrade+0x900/0x900 [ 806.064384] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 806.069919] ? proc_fail_nth_write+0x9e/0x210 [ 806.074424] ? proc_cwd_link+0x1d0/0x1d0 [ 806.078482] ? find_held_lock+0x36/0x1c0 [ 806.082539] _do_fork+0x1cb/0x11c0 [ 806.086071] ? fork_idle+0x1d0/0x1d0 [ 806.089792] ? __lock_is_held+0xb5/0x140 [ 806.093861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.099412] ? check_preemption_disabled+0x48/0x280 [ 806.104426] ? __sb_end_write+0xd9/0x110 [ 806.108495] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 806.114021] ? fput+0x130/0x1a0 [ 806.117294] ? do_syscall_64+0x9a/0x820 [ 806.121260] ? do_syscall_64+0x9a/0x820 [ 806.125237] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 806.129846] ? trace_hardirqs_on+0xbd/0x310 [ 806.134176] ? __ia32_sys_read+0xb0/0xb0 [ 806.138229] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.143581] ? trace_hardirqs_off_caller+0x300/0x300 [ 806.148681] __x64_sys_clone+0xbf/0x150 [ 806.152670] do_syscall_64+0x1b9/0x820 [ 806.156576] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 806.161933] ? syscall_return_slowpath+0x5e0/0x5e0 [ 806.166854] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.171701] ? trace_hardirqs_on_caller+0x310/0x310 [ 806.176721] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 806.181744] ? prepare_exit_to_usermode+0x291/0x3b0 [ 806.186768] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.191622] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.196800] RIP: 0033:0x457569 [ 806.199998] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 806.218886] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 806.226588] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 806.233859] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 806.241116] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 806.248372] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 806.255638] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:50 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x20000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:50 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:43:50 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfRno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:50 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x80800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000100)={'bpq0\x00', 0x0}) bind$bt_hci(r1, &(0x7f00000001c0)={0x1f, r2}, 0xc) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0xfffffffffffffffc, @my=0x0}, 0x9e) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:50 executing program 5 (fault-call:1 fault-nth:8): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 806.383318] FAULT_INJECTION: forcing a failure. [ 806.383318] name failslab, interval 1, probability 0, space 0, times 0 [ 806.398266] binder: 30760:30767 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 806.419917] 9pnet: Insufficient options for proto=fd [ 806.424848] CPU: 1 PID: 30765 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 806.433537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.439480] binder: 30760:30767 got reply transaction with no transaction stack [ 806.442894] Call Trace: [ 806.442923] dump_stack+0x244/0x39d [ 806.442953] ? dump_stack_print_info.cold.1+0x20/0x20 [ 806.461144] binder: 30760:30767 transaction failed 29201/-71, size 0-0 line 2741 [ 806.469300] should_fail.cold.4+0xa/0x17 [ 806.469322] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 806.469338] ? unwind_get_return_address+0x61/0xa0 [ 806.469358] ? __save_stack_trace+0x8d/0xf0 [ 806.469403] ? save_stack+0xa9/0xd0 [ 806.479140] binder: 30760:30767 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 806.483475] ? find_held_lock+0x36/0x1c0 [ 806.483516] ? perf_trace_sched_process_exec+0x860/0x860 [ 806.488448] binder: undelivered TRANSACTION_ERROR: 29201 [ 806.491443] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 806.491474] __should_failslab+0x124/0x180 [ 806.491496] should_failslab+0x9/0x14 08:43:50 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:43:50 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x6, 0x28400) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e23, 0x5, @remote, 0xffffffff}, 0x1c) r3 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_proto_private(r3, 0x89e2, &(0x7f0000000340)="38ff41b595be8d2a1b69e8d63f10dfb3bc11dfb38de96662e82aa5da9ff21b66598f5617a5304e40143efabaddbef95fab342d4bae077e54fd38e7ae2c6949c1953687af345dcc5d689aca22f3ecbb9de95f3b91ee365e51cc61020f1901244f9ee19acd9515fc71da7fee33991aba2e1abaefc644bc222621c54f8095da2a8f5da4089a8e2eedd96b3c5bf30f2ed17e8d8fc0684372c50a1bbc7f320b6076491ba4b3f78b39cfe0e210a94e7812824420538a85e67072d3955281fedcb0634c90fd8aa72d2421c2dc78ba9ff82f021a524b6cf0e43db67244875b470ac353305d2394dad8e8892182c535eea6c1") connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 806.500459] binder: 30760:30767 got reply transaction with no transaction stack [ 806.503599] kmem_cache_alloc_node_trace+0x270/0x740 [ 806.503621] ? kasan_unpoison_shadow+0x35/0x50 [ 806.503649] __kmalloc_node+0x3c/0x70 [ 806.509275] binder: 30760:30767 transaction failed 29201/-71, size 0-0 line 2741 [ 806.514542] kvmalloc_node+0x65/0xf0 [ 806.514563] alloc_fdtable+0x145/0x280 [ 806.514582] dup_fd+0xa71/0xf50 [ 806.520899] binder: undelivered TRANSACTION_ERROR: 29201 [ 806.524336] ? check_preemption_disabled+0x48/0x280 [ 806.524363] ? __fdget+0x20/0x20 08:43:50 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 806.524379] ? rcu_pm_notify+0xc0/0xc0 [ 806.524418] ? apparmor_task_alloc+0x49/0x290 [ 806.589763] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 806.595315] ? copy_semundo+0xca/0x370 [ 806.599220] ? __ia32_sys_semop+0xb0/0xb0 [ 806.603400] ? apparmor_task_alloc+0x218/0x290 [ 806.607996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.613553] copy_process+0x2734/0x8770 [ 806.617333] binder: 30777:30778 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 806.617553] ? check_preemption_disabled+0x48/0x280 [ 806.630651] ? __cleanup_sighand+0x70/0x70 [ 806.634909] ? debug_smp_processor_id+0x1c/0x20 [ 806.638360] binder: 30777:30778 got reply transaction with no transaction stack [ 806.639616] ? perf_trace_lock_acquire+0x15b/0x800 [ 806.639642] ? print_usage_bug+0xc0/0xc0 [ 806.639666] ? ima_match_policy+0x848/0x1560 [ 806.639690] ? check_preemption_disabled+0x48/0x280 [ 806.659889] binder: 30777:30778 transaction failed 29201/-71, size 0-0 line 2741 [ 806.660515] ? print_usage_bug+0xc0/0xc0 [ 806.677096] ? print_usage_bug+0xc0/0xc0 08:43:50 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) [ 806.681179] ? kasan_check_read+0x11/0x20 [ 806.681938] binder: undelivered TRANSACTION_ERROR: 29201 [ 806.685343] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 806.685368] ? __lock_acquire+0x62f/0x4c20 [ 806.685387] ? find_held_lock+0x36/0x1c0 [ 806.685429] ? mark_held_locks+0x130/0x130 [ 806.685461] ? mark_held_locks+0x130/0x130 [ 806.685481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.685495] ? check_preemption_disabled+0x48/0x280 [ 806.685520] ? debug_smp_processor_id+0x1c/0x20 [ 806.728157] ? print_usage_bug+0xc0/0xc0 08:43:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 806.732245] ? check_preemption_disabled+0x48/0x280 [ 806.737271] ? print_usage_bug+0xc0/0xc0 [ 806.741361] ? perf_trace_lock_acquire+0x15b/0x800 [ 806.746317] ? zap_class+0x640/0x640 [ 806.750077] ? __lock_acquire+0x62f/0x4c20 [ 806.754345] ? mark_held_locks+0x130/0x130 [ 806.758598] ? __lock_acquire+0x62f/0x4c20 [ 806.762850] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.768417] ? check_preemption_disabled+0x48/0x280 [ 806.773452] ? dput.part.25+0x241/0x860 [ 806.777444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.783001] ? check_preemption_disabled+0x48/0x280 [ 806.787292] binder: 30785:30786 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 806.788035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.796350] binder: 30785:30786 got reply transaction with no transaction stack [ 806.801637] ? mark_held_locks+0x130/0x130 [ 806.801654] ? perf_trace_lock_acquire+0x15b/0x800 [ 806.801684] ? zap_class+0x640/0x640 [ 806.801706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.810563] binder: 30785:30786 transaction failed 29201/-71, size 0-0 line 2741 [ 806.813384] ? check_preemption_disabled+0x48/0x280 [ 806.813419] ? debug_smp_processor_id+0x1c/0x20 [ 806.813438] ? perf_trace_lock_acquire+0x15b/0x800 [ 806.813462] ? perf_trace_lock+0x7a0/0x7a0 [ 806.844250] binder: undelivered TRANSACTION_ERROR: 29201 [ 806.845301] ? find_held_lock+0x36/0x1c0 [ 806.845321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.845340] ? _parse_integer+0x134/0x180 [ 806.845358] ? zap_class+0x640/0x640 [ 806.845376] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 806.845401] ? _kstrtoull+0x188/0x250 [ 806.845419] ? _parse_integer+0x180/0x180 [ 806.845437] ? zap_class+0x640/0x640 [ 806.894610] ? lock_release+0xa10/0xa10 [ 806.898578] ? find_held_lock+0x36/0x1c0 [ 806.902633] ? zap_class+0x640/0x640 [ 806.906340] ? get_pid_task+0xd6/0x1a0 [ 806.910219] ? lock_downgrade+0x900/0x900 [ 806.914363] ? check_preemption_disabled+0x48/0x280 [ 806.919417] ? find_held_lock+0x36/0x1c0 [ 806.923473] ? __f_unlock_pos+0x19/0x20 [ 806.927438] ? lock_downgrade+0x900/0x900 [ 806.931576] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 806.937103] ? proc_fail_nth_write+0x9e/0x210 [ 806.941587] ? proc_cwd_link+0x1d0/0x1d0 [ 806.945642] ? find_held_lock+0x36/0x1c0 [ 806.949697] _do_fork+0x1cb/0x11c0 [ 806.953234] ? fork_idle+0x1d0/0x1d0 [ 806.956941] ? __lock_is_held+0xb5/0x140 [ 806.960993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.966519] ? check_preemption_disabled+0x48/0x280 [ 806.971529] ? __sb_end_write+0xd9/0x110 [ 806.975613] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 806.981142] ? fput+0x130/0x1a0 [ 806.984422] ? do_syscall_64+0x9a/0x820 [ 806.988386] ? do_syscall_64+0x9a/0x820 [ 806.992380] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 806.996978] ? trace_hardirqs_on+0xbd/0x310 [ 807.001291] ? __ia32_sys_read+0xb0/0xb0 [ 807.005373] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.010734] ? trace_hardirqs_off_caller+0x300/0x300 [ 807.015832] __x64_sys_clone+0xbf/0x150 [ 807.019807] do_syscall_64+0x1b9/0x820 [ 807.023690] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 807.029059] ? syscall_return_slowpath+0x5e0/0x5e0 [ 807.033976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 807.038810] ? trace_hardirqs_on_caller+0x310/0x310 [ 807.043819] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 807.048827] ? prepare_exit_to_usermode+0x291/0x3b0 [ 807.053835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 807.058675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.063851] RIP: 0033:0x457569 [ 807.067034] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 807.085941] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 807.093661] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 807.100941] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 807.108227] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 807.115516] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 807.122795] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:51 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x10000000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:43:51 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfwno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:51 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x4000000000000, @my}, 0x10) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci\x00', 0x20000, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000e00)='/dev/input/mice\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000e40)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x2f, 0x829, 0x0, 0x0, {0x2801}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback}]}]}, 0x2c}}, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000240)={0x0, 0x6, "2898dcb745c2"}, &(0x7f0000000280)=0xe) getsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000002c0)=@assoc_id=r7, &(0x7f0000000340)=0x4) socket$bt_hidp(0x1f, 0x3, 0x6) r8 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') getsockname$packet(r3, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000440)=0x14) getpeername$packet(r3, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000500)={{{@in=@loopback, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000600)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000640)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000680)={{{@in6=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@local}}, &(0x7f0000000780)=0xe8) recvmmsg(r5, &(0x7f0000003480)=[{{&(0x7f00000007c0)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000840)=""/15, 0xf}, {&(0x7f0000000880)=""/244, 0xf4}, {&(0x7f0000000980)=""/237, 0xed}, {&(0x7f0000000a80)=""/72, 0x48}, {&(0x7f0000000b00)=""/65, 0x41}, {&(0x7f0000000b80)=""/253, 0xfd}], 0x6, 0x0, 0x0, 0x8}, 0x1f}, {{0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000000d00)=""/166, 0xa6}, {&(0x7f0000000dc0)=""/35, 0x23}, {&(0x7f0000001e80)=""/123, 0x7b}, {&(0x7f0000001f00)=""/216, 0xd8}], 0x5, 0x0, 0x0, 0x1}, 0xca}, {{&(0x7f0000002080)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000003340)=[{&(0x7f0000002100)=""/24, 0x18}, {&(0x7f0000002140)=""/170, 0xaa}, {&(0x7f0000002200)=""/180, 0xb4}, {&(0x7f00000022c0)=""/4096, 0x1000}, {&(0x7f00000032c0)=""/69, 0x45}], 0x5, &(0x7f00000033c0)=""/161, 0xa1, 0xc41}, 0x4}], 0x3, 0x2, &(0x7f0000003540)={0x0, 0x989680}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000011800)={'irlan0\x00', 0x0}) getsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000011900)={@empty, @dev, 0x0}, &(0x7f0000011940)=0xc) accept4$packet(r3, &(0x7f0000011980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000119c0)=0x14, 0x80800) getpeername$packet(r3, &(0x7f0000011a00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000011a40)=0x14) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000011a80)={0x0, @broadcast, @broadcast}, &(0x7f0000011ac0)=0xc) sendmsg$TEAM_CMD_PORT_LIST_GET(r3, &(0x7f0000011fc0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000011f80)={&(0x7f0000011b00)={0x470, r8, 0x200, 0x70bd25, 0x25dfdbfd, {}, [{{0x8, 0x1, r9}, {0xfc, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0xfff}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0xcf5a}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x8001}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x7d6}}, {0x8, 0x6, r11}}}]}}, {{0x8, 0x1, r12}, {0x154, 0x2, [{0x44, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x14, 0x4, [{0xffff, 0x5, 0x53, 0x3}, {0x7, 0x1, 0x362, 0x66}]}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r13}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r14}, {0x1ac, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x10001}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x2f7}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x24, 0x4, [{0x1be4, 0xbf, 0x6, 0x4}, {0x7, 0x1, 0x100000, 0x4}, {0x1, 0x401, 0x101, 0x6}, {0x0, 0x4000400, 0x248, 0x9}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r16}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r17}}}]}}, {{0x8, 0x1, r18}, {0x40, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r19}}}]}}]}, 0x470}, 0x1, 0x0, 0x0, 0x8000}, 0x0) openat$cgroup_type(r3, &(0x7f0000000100)='cgroup.type\x00', 0x2, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:51 executing program 5 (fault-call:1 fault-nth:9): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 807.329124] FAULT_INJECTION: forcing a failure. [ 807.329124] name failslab, interval 1, probability 0, space 0, times 0 [ 807.359548] CPU: 1 PID: 30800 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 807.362463] binder: 30795:30805 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 807.368084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.368093] Call Trace: [ 807.368121] dump_stack+0x244/0x39d [ 807.368149] ? dump_stack_print_info.cold.1+0x20/0x20 [ 807.368192] should_fail.cold.4+0xa/0x17 [ 807.394464] 9pnet: Insufficient options for proto=fd [ 807.396968] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 807.396990] ? dup_fd+0x888/0xf50 [ 807.397025] ? preempt_schedule_common+0x1f/0xe0 [ 807.397049] ? find_held_lock+0x36/0x1c0 [ 807.416111] binder: 30795:30805 got reply transaction with no transaction stack [ 807.419523] ? perf_trace_sched_process_exec+0x860/0x860 [ 807.419555] __should_failslab+0x124/0x180 [ 807.419576] should_failslab+0x9/0x14 [ 807.428754] binder: 30795:30805 transaction failed 29201/-71, size 0-0 line 2741 [ 807.431074] kmem_cache_alloc+0x2be/0x730 [ 807.431106] copy_fs_struct+0x46/0x2d0 [ 807.431126] copy_process+0x3f87/0x8770 [ 807.439714] binder: 30795:30805 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 807.440808] ? check_preemption_disabled+0x48/0x280 08:43:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 807.440866] ? __cleanup_sighand+0x70/0x70 [ 807.444787] binder: 30795:30805 got reply transaction with no transaction stack [ 807.452201] ? debug_smp_processor_id+0x1c/0x20 [ 807.452220] ? perf_trace_lock_acquire+0x15b/0x800 [ 807.452243] ? print_usage_bug+0xc0/0xc0 [ 807.452268] ? ima_match_policy+0x848/0x1560 [ 807.452286] ? check_preemption_disabled+0x48/0x280 [ 807.452305] ? print_usage_bug+0xc0/0xc0 [ 807.462537] 9pnet: Insufficient options for proto=fd [ 807.464294] ? print_usage_bug+0xc0/0xc0 [ 807.464312] ? kasan_check_read+0x11/0x20 08:43:51 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Qfdno', 0x3d, r0}}) [ 807.464338] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 807.472769] binder: undelivered TRANSACTION_ERROR: 29201 [ 807.477441] ? __lock_acquire+0x62f/0x4c20 [ 807.477460] ? find_held_lock+0x36/0x1c0 [ 807.477493] ? mark_held_locks+0x130/0x130 [ 807.477523] ? mark_held_locks+0x130/0x130 [ 807.557007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.562564] ? check_preemption_disabled+0x48/0x280 [ 807.567604] ? debug_smp_processor_id+0x1c/0x20 [ 807.572285] ? print_usage_bug+0xc0/0xc0 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 807.576352] ? check_preemption_disabled+0x48/0x280 [ 807.581386] ? print_usage_bug+0xc0/0xc0 [ 807.585482] ? perf_trace_lock_acquire+0x15b/0x800 [ 807.590439] ? zap_class+0x640/0x640 [ 807.594196] ? __lock_acquire+0x62f/0x4c20 [ 807.598466] ? mark_held_locks+0x130/0x130 [ 807.602722] ? __lock_acquire+0x62f/0x4c20 [ 807.606975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.607044] 9pnet: Insufficient options for proto=fd [ 807.612526] ? check_preemption_disabled+0x48/0x280 [ 807.612544] ? dput.part.25+0x241/0x860 08:43:51 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'bfdno', 0x3d, r0}}) [ 807.612561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.612577] ? check_preemption_disabled+0x48/0x280 [ 807.612597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.642761] ? mark_held_locks+0x130/0x130 [ 807.647009] ? perf_trace_lock_acquire+0x15b/0x800 [ 807.651962] ? zap_class+0x640/0x640 [ 807.655688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.661246] ? check_preemption_disabled+0x48/0x280 [ 807.666275] ? debug_smp_processor_id+0x1c/0x20 [ 807.670953] ? perf_trace_lock_acquire+0x15b/0x800 [ 807.675904] ? perf_trace_lock+0x7a0/0x7a0 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 807.680155] ? find_held_lock+0x36/0x1c0 [ 807.684243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.689801] ? _parse_integer+0x134/0x180 [ 807.693966] ? zap_class+0x640/0x640 [ 807.698054] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 807.703612] ? _kstrtoull+0x188/0x250 [ 807.707436] ? _parse_integer+0x180/0x180 [ 807.711605] ? zap_class+0x640/0x640 [ 807.715336] ? lock_release+0xa10/0xa10 [ 807.719333] ? find_held_lock+0x36/0x1c0 [ 807.723425] ? zap_class+0x640/0x640 [ 807.727171] ? get_pid_task+0xd6/0x1a0 [ 807.731076] ? lock_downgrade+0x900/0x900 [ 807.733102] 9pnet: Insufficient options for proto=fd [ 807.735241] ? check_preemption_disabled+0x48/0x280 [ 807.735269] ? find_held_lock+0x36/0x1c0 [ 807.735297] ? __f_unlock_pos+0x19/0x20 [ 807.735314] ? lock_downgrade+0x900/0x900 [ 807.735336] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 807.763137] ? proc_fail_nth_write+0x9e/0x210 [ 807.767649] ? proc_cwd_link+0x1d0/0x1d0 [ 807.771733] ? find_held_lock+0x36/0x1c0 [ 807.775816] _do_fork+0x1cb/0x11c0 [ 807.779382] ? fork_idle+0x1d0/0x1d0 [ 807.783126] ? __lock_is_held+0xb5/0x140 [ 807.787217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.792763] ? check_preemption_disabled+0x48/0x280 [ 807.797801] ? __sb_end_write+0xd9/0x110 [ 807.801894] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 807.807447] ? fput+0x130/0x1a0 [ 807.810746] ? do_syscall_64+0x9a/0x820 [ 807.814737] ? do_syscall_64+0x9a/0x820 [ 807.816638] binder: 30813:30826 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 807.818733] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 807.818754] ? trace_hardirqs_on+0xbd/0x310 [ 807.818771] ? __ia32_sys_read+0xb0/0xb0 [ 807.818793] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.827008] binder: 30813:30826 got reply transaction with no transaction stack [ 807.831884] ? trace_hardirqs_off_caller+0x300/0x300 [ 807.831909] __x64_sys_clone+0xbf/0x150 [ 807.831932] do_syscall_64+0x1b9/0x820 [ 807.866039] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 807.871404] ? syscall_return_slowpath+0x5e0/0x5e0 [ 807.876322] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 807.881161] ? trace_hardirqs_on_caller+0x310/0x310 [ 807.886184] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 807.891211] ? prepare_exit_to_usermode+0x291/0x3b0 [ 807.896240] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 807.901093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.906278] RIP: 0033:0x457569 [ 807.909473] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 08:43:51 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x20100000, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 08:43:51 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Ifdno', 0x3d, r0}}) 08:43:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 807.928383] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 807.936090] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 807.943345] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 807.950601] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 807.957868] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 807.965143] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 808.029046] 9pnet: Insufficient options for proto=fd [ 808.040642] binder: 30832:30833 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 808.055806] openvswitch: netlink: Flow actions attr not present in new flow. [ 808.079029] binder: 30832:30833 got reply transaction with no transaction stack [ 808.100206] binder_transaction: 2 callbacks suppressed [ 808.100225] binder: 30832:30833 transaction failed 29201/-71, size 0-0 line 2741 08:43:51 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={0xffffffffffffffff}, 0x106, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r2, &(0x7f0000000340)={0x6, 0x118, 0xfa00, {{0x4, 0x380000000000000, "d76ee62c2f2ce6531833bf15d184f42d403a417cc3de5c623aa8be64f1ea611d7558c337ed09171418233a6e6af0455e7ab7912d9ec871cbac670b46c355143b92324dfae2d33be83e557a7b54ae86bc92d568bb6a7681f7b873ea5c6c502dc9b061a7d7f9dcb223fa753ab32fde056bdd8e0ac0e67919cf3a339fb8d234bb8e59073648c18de79014afaae1635f525a90a3ed0f90c51127b287d6ef154fc68f0bb5fac1a5c604d65ed54457c37245a1d387744c00cc202f9540b1689cc10ada5d5c1718fe4002b810d73ef50ecc4fe8df8d0e33269a3d2b210ffb149795a2b41c6f88df04b379aa1d4915d81b1333e364b79c08897b20ff5e7d2016214db159", 0xa1, 0x7, 0x9681, 0x7, 0x7ff, 0x6, 0xfffffffffffffff7}, r3}}, 0x120) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) socket$inet6(0xa, 0x0, 0x9) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000004, 0x30, r1, 0x0) tkill(r0, 0x1004000000016) 08:43:51 executing program 5 (fault-call:1 fault-nth:10): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:51 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'gfdno', 0x3d, r0}}) 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:43:51 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranS=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 808.129501] binder_release_work: 2 callbacks suppressed [ 808.129508] binder: undelivered TRANSACTION_ERROR: 29201 [ 808.145676] openvswitch: netlink: Flow actions attr not present in new flow. [ 808.214180] binder: 30849:30854 transaction failed 29201/-71, size 0-0 line 2741 [ 808.226496] 9pnet: Insufficient options for proto=fd [ 808.233054] FAULT_INJECTION: forcing a failure. [ 808.233054] name failslab, interval 1, probability 0, space 0, times 0 08:43:51 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 808.260706] binder: undelivered TRANSACTION_ERROR: 29201 [ 808.290373] CPU: 1 PID: 30855 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 808.298926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.308293] Call Trace: [ 808.310904] dump_stack+0x244/0x39d [ 808.314556] ? dump_stack_print_info.cold.1+0x20/0x20 [ 808.319780] should_fail.cold.4+0xa/0x17 [ 808.323858] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 808.328979] ? perf_trace_lock+0x7a0/0x7a0 [ 808.333259] ? __x64_sys_clone+0xbf/0x150 [ 808.337427] ? zap_class+0x640/0x640 [ 808.341174] ? zap_class+0x640/0x640 [ 808.344907] ? percpu_ref_put_many+0x11c/0x260 [ 808.344934] ? find_held_lock+0x36/0x1c0 [ 808.344974] ? perf_trace_sched_process_exec+0x860/0x860 [ 808.353606] ? kasan_check_read+0x11/0x20 [ 808.353635] __should_failslab+0x124/0x180 [ 808.353657] should_failslab+0x9/0x14 [ 808.371262] kmem_cache_alloc+0x2be/0x730 [ 808.375432] ? _raw_spin_unlock+0x2c/0x50 [ 808.379605] copy_process+0x28db/0x8770 [ 808.383596] ? check_preemption_disabled+0x48/0x280 08:43:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:43:52 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranx=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 808.388660] ? __cleanup_sighand+0x70/0x70 [ 808.392918] ? debug_smp_processor_id+0x1c/0x20 [ 808.397606] ? perf_trace_lock_acquire+0x15b/0x800 [ 808.402564] ? print_usage_bug+0xc0/0xc0 [ 808.406647] ? ima_match_policy+0x848/0x1560 [ 808.411073] ? check_preemption_disabled+0x48/0x280 [ 808.416107] ? print_usage_bug+0xc0/0xc0 [ 808.420187] ? print_usage_bug+0xc0/0xc0 [ 808.424259] ? kasan_check_read+0x11/0x20 [ 808.428428] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 808.433728] ? __lock_acquire+0x62f/0x4c20 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 808.437979] ? find_held_lock+0x36/0x1c0 [ 808.442078] ? mark_held_locks+0x130/0x130 [ 808.446350] ? mark_held_locks+0x130/0x130 [ 808.450601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.456156] ? check_preemption_disabled+0x48/0x280 [ 808.461211] ? debug_smp_processor_id+0x1c/0x20 [ 808.465911] ? print_usage_bug+0xc0/0xc0 [ 808.469987] ? check_preemption_disabled+0x48/0x280 [ 808.475020] ? print_usage_bug+0xc0/0xc0 [ 808.479108] ? perf_trace_lock_acquire+0x15b/0x800 [ 808.484058] ? zap_class+0x640/0x640 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 808.487814] ? __lock_acquire+0x62f/0x4c20 [ 808.492081] ? mark_held_locks+0x130/0x130 [ 808.496333] ? __lock_acquire+0x62f/0x4c20 [ 808.500585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.506138] ? check_preemption_disabled+0x48/0x280 [ 808.511184] ? dput.part.25+0x241/0x860 [ 808.515183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.520739] ? check_preemption_disabled+0x48/0x280 [ 808.525773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.531345] ? mark_held_locks+0x130/0x130 [ 808.535594] ? perf_trace_lock_acquire+0x15b/0x800 [ 808.540552] ? zap_class+0x640/0x640 [ 808.544288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.549846] ? check_preemption_disabled+0x48/0x280 [ 808.554901] ? debug_smp_processor_id+0x1c/0x20 [ 808.559592] ? perf_trace_lock_acquire+0x15b/0x800 [ 808.564553] ? perf_trace_lock+0x7a0/0x7a0 [ 808.568806] ? find_held_lock+0x36/0x1c0 [ 808.572882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.578439] ? _parse_integer+0x134/0x180 [ 808.582598] ? zap_class+0x640/0x640 [ 808.586332] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 808.591894] ? _kstrtoull+0x188/0x250 [ 808.595719] ? _parse_integer+0x180/0x180 [ 808.599885] ? zap_class+0x640/0x640 [ 808.603616] ? lock_release+0xa10/0xa10 [ 808.607617] ? find_held_lock+0x36/0x1c0 [ 808.611697] ? zap_class+0x640/0x640 [ 808.615445] ? get_pid_task+0xd6/0x1a0 [ 808.619346] ? lock_downgrade+0x900/0x900 [ 808.623513] ? check_preemption_disabled+0x48/0x280 [ 808.628554] ? find_held_lock+0x36/0x1c0 [ 808.632645] ? __f_unlock_pos+0x19/0x20 [ 808.636638] ? lock_downgrade+0x900/0x900 08:43:52 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x78, r3, 0x728, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1000}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x993e}]}, 0x78}, 0x1, 0x0, 0x0, 0x4010}, 0x40000) [ 808.640808] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 808.646366] ? proc_fail_nth_write+0x9e/0x210 [ 808.646380] ? proc_cwd_link+0x1d0/0x1d0 [ 808.646416] ? find_held_lock+0x36/0x1c0 [ 808.646438] _do_fork+0x1cb/0x11c0 [ 808.646460] ? fork_idle+0x1d0/0x1d0 [ 808.666331] ? __lock_is_held+0xb5/0x140 [ 808.670433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.675988] ? check_preemption_disabled+0x48/0x280 [ 808.681035] ? __sb_end_write+0xd9/0x110 [ 808.685118] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 808.690683] ? fput+0x130/0x1a0 [ 808.693982] ? do_syscall_64+0x9a/0x820 [ 808.697974] ? do_syscall_64+0x9a/0x820 [ 808.701969] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 808.706566] ? trace_hardirqs_on+0xbd/0x310 [ 808.710906] ? __ia32_sys_read+0xb0/0xb0 [ 808.714973] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.720341] ? trace_hardirqs_off_caller+0x300/0x300 [ 808.725469] __x64_sys_clone+0xbf/0x150 [ 808.729464] do_syscall_64+0x1b9/0x820 [ 808.733366] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 808.738794] ? syscall_return_slowpath+0x5e0/0x5e0 [ 808.743728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 808.748565] ? trace_hardirqs_on_caller+0x310/0x310 [ 808.753573] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 808.758580] ? prepare_exit_to_usermode+0x291/0x3b0 [ 808.763589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 808.768432] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.773623] RIP: 0033:0x457569 [ 808.776804] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 808.795690] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 808.803384] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 808.810650] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 808.817919] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 808.825200] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 808.832482] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:52 executing program 5 (fault-call:1 fault-nth:11): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:43:52 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trang=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:52 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Tfdno', 0x3d, r0}}) 08:43:52 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x5) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 808.889942] 9pnet: Insufficient options for proto=fd 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 808.915983] binder: 30895:30897 transaction failed 29201/-71, size 0-0 line 2741 [ 808.937381] binder: undelivered TRANSACTION_ERROR: 29201 [ 808.979581] FAULT_INJECTION: forcing a failure. [ 808.979581] name failslab, interval 1, probability 0, space 0, times 0 [ 808.997377] CPU: 1 PID: 30906 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 809.005929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.015306] Call Trace: [ 809.017932] dump_stack+0x244/0x39d [ 809.021594] ? dump_stack_print_info.cold.1+0x20/0x20 08:43:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 809.026814] should_fail.cold.4+0xa/0x17 [ 809.030899] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 809.036019] ? debug_smp_processor_id+0x1c/0x20 [ 809.040711] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.045663] ? save_stack+0xa9/0xd0 [ 809.049315] ? perf_trace_lock+0x7a0/0x7a0 [ 809.053568] ? do_syscall_64+0x1b9/0x820 [ 809.057657] ? find_held_lock+0x36/0x1c0 [ 809.061758] ? perf_trace_sched_process_exec+0x860/0x860 [ 809.067232] ? _raw_spin_unlock_irq+0x27/0x80 [ 809.071748] __should_failslab+0x124/0x180 [ 809.076007] should_failslab+0x9/0x14 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 809.079828] kmem_cache_alloc+0x2be/0x730 [ 809.084001] copy_process+0x2a87/0x8770 [ 809.087992] ? check_preemption_disabled+0x48/0x280 [ 809.093057] ? __cleanup_sighand+0x70/0x70 [ 809.097314] ? debug_smp_processor_id+0x1c/0x20 [ 809.102002] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.106956] ? print_usage_bug+0xc0/0xc0 [ 809.111042] ? ima_match_policy+0x848/0x1560 [ 809.115475] ? check_preemption_disabled+0x48/0x280 [ 809.120509] ? print_usage_bug+0xc0/0xc0 [ 809.124591] ? kasan_check_read+0x11/0x20 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 809.128762] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 809.134057] ? __lock_acquire+0x62f/0x4c20 [ 809.138317] ? find_held_lock+0x36/0x1c0 [ 809.142424] ? mark_held_locks+0x130/0x130 [ 809.146691] ? mark_held_locks+0x130/0x130 [ 809.150945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.156497] ? check_preemption_disabled+0x48/0x280 [ 809.161532] ? debug_smp_processor_id+0x1c/0x20 [ 809.166223] ? print_usage_bug+0xc0/0xc0 [ 809.170296] ? check_preemption_disabled+0x48/0x280 [ 809.175328] ? print_usage_bug+0xc0/0xc0 08:43:52 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 809.179426] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.184371] ? zap_class+0x640/0x640 [ 809.188125] ? __lock_acquire+0x62f/0x4c20 [ 809.192408] ? mark_held_locks+0x130/0x130 [ 809.196671] ? __lock_acquire+0x62f/0x4c20 [ 809.200926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.206484] ? check_preemption_disabled+0x48/0x280 [ 809.211520] ? dput.part.25+0x241/0x860 [ 809.215517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.221070] ? check_preemption_disabled+0x48/0x280 [ 809.226101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.231660] ? mark_held_locks+0x130/0x130 [ 809.235926] ? zap_class+0x640/0x640 [ 809.239658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.245210] ? check_preemption_disabled+0x48/0x280 [ 809.250251] ? debug_smp_processor_id+0x1c/0x20 [ 809.254669] binder: 30910:30923 transaction failed 29201/-71, size 0-0 line 2741 [ 809.254938] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.263523] binder: undelivered TRANSACTION_ERROR: 29201 [ 809.267409] ? perf_trace_lock+0x7a0/0x7a0 [ 809.267426] ? find_held_lock+0x36/0x1c0 [ 809.267445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.267463] ? _parse_integer+0x134/0x180 [ 809.267481] ? zap_class+0x640/0x640 [ 809.267499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 809.267518] ? _kstrtoull+0x188/0x250 [ 809.303942] ? _parse_integer+0x180/0x180 [ 809.308099] ? zap_class+0x640/0x640 [ 809.311805] ? lock_release+0xa10/0xa10 [ 809.315775] ? find_held_lock+0x36/0x1c0 [ 809.319839] ? zap_class+0x640/0x640 [ 809.323566] ? get_pid_task+0xd6/0x1a0 [ 809.327476] ? lock_downgrade+0x900/0x900 [ 809.331622] ? check_preemption_disabled+0x48/0x280 [ 809.336643] ? find_held_lock+0x36/0x1c0 [ 809.340727] ? __f_unlock_pos+0x19/0x20 [ 809.344707] ? lock_downgrade+0x900/0x900 [ 809.348851] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 809.354410] ? proc_fail_nth_write+0x9e/0x210 [ 809.358928] ? proc_cwd_link+0x1d0/0x1d0 [ 809.363001] ? find_held_lock+0x36/0x1c0 [ 809.367062] _do_fork+0x1cb/0x11c0 [ 809.370598] ? fork_idle+0x1d0/0x1d0 [ 809.374306] ? __lock_is_held+0xb5/0x140 [ 809.378388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.383946] ? check_preemption_disabled+0x48/0x280 [ 809.388962] ? __sb_end_write+0xd9/0x110 [ 809.393018] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 809.398547] ? fput+0x130/0x1a0 [ 809.401823] ? do_syscall_64+0x9a/0x820 [ 809.405795] ? do_syscall_64+0x9a/0x820 [ 809.409774] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 809.414346] ? trace_hardirqs_on+0xbd/0x310 [ 809.418660] ? __ia32_sys_read+0xb0/0xb0 [ 809.422731] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.428101] ? trace_hardirqs_off_caller+0x300/0x300 [ 809.433214] __x64_sys_clone+0xbf/0x150 [ 809.437197] do_syscall_64+0x1b9/0x820 [ 809.441076] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 809.446438] ? syscall_return_slowpath+0x5e0/0x5e0 [ 809.451354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 809.456196] ? trace_hardirqs_on_caller+0x310/0x310 [ 809.461204] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 809.466213] ? prepare_exit_to_usermode+0x291/0x3b0 [ 809.471227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 809.476064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.481253] RIP: 0033:0x457569 [ 809.484445] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 809.503357] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 809.511059] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 809.518315] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 08:43:53 executing program 5 (fault-call:1 fault-nth:12): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:53 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:43:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:53 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranI=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:53 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Vfdno', 0x3d, r0}}) [ 809.525575] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 809.532833] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 809.540088] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 809.606108] binder: 30928:30929 transaction failed 29201/-71, size 0-0 line 2741 08:43:53 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000340)="25e8309df3a5c129e878d2dda4032a99b0c558957b624f9beda78d172610d5a1fff1d633df59f2c185932523c28f81683ad342fd7129905b5581148146fed40a729122bdb6f7388d31000a6194e8f7dce2c0240719c7ec38f59a59c9be870517d1b38159571b99a33f7bcfb43721a2302afb9833af8215e0cf795d95b8c604721309cd59463304822ee5b37f56483df8c1d7ddd15ba45ede6d7e3b951688fa17469658a6d49f396d055ffd94673830f93a01522411d082296e46a5668fc20e091b139434a40cc4bf08217f3e", 0xcc, 0xfffffffffffffffe) keyctl$revoke(0x3, r3) tkill(r0, 0x1004000000016) 08:43:53 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:43:53 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranV=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 809.650506] binder: undelivered TRANSACTION_ERROR: 29201 [ 809.655500] binder: 30928:30929 transaction failed 29201/-71, size 0-0 line 2741 [ 809.663622] binder: undelivered TRANSACTION_ERROR: 29201 [ 809.683457] FAULT_INJECTION: forcing a failure. [ 809.683457] name failslab, interval 1, probability 0, space 0, times 0 [ 809.691028] 9pnet: Insufficient options for proto=fd [ 809.743650] CPU: 0 PID: 30938 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 809.752205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.761581] Call Trace: [ 809.764193] dump_stack+0x244/0x39d [ 809.767855] ? dump_stack_print_info.cold.1+0x20/0x20 [ 809.773077] should_fail.cold.4+0xa/0x17 [ 809.777187] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 809.782312] ? debug_smp_processor_id+0x1c/0x20 [ 809.787002] ? perf_trace_lock_acquire+0x15b/0x800 08:43:53 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranq=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 809.791962] ? perf_trace_lock+0x7a0/0x7a0 [ 809.796211] ? do_syscall_64+0x1b9/0x820 [ 809.800298] ? find_held_lock+0x36/0x1c0 [ 809.804408] ? perf_trace_sched_process_exec+0x860/0x860 [ 809.809868] ? __mutex_init+0x1f7/0x290 [ 809.813851] ? __ia32_sys_membarrier+0x150/0x150 [ 809.818623] __should_failslab+0x124/0x180 [ 809.822886] should_failslab+0x9/0x14 [ 809.826708] kmem_cache_alloc+0x2be/0x730 [ 809.830882] copy_process+0x3563/0x8770 [ 809.834877] ? check_preemption_disabled+0x48/0x280 [ 809.839937] ? __cleanup_sighand+0x70/0x70 [ 809.844198] ? debug_smp_processor_id+0x1c/0x20 [ 809.848882] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.853832] ? print_usage_bug+0xc0/0xc0 [ 809.857918] ? ima_match_policy+0x848/0x1560 [ 809.862346] ? check_preemption_disabled+0x48/0x280 [ 809.866517] binder_thread_write: 5 callbacks suppressed [ 809.866528] binder: 30949:30951 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 809.867381] ? print_usage_bug+0xc0/0xc0 [ 809.867415] ? kasan_check_read+0x11/0x20 [ 809.867436] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 08:43:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 809.867458] ? __lock_acquire+0x62f/0x4c20 [ 809.875307] binder: 30949:30951 transaction failed 29201/-71, size 0-0 line 2741 [ 809.880893] ? mark_held_locks+0x130/0x130 [ 809.880923] ? mark_held_locks+0x130/0x130 [ 809.897626] binder: undelivered TRANSACTION_ERROR: 29201 [ 809.898630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.898650] ? check_preemption_disabled+0x48/0x280 [ 809.898681] ? debug_smp_processor_id+0x1c/0x20 [ 809.898701] ? print_usage_bug+0xc0/0xc0 [ 809.939418] ? check_preemption_disabled+0x48/0x280 [ 809.944460] ? print_usage_bug+0xc0/0xc0 [ 809.948551] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.953501] ? zap_class+0x640/0x640 [ 809.957251] ? __lock_acquire+0x62f/0x4c20 [ 809.961511] ? mark_held_locks+0x130/0x130 [ 809.965768] ? __lock_acquire+0x62f/0x4c20 [ 809.970021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.975575] ? check_preemption_disabled+0x48/0x280 [ 809.977707] binder: 30955:30957 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 809.980605] ? dput.part.25+0x241/0x860 08:43:53 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trano=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 809.980627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.980643] ? check_preemption_disabled+0x48/0x280 [ 809.980668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.980693] ? mark_held_locks+0x130/0x130 [ 809.993142] binder_transaction: 6 callbacks suppressed [ 809.993153] binder: 30955:30957 got reply transaction with no transaction stack [ 809.998275] ? zap_class+0x640/0x640 [ 809.998296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.998314] ? check_preemption_disabled+0x48/0x280 [ 809.998332] ? debug_smp_processor_id+0x1c/0x20 [ 809.998348] ? perf_trace_lock_acquire+0x15b/0x800 [ 809.998373] ? perf_trace_lock+0x7a0/0x7a0 [ 809.998386] ? find_held_lock+0x36/0x1c0 [ 809.998412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.998430] ? _parse_integer+0x134/0x180 [ 809.998447] ? zap_class+0x640/0x640 [ 810.009000] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 810.022800] binder: 30955:30957 transaction failed 29201/-71, size 0-0 line 2741 [ 810.025941] ? _kstrtoull+0x188/0x250 [ 810.025962] ? _parse_integer+0x180/0x180 [ 810.025979] ? zap_class+0x640/0x640 [ 810.025996] ? lock_release+0xa10/0xa10 [ 810.026018] ? find_held_lock+0x36/0x1c0 [ 810.026033] ? zap_class+0x640/0x640 [ 810.026059] ? get_pid_task+0xd6/0x1a0 [ 810.035301] ? lock_downgrade+0x900/0x900 [ 810.035317] ? check_preemption_disabled+0x48/0x280 [ 810.035343] ? find_held_lock+0x36/0x1c0 [ 810.035370] ? __f_unlock_pos+0x19/0x20 [ 810.035399] ? lock_downgrade+0x900/0x900 [ 810.050974] binder: undelivered TRANSACTION_ERROR: 29201 [ 810.054240] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 810.054259] ? proc_fail_nth_write+0x9e/0x210 [ 810.054274] ? proc_cwd_link+0x1d0/0x1d0 [ 810.054298] ? find_held_lock+0x36/0x1c0 [ 810.157290] _do_fork+0x1cb/0x11c0 [ 810.160850] ? fork_idle+0x1d0/0x1d0 [ 810.164583] ? __lock_is_held+0xb5/0x140 [ 810.168677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.174231] ? check_preemption_disabled+0x48/0x280 [ 810.179272] ? __sb_end_write+0xd9/0x110 [ 810.183360] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 810.188923] ? fput+0x130/0x1a0 [ 810.192213] ? do_syscall_64+0x9a/0x820 [ 810.196204] ? do_syscall_64+0x9a/0x820 [ 810.200184] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 810.204772] ? trace_hardirqs_on+0xbd/0x310 [ 810.209110] ? __ia32_sys_read+0xb0/0xb0 [ 810.213185] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.218579] ? trace_hardirqs_off_caller+0x300/0x300 [ 810.223686] __x64_sys_clone+0xbf/0x150 [ 810.227656] do_syscall_64+0x1b9/0x820 [ 810.231540] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 810.236911] ? syscall_return_slowpath+0x5e0/0x5e0 [ 810.241936] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 810.246771] ? trace_hardirqs_on_caller+0x310/0x310 [ 810.251777] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 810.256781] ? prepare_exit_to_usermode+0x291/0x3b0 [ 810.261789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 810.266628] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.271806] RIP: 0033:0x457569 [ 810.274992] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 08:43:54 executing program 5 (fault-call:1 fault-nth:13): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:54 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r4 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x800) ioctl$KVM_DEASSIGN_PCI_DEVICE(r4, 0x4040ae72, &(0x7f0000000100)={0x80, 0x7, 0x4, 0x1, 0x4}) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r1, 0x1004000000016) 08:43:54 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranQ=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:54 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'dfdno', 0x3d, r0}}) 08:43:54 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 810.293887] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 810.301600] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 810.308853] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 810.316109] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 810.323364] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 810.330619] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:54 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 810.423426] binder: 30966:30975 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 810.431742] binder: 30966:30975 got reply transaction with no transaction stack [ 810.445535] binder: 30966:30975 transaction failed 29201/-71, size 0-0 line 2741 [ 810.459015] FAULT_INJECTION: forcing a failure. [ 810.459015] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:43:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 810.461552] binder: undelivered TRANSACTION_ERROR: 29201 [ 810.480604] 9pnet: Insufficient options for proto=fd [ 810.496268] CPU: 0 PID: 30978 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 810.504785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.514158] Call Trace: [ 810.516775] dump_stack+0x244/0x39d 08:43:54 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'qfdno', 0x3d, r0}}) [ 810.520447] ? dump_stack_print_info.cold.1+0x20/0x20 [ 810.525658] ? debug_smp_processor_id+0x1c/0x20 [ 810.530365] ? perf_trace_lock_acquire+0x15b/0x800 [ 810.535328] should_fail.cold.4+0xa/0x17 [ 810.539416] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 810.544538] ? zap_class+0x640/0x640 [ 810.548271] ? print_usage_bug+0xc0/0xc0 [ 810.552355] ? mark_held_locks+0x130/0x130 [ 810.556618] ? find_held_lock+0x36/0x1c0 [ 810.560728] ? lock_release+0xa10/0xa10 [ 810.564720] ? perf_trace_sched_process_exec+0x860/0x860 [ 810.570200] ? __might_sleep+0x95/0x190 [ 810.574201] __alloc_pages_nodemask+0x34b/0xdd0 [ 810.576130] binder: 30982:30983 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 810.578888] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 810.578909] ? is_bpf_text_address+0xac/0x170 [ 810.578942] ? lock_downgrade+0x900/0x900 [ 810.593808] 9pnet: Insufficient options for proto=fd [ 810.596503] ? check_preemption_disabled+0x48/0x280 [ 810.596529] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 810.596546] ? kasan_check_read+0x11/0x20 [ 810.596570] ? rcu_softirq_qs+0x20/0x20 08:43:54 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'sfdno', 0x3d, r0}}) [ 810.596590] ? unwind_dump+0x190/0x190 [ 810.605700] binder: 30982:30983 got reply transaction with no transaction stack [ 810.605844] ? is_bpf_text_address+0xd3/0x170 [ 810.611035] binder: 30982:30983 transaction failed 29201/-71, size 0-0 line 2741 [ 810.615869] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 810.615890] alloc_pages_current+0x173/0x350 [ 810.615910] __get_free_pages+0xc/0x40 [ 810.615925] pgd_alloc+0x9a/0x480 [ 810.615939] ? __init_rwsem+0x1cc/0x2a0 [ 810.615953] ? pgd_page_get_mm+0x40/0x40 08:43:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 810.615974] ? save_stack+0xa9/0xd0 [ 810.638268] binder: undelivered TRANSACTION_ERROR: 29201 [ 810.639904] ? save_stack+0x43/0xd0 [ 810.639927] ? kasan_slab_alloc+0x12/0x20 [ 810.689595] ? kmem_cache_alloc+0x12e/0x730 [ 810.693936] ? copy_process+0x3563/0x8770 [ 810.698096] ? _do_fork+0x1cb/0x11c0 [ 810.701819] ? __x64_sys_clone+0xbf/0x150 [ 810.705984] ? do_syscall_64+0x1b9/0x820 [ 810.710065] ? __lockdep_init_map+0x105/0x590 [ 810.714421] 9pnet: Insufficient options for proto=fd [ 810.714578] mm_init+0x726/0xc00 [ 810.723053] ? get_task_exe_file+0xd0/0xd0 [ 810.727306] ? kasan_check_read+0x11/0x20 [ 810.731468] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 810.736763] ? rcu_softirq_qs+0x20/0x20 [ 810.737325] binder: 30988:30991 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 810.740761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.740780] ? check_preemption_disabled+0x48/0x280 [ 810.740807] ? rcu_pm_notify+0xc0/0xc0 [ 810.749037] binder: 30988:30991 got reply transaction with no transaction stack 08:43:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 810.754405] ? rcu_read_lock_sched_held+0x14f/0x180 [ 810.754424] ? kmem_cache_alloc+0x33a/0x730 [ 810.754451] copy_process+0x35ca/0x8770 [ 810.784046] ? check_preemption_disabled+0x48/0x280 [ 810.789111] ? __cleanup_sighand+0x70/0x70 [ 810.793367] ? debug_smp_processor_id+0x1c/0x20 [ 810.798065] ? perf_trace_lock_acquire+0x15b/0x800 [ 810.803015] ? print_usage_bug+0xc0/0xc0 [ 810.807094] ? ima_match_policy+0x848/0x1560 [ 810.811519] ? check_preemption_disabled+0x48/0x280 [ 810.816554] ? print_usage_bug+0xc0/0xc0 [ 810.820633] ? kasan_check_read+0x11/0x20 [ 810.824805] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 810.826625] binder: 30992:30993 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 810.830261] ? __lock_acquire+0x62f/0x4c20 [ 810.830297] ? mark_held_locks+0x130/0x130 [ 810.838469] binder: 30992:30993 got reply transaction with no transaction stack [ 810.842597] ? mark_held_locks+0x130/0x130 [ 810.842619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.864035] ? check_preemption_disabled+0x48/0x280 [ 810.869077] ? debug_smp_processor_id+0x1c/0x20 [ 810.873753] ? print_usage_bug+0xc0/0xc0 [ 810.877805] ? check_preemption_disabled+0x48/0x280 [ 810.882807] ? print_usage_bug+0xc0/0xc0 [ 810.886861] ? perf_trace_lock_acquire+0x15b/0x800 [ 810.891778] ? zap_class+0x640/0x640 [ 810.895492] ? __lock_acquire+0x62f/0x4c20 [ 810.899722] ? mark_held_locks+0x130/0x130 [ 810.903948] ? __lock_acquire+0x62f/0x4c20 [ 810.908177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.913702] ? check_preemption_disabled+0x48/0x280 [ 810.918707] ? dput.part.25+0x241/0x860 [ 810.922675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.928218] ? check_preemption_disabled+0x48/0x280 [ 810.933225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.938754] ? mark_held_locks+0x130/0x130 [ 810.942986] ? zap_class+0x640/0x640 [ 810.946692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.952214] ? check_preemption_disabled+0x48/0x280 [ 810.957234] ? debug_smp_processor_id+0x1c/0x20 [ 810.961888] ? perf_trace_lock_acquire+0x15b/0x800 [ 810.966807] ? perf_trace_lock+0x7a0/0x7a0 [ 810.971025] ? find_held_lock+0x36/0x1c0 [ 810.975071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.980604] ? _parse_integer+0x134/0x180 [ 810.984738] ? zap_class+0x640/0x640 [ 810.988442] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 810.993966] ? _kstrtoull+0x188/0x250 [ 810.997754] ? _parse_integer+0x180/0x180 [ 811.001888] ? zap_class+0x640/0x640 [ 811.005603] ? lock_release+0xa10/0xa10 [ 811.009569] ? find_held_lock+0x36/0x1c0 [ 811.013616] ? zap_class+0x640/0x640 [ 811.017319] ? get_pid_task+0xd6/0x1a0 [ 811.021192] ? lock_downgrade+0x900/0x900 [ 811.025328] ? check_preemption_disabled+0x48/0x280 [ 811.030357] ? find_held_lock+0x36/0x1c0 [ 811.034417] ? __f_unlock_pos+0x19/0x20 [ 811.038403] ? lock_downgrade+0x900/0x900 [ 811.042543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 811.048071] ? proc_fail_nth_write+0x9e/0x210 [ 811.052551] ? proc_cwd_link+0x1d0/0x1d0 [ 811.056605] ? find_held_lock+0x36/0x1c0 [ 811.060658] _do_fork+0x1cb/0x11c0 [ 811.064192] ? fork_idle+0x1d0/0x1d0 [ 811.067897] ? __lock_is_held+0xb5/0x140 [ 811.071950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.077476] ? check_preemption_disabled+0x48/0x280 [ 811.082481] ? __sb_end_write+0xd9/0x110 [ 811.086534] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 811.092062] ? fput+0x130/0x1a0 [ 811.095330] ? do_syscall_64+0x9a/0x820 [ 811.099291] ? do_syscall_64+0x9a/0x820 [ 811.103253] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 811.107827] ? trace_hardirqs_on+0xbd/0x310 [ 811.112136] ? __ia32_sys_read+0xb0/0xb0 [ 811.116185] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.121549] ? trace_hardirqs_off_caller+0x300/0x300 [ 811.126643] __x64_sys_clone+0xbf/0x150 [ 811.130610] do_syscall_64+0x1b9/0x820 [ 811.134485] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 811.139837] ? syscall_return_slowpath+0x5e0/0x5e0 [ 811.144750] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.149581] ? trace_hardirqs_on_caller+0x310/0x310 [ 811.154583] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 811.159696] ? prepare_exit_to_usermode+0x291/0x3b0 [ 811.164704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.169554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.174728] RIP: 0033:0x457569 [ 811.177938] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 811.196827] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 811.204521] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 811.211776] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 811.219033] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 08:43:54 executing program 5 (fault-call:1 fault-nth:14): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:54 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'ufdno', 0x3d, r0}}) [ 811.226289] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 811.233543] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:55 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) r3 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x7, 0x802) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000100)=0x10001, 0x4) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:55 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranT=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:55 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 811.310331] 9pnet: Insufficient options for proto=fd [ 811.347041] FAULT_INJECTION: forcing a failure. [ 811.347041] name failslab, interval 1, probability 0, space 0, times 0 [ 811.367157] binder: 31005:31009 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 811.375472] CPU: 1 PID: 31002 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 811.383982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.393344] Call Trace: [ 811.395958] dump_stack+0x244/0x39d [ 811.399616] ? dump_stack_print_info.cold.1+0x20/0x20 [ 811.404833] should_fail.cold.4+0xa/0x17 [ 811.408909] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 811.414034] ? debug_smp_processor_id+0x1c/0x20 [ 811.418721] ? perf_trace_lock_acquire+0x15b/0x800 [ 811.423665] ? check_preemption_disabled+0x48/0x280 [ 811.428702] ? zap_class+0x640/0x640 [ 811.432447] ? save_stack+0xa9/0xd0 [ 811.436102] ? find_held_lock+0x36/0x1c0 [ 811.440194] ? __lock_is_held+0xb5/0x140 [ 811.444352] ? atkbd_event_work+0x58/0x140 [ 811.448634] ? perf_trace_sched_process_exec+0x860/0x860 [ 811.454102] ? rcu_softirq_qs+0x20/0x20 [ 811.458100] __should_failslab+0x124/0x180 [ 811.462360] should_failslab+0x9/0x14 [ 811.464643] 9pnet: Insufficient options for proto=fd [ 811.466189] kmem_cache_alloc+0x2be/0x730 [ 811.466284] ? percpu_up_read_preempt_enable.constprop.40+0x100/0x100 [ 811.482115] vm_area_dup+0x7a/0x230 [ 811.485766] ? vm_area_alloc+0x1d0/0x1d0 [ 811.489843] ? _down_write_nest_lock+0x130/0x130 [ 811.494623] ? rcu_read_lock_sched_held+0x14f/0x180 [ 811.499663] copy_process+0x42a5/0x8770 [ 811.503691] ? __cleanup_sighand+0x70/0x70 [ 811.507957] ? perf_trace_lock_acquire+0x15b/0x800 [ 811.512902] ? print_usage_bug+0xc0/0xc0 [ 811.516992] ? ima_match_policy+0x848/0x1560 [ 811.521423] ? check_preemption_disabled+0x48/0x280 [ 811.526465] ? print_usage_bug+0xc0/0xc0 [ 811.530545] ? kasan_check_read+0x11/0x20 [ 811.534713] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 811.540017] ? __lock_acquire+0x62f/0x4c20 [ 811.544319] ? mark_held_locks+0x130/0x130 [ 811.548586] ? mark_held_locks+0x130/0x130 [ 811.552838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.558402] ? check_preemption_disabled+0x48/0x280 [ 811.563446] ? debug_smp_processor_id+0x1c/0x20 [ 811.568129] ? print_usage_bug+0xc0/0xc0 [ 811.572208] ? check_preemption_disabled+0x48/0x280 [ 811.577241] ? print_usage_bug+0xc0/0xc0 [ 811.581329] ? perf_trace_lock_acquire+0x15b/0x800 [ 811.586276] ? zap_class+0x640/0x640 [ 811.590029] ? __lock_acquire+0x62f/0x4c20 [ 811.592694] 9pnet: Insufficient options for proto=fd [ 811.594376] ? mark_held_locks+0x130/0x130 [ 811.594411] ? __lock_acquire+0x62f/0x4c20 [ 811.594431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.594446] ? check_preemption_disabled+0x48/0x280 [ 811.594467] ? dput.part.25+0x241/0x860 [ 811.622532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.628084] ? check_preemption_disabled+0x48/0x280 [ 811.633112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.638668] ? mark_held_locks+0x130/0x130 [ 811.642930] ? zap_class+0x640/0x640 [ 811.646657] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.652225] ? check_preemption_disabled+0x48/0x280 [ 811.657257] ? debug_smp_processor_id+0x1c/0x20 [ 811.661941] ? perf_trace_lock_acquire+0x15b/0x800 [ 811.666891] ? perf_trace_lock+0x7a0/0x7a0 [ 811.671140] ? find_held_lock+0x36/0x1c0 [ 811.675228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.680781] ? _parse_integer+0x134/0x180 [ 811.684946] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 811.690501] ? _kstrtoull+0x188/0x250 [ 811.694316] ? _parse_integer+0x180/0x180 [ 811.698673] ? zap_class+0x640/0x640 [ 811.702413] ? lock_release+0xa10/0xa10 [ 811.706426] ? find_held_lock+0x36/0x1c0 [ 811.710507] ? zap_class+0x640/0x640 [ 811.714241] ? get_pid_task+0xd6/0x1a0 [ 811.718146] ? lock_downgrade+0x900/0x900 [ 811.722312] ? check_preemption_disabled+0x48/0x280 [ 811.727347] ? find_held_lock+0x36/0x1c0 [ 811.731442] ? __f_unlock_pos+0x19/0x20 [ 811.735442] ? lock_downgrade+0x900/0x900 [ 811.739606] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 811.745153] ? proc_fail_nth_write+0x9e/0x210 [ 811.749672] ? proc_cwd_link+0x1d0/0x1d0 [ 811.753765] ? find_held_lock+0x36/0x1c0 [ 811.753782] 9pnet: Insufficient options for proto=fd [ 811.757841] _do_fork+0x1cb/0x11c0 [ 811.757866] ? fork_idle+0x1d0/0x1d0 [ 811.757887] ? __lock_is_held+0xb5/0x140 [ 811.757913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.757929] ? check_preemption_disabled+0x48/0x280 [ 811.757951] ? __sb_end_write+0xd9/0x110 [ 811.788938] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 811.794518] ? fput+0x130/0x1a0 08:43:55 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Rfdno', 0x3d, r0}}) 08:43:55 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:43:55 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Sfdno', 0x3d, r0}}) 08:43:55 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:43:55 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:43:55 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'w.dno', 0x3d, r0}}) [ 811.797817] ? do_syscall_64+0x9a/0x820 [ 811.799388] binder: 31005:31009 got reply transaction with no transaction stack [ 811.801808] ? do_syscall_64+0x9a/0x820 [ 811.801829] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 811.801849] ? trace_hardirqs_on+0xbd/0x310 [ 811.801864] ? __ia32_sys_read+0xb0/0xb0 [ 811.801882] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.801903] ? trace_hardirqs_off_caller+0x300/0x300 [ 811.836742] __x64_sys_clone+0xbf/0x150 [ 811.840738] do_syscall_64+0x1b9/0x820 [ 811.844640] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 811.850025] ? syscall_return_slowpath+0x5e0/0x5e0 [ 811.854963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.859819] ? trace_hardirqs_on_caller+0x310/0x310 [ 811.864852] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 811.869888] ? prepare_exit_to_usermode+0x291/0x3b0 [ 811.874927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.879818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.885014] RIP: 0033:0x457569 [ 811.888219] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 811.907129] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 811.914848] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 811.922105] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 811.929372] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 811.936647] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:43:55 executing program 5 (fault-call:1 fault-nth:15): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:55 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 811.943920] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 811.991547] FAULT_INJECTION: forcing a failure. [ 811.991547] name failslab, interval 1, probability 0, space 0, times 0 [ 812.003404] CPU: 1 PID: 31041 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 812.011906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.021247] Call Trace: [ 812.023826] dump_stack+0x244/0x39d [ 812.027443] ? dump_stack_print_info.cold.1+0x20/0x20 [ 812.032626] should_fail.cold.4+0xa/0x17 [ 812.036692] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 812.041802] ? debug_smp_processor_id+0x1c/0x20 [ 812.046461] ? perf_trace_lock_acquire+0x15b/0x800 [ 812.051378] ? kasan_kmalloc+0xc7/0xe0 [ 812.055257] ? kasan_slab_alloc+0x12/0x20 [ 812.059415] ? zap_class+0x640/0x640 [ 812.063135] ? find_held_lock+0x36/0x1c0 [ 812.067196] ? __lock_is_held+0xb5/0x140 [ 812.071252] ? perf_trace_sched_process_exec+0x860/0x860 [ 812.076691] ? copy_process+0x4550/0x8770 [ 812.080825] ? lock_downgrade+0x900/0x900 [ 812.084962] __should_failslab+0x124/0x180 [ 812.089194] should_failslab+0x9/0x14 [ 812.092981] kmem_cache_alloc+0x2be/0x730 [ 812.097119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 812.102662] vm_area_dup+0x7a/0x230 [ 812.106279] ? vm_area_alloc+0x1d0/0x1d0 [ 812.110332] copy_process+0x42a5/0x8770 [ 812.114308] ? __cleanup_sighand+0x70/0x70 [ 812.118545] ? perf_trace_lock_acquire+0x15b/0x800 [ 812.123481] ? print_usage_bug+0xc0/0xc0 [ 812.127553] ? ima_match_policy+0x848/0x1560 [ 812.131953] ? check_preemption_disabled+0x48/0x280 [ 812.136960] ? print_usage_bug+0xc0/0xc0 [ 812.141007] ? kasan_check_read+0x11/0x20 [ 812.145155] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 812.150451] ? __lock_acquire+0x62f/0x4c20 [ 812.154683] ? mark_held_locks+0x130/0x130 [ 812.158915] ? mark_held_locks+0x130/0x130 [ 812.163138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.168668] ? check_preemption_disabled+0x48/0x280 [ 812.173698] ? debug_smp_processor_id+0x1c/0x20 [ 812.178356] ? print_usage_bug+0xc0/0xc0 [ 812.182421] ? check_preemption_disabled+0x48/0x280 [ 812.187511] ? print_usage_bug+0xc0/0xc0 [ 812.191567] ? perf_trace_lock_acquire+0x15b/0x800 [ 812.196501] ? zap_class+0x640/0x640 [ 812.200214] ? __lock_acquire+0x62f/0x4c20 [ 812.204444] ? mark_held_locks+0x130/0x130 [ 812.208672] ? __lock_acquire+0x62f/0x4c20 [ 812.212898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.218423] ? check_preemption_disabled+0x48/0x280 [ 812.223426] ? dput.part.25+0x241/0x860 [ 812.227404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.232929] ? check_preemption_disabled+0x48/0x280 [ 812.237932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.243459] ? mark_held_locks+0x130/0x130 [ 812.247689] ? zap_class+0x640/0x640 [ 812.251416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.256942] ? check_preemption_disabled+0x48/0x280 [ 812.261960] ? debug_smp_processor_id+0x1c/0x20 [ 812.266616] ? perf_trace_lock_acquire+0x15b/0x800 [ 812.271537] ? perf_trace_lock+0x7a0/0x7a0 [ 812.275757] ? find_held_lock+0x36/0x1c0 [ 812.279823] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.285357] ? _parse_integer+0x134/0x180 [ 812.289494] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 812.295015] ? _kstrtoull+0x188/0x250 [ 812.298805] ? _parse_integer+0x180/0x180 [ 812.302940] ? zap_class+0x640/0x640 [ 812.306641] ? lock_release+0xa10/0xa10 [ 812.310611] ? find_held_lock+0x36/0x1c0 [ 812.314659] ? zap_class+0x640/0x640 [ 812.318364] ? get_pid_task+0xd6/0x1a0 [ 812.322236] ? lock_downgrade+0x900/0x900 [ 812.326369] ? check_preemption_disabled+0x48/0x280 [ 812.331383] ? find_held_lock+0x36/0x1c0 [ 812.335445] ? __f_unlock_pos+0x19/0x20 [ 812.339411] ? lock_downgrade+0x900/0x900 [ 812.343561] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 812.349085] ? proc_fail_nth_write+0x9e/0x210 [ 812.353580] ? proc_cwd_link+0x1d0/0x1d0 [ 812.357650] ? find_held_lock+0x36/0x1c0 [ 812.361726] _do_fork+0x1cb/0x11c0 [ 812.365258] ? fork_idle+0x1d0/0x1d0 [ 812.368960] ? __lock_is_held+0xb5/0x140 [ 812.373012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.378537] ? check_preemption_disabled+0x48/0x280 [ 812.383543] ? __sb_end_write+0xd9/0x110 [ 812.387602] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 812.393127] ? fput+0x130/0x1a0 [ 812.396401] ? do_syscall_64+0x9a/0x820 [ 812.400372] ? do_syscall_64+0x9a/0x820 [ 812.404341] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 812.408911] ? trace_hardirqs_on+0xbd/0x310 [ 812.413217] ? __ia32_sys_read+0xb0/0xb0 [ 812.417267] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.422619] ? trace_hardirqs_off_caller+0x300/0x300 [ 812.427710] __x64_sys_clone+0xbf/0x150 [ 812.431675] do_syscall_64+0x1b9/0x820 [ 812.435549] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 812.440922] ? syscall_return_slowpath+0x5e0/0x5e0 [ 812.445838] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.450668] ? trace_hardirqs_on_caller+0x310/0x310 [ 812.455673] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 812.460679] ? prepare_exit_to_usermode+0x291/0x3b0 [ 812.465689] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.470525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.475702] RIP: 0033:0x457569 08:43:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:56 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'w/dno', 0x3d, r0}}) 08:43:56 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranR=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:56 executing program 5 (fault-call:1 fault-nth:16): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:56 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x404000, 0x0) ioctl$TIOCNXCL(r1, 0x540d) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:56 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 812.478882] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 812.497766] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 812.505480] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 812.512738] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 812.520011] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 812.527267] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 812.534519] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 812.619277] 9pnet: Insufficient options for proto=fd [ 812.627472] binder: 31046:31050 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 812.651660] FAULT_INJECTION: forcing a failure. [ 812.651660] name failslab, interval 1, probability 0, space 0, times 0 [ 812.672613] binder: 31046:31050 got reply transaction with no transaction stack [ 812.680691] CPU: 0 PID: 31054 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 812.689201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.698796] Call Trace: [ 812.701414] dump_stack+0x244/0x39d [ 812.705064] ? dump_stack_print_info.cold.1+0x20/0x20 [ 812.710269] ? lock_downgrade+0x900/0x900 [ 812.714437] ? check_preemption_disabled+0x48/0x280 [ 812.719467] should_fail.cold.4+0xa/0x17 [ 812.723521] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 812.728629] ? unwind_dump+0x190/0x190 [ 812.732514] ? is_bpf_text_address+0xd3/0x170 [ 812.737002] ? kernel_text_address+0x79/0xf0 [ 812.741410] ? __kernel_text_address+0xd/0x40 [ 812.745898] ? unwind_get_return_address+0x61/0xa0 [ 812.750819] ? __save_stack_trace+0x8d/0xf0 [ 812.755159] ? save_stack+0xa9/0xd0 [ 812.758783] ? save_stack+0x43/0xd0 [ 812.762405] ? kasan_kmalloc+0xc7/0xe0 [ 812.766281] ? kasan_slab_alloc+0x12/0x20 [ 812.770420] ? kmem_cache_alloc+0x12e/0x730 [ 812.774990] ? vm_area_dup+0x7a/0x230 [ 812.778780] ? copy_process+0x42a5/0x8770 [ 812.782915] ? __x64_sys_clone+0xbf/0x150 [ 812.787051] ? do_syscall_64+0x1b9/0x820 [ 812.791097] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.796467] ? percpu_ref_put_many+0x11c/0x260 [ 812.801040] __should_failslab+0x124/0x180 [ 812.805267] should_failslab+0x9/0x14 [ 812.809058] kmem_cache_alloc+0x47/0x730 [ 812.813110] ? rcu_softirq_qs+0x20/0x20 [ 812.817077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.822610] anon_vma_clone+0x140/0x710 [ 812.826580] ? unlink_anon_vmas+0xa60/0xa60 [ 812.831001] ? dup_userfaultfd+0x6d8/0x890 [ 812.835228] anon_vma_fork+0xf4/0x820 [ 812.839029] ? anon_vma_clone+0x710/0x710 [ 812.843170] ? vm_area_dup+0x1a8/0x230 [ 812.847048] ? vm_area_alloc+0x1d0/0x1d0 [ 812.851104] copy_process+0x47cc/0x8770 [ 812.855092] ? __cleanup_sighand+0x70/0x70 [ 812.859337] ? perf_trace_lock_acquire+0x15b/0x800 [ 812.864267] ? print_usage_bug+0xc0/0xc0 [ 812.868324] ? ima_match_policy+0x848/0x1560 [ 812.872722] ? check_preemption_disabled+0x48/0x280 [ 812.877730] ? print_usage_bug+0xc0/0xc0 [ 812.881780] ? kasan_check_read+0x11/0x20 [ 812.885916] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 812.891200] ? __lock_acquire+0x62f/0x4c20 [ 812.895435] ? mark_held_locks+0x130/0x130 [ 812.899672] ? mark_held_locks+0x130/0x130 [ 812.903899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.909424] ? check_preemption_disabled+0x48/0x280 [ 812.914432] ? debug_smp_processor_id+0x1c/0x20 [ 812.919098] ? print_usage_bug+0xc0/0xc0 [ 812.923146] ? check_preemption_disabled+0x48/0x280 [ 812.928152] ? print_usage_bug+0xc0/0xc0 [ 812.932240] ? perf_trace_lock_acquire+0x15b/0x800 [ 812.937161] ? zap_class+0x640/0x640 [ 812.940881] ? __lock_acquire+0x62f/0x4c20 [ 812.945133] ? mark_held_locks+0x130/0x130 [ 812.949375] ? __lock_acquire+0x62f/0x4c20 [ 812.953607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.959132] ? check_preemption_disabled+0x48/0x280 [ 812.964137] ? dput.part.25+0x241/0x860 [ 812.968098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.973622] ? check_preemption_disabled+0x48/0x280 [ 812.978629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.984180] ? mark_held_locks+0x130/0x130 [ 812.988422] ? zap_class+0x640/0x640 [ 812.992136] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.997661] ? check_preemption_disabled+0x48/0x280 [ 813.002685] ? debug_smp_processor_id+0x1c/0x20 [ 813.007343] ? perf_trace_lock_acquire+0x15b/0x800 [ 813.012269] ? perf_trace_lock+0x7a0/0x7a0 [ 813.016500] ? find_held_lock+0x36/0x1c0 [ 813.020565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.026091] ? _parse_integer+0x134/0x180 [ 813.030231] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 813.035758] ? _kstrtoull+0x188/0x250 [ 813.039552] ? _parse_integer+0x180/0x180 [ 813.043695] ? zap_class+0x640/0x640 [ 813.047420] ? lock_release+0xa10/0xa10 [ 813.051387] ? find_held_lock+0x36/0x1c0 [ 813.055463] ? zap_class+0x640/0x640 [ 813.059168] ? get_pid_task+0xd6/0x1a0 [ 813.063047] ? lock_downgrade+0x900/0x900 [ 813.067183] ? check_preemption_disabled+0x48/0x280 [ 813.072194] ? find_held_lock+0x36/0x1c0 [ 813.076248] ? __f_unlock_pos+0x19/0x20 [ 813.080214] ? lock_downgrade+0x900/0x900 [ 813.084369] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 813.089916] ? proc_fail_nth_write+0x9e/0x210 [ 813.094410] ? proc_cwd_link+0x1d0/0x1d0 [ 813.098480] ? find_held_lock+0x36/0x1c0 [ 813.102550] _do_fork+0x1cb/0x11c0 [ 813.106082] ? fork_idle+0x1d0/0x1d0 [ 813.109786] ? __lock_is_held+0xb5/0x140 [ 813.113853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.119409] ? check_preemption_disabled+0x48/0x280 [ 813.124464] ? __sb_end_write+0xd9/0x110 [ 813.128531] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 813.134071] ? fput+0x130/0x1a0 [ 813.137354] ? do_syscall_64+0x9a/0x820 [ 813.141339] ? do_syscall_64+0x9a/0x820 [ 813.145302] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 813.149875] ? trace_hardirqs_on+0xbd/0x310 [ 813.154186] ? __ia32_sys_read+0xb0/0xb0 [ 813.158239] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.163609] ? trace_hardirqs_off_caller+0x300/0x300 [ 813.168715] __x64_sys_clone+0xbf/0x150 [ 813.172712] do_syscall_64+0x1b9/0x820 [ 813.176593] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 813.181948] ? syscall_return_slowpath+0x5e0/0x5e0 [ 813.186874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 813.191721] ? trace_hardirqs_on_caller+0x310/0x310 [ 813.196732] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 813.201738] ? prepare_exit_to_usermode+0x291/0x3b0 [ 813.206759] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 813.211608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.216797] RIP: 0033:0x457569 [ 813.219996] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 813.238899] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 813.246596] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 813.253849] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 813.261102] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 813.268357] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:43:57 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfIno', 0x3d, r0}}) 08:43:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:57 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranb=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:57 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 813.275616] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:57 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r3 = dup3(r1, r2, 0x80000) bind$inet(r3, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x3) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f00000001c0)={0x7ff}) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x28) nanosleep(&(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000100)) socket$xdp(0x2c, 0x3, 0x0) [ 813.370980] binder: 31061:31068 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 813.396978] 9pnet: Insufficient options for proto=fd [ 813.403342] binder: 31061:31068 got reply transaction with no transaction stack 08:43:57 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranw=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:57 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:43:57 executing program 5 (fault-call:1 fault-nth:17): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 813.422844] binder_transaction: 4 callbacks suppressed [ 813.422861] binder: 31061:31068 transaction failed 29201/-71, size 0-0 line 2741 08:43:57 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfRno', 0x3d, r0}}) 08:43:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 813.477119] binder_release_work: 4 callbacks suppressed [ 813.477127] binder: undelivered TRANSACTION_ERROR: 29201 [ 813.518660] FAULT_INJECTION: forcing a failure. [ 813.518660] name failslab, interval 1, probability 0, space 0, times 0 [ 813.530771] CPU: 1 PID: 31079 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 813.539275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.548637] Call Trace: [ 813.551265] dump_stack+0x244/0x39d [ 813.554922] ? dump_stack_print_info.cold.1+0x20/0x20 [ 813.560145] ? __kernel_text_address+0xd/0x40 [ 813.564669] should_fail.cold.4+0xa/0x17 [ 813.568747] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 813.573865] ? perf_trace_lock+0x7a0/0x7a0 [ 813.578118] ? save_stack+0xa9/0xd0 [ 813.581760] ? kasan_kmalloc+0xc7/0xe0 [ 813.585659] ? kasan_slab_alloc+0x12/0x20 [ 813.589819] ? kmem_cache_alloc+0x12e/0x730 [ 813.594159] ? zap_class+0x640/0x640 [ 813.597895] ? _do_fork+0x1cb/0x11c0 [ 813.601627] ? do_syscall_64+0x1b9/0x820 [ 813.604847] 9pnet: Insufficient options for proto=fd [ 813.606048] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.616588] ? percpu_ref_put_many+0x11c/0x260 [ 813.621198] ? lock_downgrade+0x900/0x900 [ 813.625367] ? __lock_is_held+0xb5/0x140 [ 813.629451] ? lock_acquire+0x1ed/0x520 [ 813.633442] ? anon_vma_clone+0x1a9/0x710 [ 813.637610] ? lock_release+0xa10/0xa10 [ 813.641598] ? perf_trace_sched_process_exec+0x860/0x860 [ 813.647069] ? __lock_is_held+0xb5/0x140 [ 813.651158] __should_failslab+0x124/0x180 [ 813.655429] should_failslab+0x9/0x14 [ 813.659247] kmem_cache_alloc+0x47/0x730 08:43:57 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfTno', 0x3d, r0}}) 08:43:57 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 813.661496] binder: 31080:31089 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 813.663330] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 813.663357] anon_vma_clone+0x140/0x710 [ 813.663381] ? unlink_anon_vmas+0xa60/0xa60 [ 813.671580] binder: 31080:31089 got reply transaction with no transaction stack [ 813.676895] ? dup_userfaultfd+0x6d8/0x890 [ 813.676917] anon_vma_fork+0xf4/0x820 [ 813.676940] ? anon_vma_clone+0x710/0x710 [ 813.676959] ? vm_area_dup+0x1a8/0x230 [ 813.676976] ? vm_area_alloc+0x1d0/0x1d0 08:43:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 813.681260] binder: 31080:31089 transaction failed 29201/-71, size 0-0 line 2741 [ 813.685301] copy_process+0x47cc/0x8770 [ 813.685357] ? __cleanup_sighand+0x70/0x70 [ 813.685384] ? perf_trace_lock_acquire+0x15b/0x800 [ 813.696546] binder: undelivered TRANSACTION_ERROR: 29201 [ 813.697193] ? print_usage_bug+0xc0/0xc0 [ 813.697219] ? ima_match_policy+0x848/0x1560 [ 813.697239] ? check_preemption_disabled+0x48/0x280 [ 813.752653] ? print_usage_bug+0xc0/0xc0 [ 813.756730] ? kasan_check_read+0x11/0x20 [ 813.760903] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 813.766208] ? __lock_acquire+0x62f/0x4c20 08:43:57 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) [ 813.770479] ? mark_held_locks+0x130/0x130 [ 813.774750] ? mark_held_locks+0x130/0x130 [ 813.779002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.784552] ? check_preemption_disabled+0x48/0x280 [ 813.789595] ? debug_smp_processor_id+0x1c/0x20 [ 813.794276] ? print_usage_bug+0xc0/0xc0 [ 813.797606] binder: 31092:31095 got reply transaction with no transaction stack [ 813.798343] ? check_preemption_disabled+0x48/0x280 [ 813.798362] ? print_usage_bug+0xc0/0xc0 [ 813.798402] ? perf_trace_lock_acquire+0x15b/0x800 [ 813.798421] ? zap_class+0x640/0x640 [ 813.816284] binder: 31092:31095 transaction failed 29201/-71, size 0-0 line 2741 [ 813.819877] ? __lock_acquire+0x62f/0x4c20 [ 813.819911] ? mark_held_locks+0x130/0x130 [ 813.832947] binder: undelivered TRANSACTION_ERROR: 29201 [ 813.835384] ? __lock_acquire+0x62f/0x4c20 [ 813.835414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.835432] ? check_preemption_disabled+0x48/0x280 [ 813.835449] ? dput.part.25+0x241/0x860 [ 813.835467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:43:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:57 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 813.835482] ? check_preemption_disabled+0x48/0x280 [ 813.835504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.879978] ? mark_held_locks+0x130/0x130 [ 813.884245] ? zap_class+0x640/0x640 [ 813.887975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.893526] ? check_preemption_disabled+0x48/0x280 [ 813.898559] ? debug_smp_processor_id+0x1c/0x20 [ 813.903241] ? perf_trace_lock_acquire+0x15b/0x800 [ 813.908203] ? perf_trace_lock+0x7a0/0x7a0 [ 813.912457] ? find_held_lock+0x36/0x1c0 [ 813.916534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.922085] ? _parse_integer+0x134/0x180 [ 813.926252] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 813.931805] ? _kstrtoull+0x188/0x250 [ 813.935626] ? _parse_integer+0x180/0x180 [ 813.939795] ? zap_class+0x640/0x640 [ 813.940785] binder: 31099:31101 transaction failed 29201/-71, size 0-0 line 2741 [ 813.943524] ? lock_release+0xa10/0xa10 [ 813.943549] ? find_held_lock+0x36/0x1c0 [ 813.943568] ? zap_class+0x640/0x640 [ 813.943588] ? get_pid_task+0xd6/0x1a0 [ 813.966725] ? lock_downgrade+0x900/0x900 [ 813.967524] binder: undelivered TRANSACTION_ERROR: 29201 [ 813.970888] ? check_preemption_disabled+0x48/0x280 [ 813.970916] ? find_held_lock+0x36/0x1c0 [ 813.970945] ? __f_unlock_pos+0x19/0x20 [ 813.970969] ? lock_downgrade+0x900/0x900 [ 813.993591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 813.999141] ? proc_fail_nth_write+0x9e/0x210 [ 814.003648] ? proc_cwd_link+0x1d0/0x1d0 [ 814.007730] ? find_held_lock+0x36/0x1c0 [ 814.011810] _do_fork+0x1cb/0x11c0 [ 814.015369] ? fork_idle+0x1d0/0x1d0 [ 814.019118] ? __lock_is_held+0xb5/0x140 [ 814.023219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.028773] ? check_preemption_disabled+0x48/0x280 [ 814.033812] ? __sb_end_write+0xd9/0x110 [ 814.037893] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 814.043441] ? fput+0x130/0x1a0 [ 814.046731] ? do_syscall_64+0x9a/0x820 [ 814.050700] ? do_syscall_64+0x9a/0x820 [ 814.054695] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 814.059296] ? trace_hardirqs_on+0xbd/0x310 [ 814.063618] ? __ia32_sys_read+0xb0/0xb0 [ 814.067676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.073030] ? trace_hardirqs_off_caller+0x300/0x300 [ 814.078125] __x64_sys_clone+0xbf/0x150 [ 814.082091] do_syscall_64+0x1b9/0x820 [ 814.085968] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 814.091321] ? syscall_return_slowpath+0x5e0/0x5e0 [ 814.096241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.101072] ? trace_hardirqs_on_caller+0x310/0x310 [ 814.106082] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 814.111086] ? prepare_exit_to_usermode+0x291/0x3b0 [ 814.116095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.120929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.126115] RIP: 0033:0x457569 [ 814.129318] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 814.148205] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 814.155897] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 814.163150] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 814.170418] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 814.177674] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 814.184944] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:57 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = request_key(&(0x7f00000003c0)="72787270635f73007427b38e0f213bb07fc2fc58a8e40813539a2ca583a9992db779f076bc97aa7253bf2ebc5bb0e07bf33c50e7ae629b731bad385b0ee3459ff702fe11688d8f67f970e8e5507b5c290ca5ddbc91387c919d61559e875164f9354d66ebbe86a8", &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000001c0)='user+md5sumbdevcgroup$posix_acl_access\x00', 0xfffffffffffffffc) r4 = request_key(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000002c0)='user:\x00', 0x0) keyctl$link(0x8, r3, r4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:43:57 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:43:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 814.269546] 9pnet: Insufficient options for proto=fd 08:43:58 executing program 5 (fault-call:1 fault-nth:18): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:58 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tranu=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:58 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfQno', 0x3d, r0}}) 08:43:58 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 814.292850] binder: 31111:31114 transaction failed 29201/-71, size 0-0 line 2741 [ 814.327143] binder: 31111:31114 transaction failed 29201/-71, size 0-0 line 2741 [ 814.327458] binder: undelivered TRANSACTION_ERROR: 29201 08:43:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:58 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'tran%=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 814.365407] binder: undelivered TRANSACTION_ERROR: 29201 [ 814.389015] FAULT_INJECTION: forcing a failure. [ 814.389015] name failslab, interval 1, probability 0, space 0, times 0 [ 814.405230] CPU: 1 PID: 31121 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 814.413752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.423113] Call Trace: [ 814.425728] dump_stack+0x244/0x39d [ 814.429381] ? dump_stack_print_info.cold.1+0x20/0x20 [ 814.434599] ? __kernel_text_address+0xd/0x40 [ 814.439108] ? unwind_get_return_address+0x61/0xa0 [ 814.444061] should_fail.cold.4+0xa/0x17 [ 814.448145] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 814.453276] ? save_stack+0xa9/0xd0 [ 814.455603] binder: 31127:31130 transaction failed 29201/-71, size 0-0 line 2741 08:43:58 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:43:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 814.456916] ? kasan_kmalloc+0xc7/0xe0 [ 814.456931] ? kasan_slab_alloc+0x12/0x20 [ 814.456946] ? kmem_cache_alloc+0x12e/0x730 [ 814.456966] ? anon_vma_clone+0x140/0x710 [ 814.470452] binder: undelivered TRANSACTION_ERROR: 29201 [ 814.472525] ? anon_vma_fork+0xf4/0x820 [ 814.472541] ? copy_process+0x47cc/0x8770 [ 814.472560] ? _do_fork+0x1cb/0x11c0 [ 814.498283] ? do_syscall_64+0x1b9/0x820 [ 814.502357] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.507756] ? percpu_ref_put_many+0x11c/0x260 [ 814.512357] ? lock_downgrade+0x900/0x900 [ 814.516527] ? check_preemption_disabled+0x48/0x280 [ 814.521570] ? kasan_check_read+0x11/0x20 [ 814.525736] ? zap_class+0x640/0x640 [ 814.529474] ? rcu_softirq_qs+0x20/0x20 [ 814.533472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.539028] ? check_preemption_disabled+0x48/0x280 [ 814.544075] ? __lock_is_held+0xb5/0x140 [ 814.548170] __should_failslab+0x124/0x180 [ 814.552452] should_failslab+0x9/0x14 [ 814.556277] kmem_cache_alloc+0x47/0x730 [ 814.560376] ? anon_vma_interval_tree_insert+0x2c9/0x370 08:43:58 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 814.565861] anon_vma_clone+0x140/0x710 [ 814.569858] ? unlink_anon_vmas+0xa60/0xa60 [ 814.573347] binder: 31132:31135 transaction failed 29201/-71, size 0-0 line 2741 [ 814.574208] ? dup_userfaultfd+0x6d8/0x890 [ 814.574231] anon_vma_fork+0xf4/0x820 [ 814.574252] ? anon_vma_clone+0x710/0x710 [ 814.593963] ? vm_area_dup+0x1a8/0x230 [ 814.597214] binder: undelivered TRANSACTION_ERROR: 29201 [ 814.597871] ? vm_area_alloc+0x1d0/0x1d0 [ 814.607410] copy_process+0x47cc/0x8770 [ 814.611449] ? __cleanup_sighand+0x70/0x70 [ 814.615716] ? perf_trace_lock_acquire+0x15b/0x800 [ 814.620665] ? print_usage_bug+0xc0/0xc0 [ 814.624749] ? ima_match_policy+0x848/0x1560 [ 814.629183] ? check_preemption_disabled+0x48/0x280 [ 814.634219] ? print_usage_bug+0xc0/0xc0 [ 814.638295] ? kasan_check_read+0x11/0x20 [ 814.642465] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 814.647763] ? __lock_acquire+0x62f/0x4c20 [ 814.652034] ? mark_held_locks+0x130/0x130 [ 814.656299] ? mark_held_locks+0x130/0x130 [ 814.660558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.666107] ? check_preemption_disabled+0x48/0x280 [ 814.671145] ? debug_smp_processor_id+0x1c/0x20 [ 814.675833] ? print_usage_bug+0xc0/0xc0 [ 814.679904] ? check_preemption_disabled+0x48/0x280 [ 814.679923] ? print_usage_bug+0xc0/0xc0 [ 814.689011] ? perf_trace_lock_acquire+0x15b/0x800 [ 814.689027] ? zap_class+0x640/0x640 [ 814.689064] ? __lock_acquire+0x62f/0x4c20 [ 814.689093] ? mark_held_locks+0x130/0x130 [ 814.706189] ? __lock_acquire+0x62f/0x4c20 [ 814.710447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.715999] ? check_preemption_disabled+0x48/0x280 [ 814.721036] ? dput.part.25+0x241/0x860 [ 814.725034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.730598] ? check_preemption_disabled+0x48/0x280 [ 814.735635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.741205] ? mark_held_locks+0x130/0x130 [ 814.745472] ? zap_class+0x640/0x640 [ 814.749211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.754766] ? check_preemption_disabled+0x48/0x280 [ 814.759802] ? debug_smp_processor_id+0x1c/0x20 [ 814.764487] ? perf_trace_lock_acquire+0x15b/0x800 [ 814.769447] ? perf_trace_lock+0x7a0/0x7a0 [ 814.773693] ? find_held_lock+0x36/0x1c0 [ 814.777773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.783331] ? _parse_integer+0x134/0x180 [ 814.784337] 9pnet: Insufficient options for proto=fd [ 814.787503] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 814.787521] ? _kstrtoull+0x188/0x250 [ 814.787539] ? _parse_integer+0x180/0x180 [ 814.787559] ? zap_class+0x640/0x640 [ 814.809839] ? lock_release+0xa10/0xa10 [ 814.813819] ? find_held_lock+0x36/0x1c0 [ 814.817881] ? zap_class+0x640/0x640 [ 814.821603] ? get_pid_task+0xd6/0x1a0 [ 814.825482] ? lock_downgrade+0x900/0x900 [ 814.829618] ? check_preemption_disabled+0x48/0x280 [ 814.834629] ? find_held_lock+0x36/0x1c0 [ 814.838703] ? __f_unlock_pos+0x19/0x20 [ 814.842694] ? lock_downgrade+0x900/0x900 [ 814.846840] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 814.852388] ? proc_fail_nth_write+0x9e/0x210 [ 814.856901] ? proc_cwd_link+0x1d0/0x1d0 [ 814.860971] ? find_held_lock+0x36/0x1c0 [ 814.865030] _do_fork+0x1cb/0x11c0 [ 814.868567] ? fork_idle+0x1d0/0x1d0 [ 814.872291] ? __lock_is_held+0xb5/0x140 [ 814.876347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.881877] ? check_preemption_disabled+0x48/0x280 [ 814.886885] ? __sb_end_write+0xd9/0x110 [ 814.890940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 814.896470] ? fput+0x130/0x1a0 [ 814.899741] ? do_syscall_64+0x9a/0x820 [ 814.903702] ? do_syscall_64+0x9a/0x820 [ 814.907669] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 814.912243] ? trace_hardirqs_on+0xbd/0x310 [ 814.916556] ? __ia32_sys_read+0xb0/0xb0 [ 814.920611] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.925967] ? trace_hardirqs_off_caller+0x300/0x300 [ 814.931064] __x64_sys_clone+0xbf/0x150 [ 814.935033] do_syscall_64+0x1b9/0x820 [ 814.938909] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 814.944278] ? syscall_return_slowpath+0x5e0/0x5e0 [ 814.949195] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.954028] ? trace_hardirqs_on_caller+0x310/0x310 [ 814.959037] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 814.964061] ? prepare_exit_to_usermode+0x291/0x3b0 [ 814.969075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.974012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.979192] RIP: 0033:0x457569 [ 814.982412] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 815.001317] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 815.009028] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 08:43:58 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:43:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:58 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trand=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 815.016301] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 815.023557] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 815.030842] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 815.038102] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:43:58 executing program 5 (fault-call:1 fault-nth:19): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:58 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) r3 = accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x1c) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={0x0, 0x1}, &(0x7f0000000240)=0x8) removexattr(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)=@random={'user.', '/dev/vhost-vsock\x00'}) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000280)={r4, 0x1f0, 0x9c1383d247b3c5e0}, &(0x7f00000002c0)=0xc) 08:43:58 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfSno', 0x3d, r0}}) [ 815.133232] binder_thread_write: 6 callbacks suppressed [ 815.133243] binder: 31146:31152 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 815.159540] binder_transaction: 5 callbacks suppressed [ 815.159551] binder: 31146:31152 got reply transaction with no transaction stack 08:43:58 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:43:58 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=.d,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 815.181387] 9pnet: Insufficient options for proto=fd [ 815.193719] binder: 31146:31152 transaction failed 29201/-71, size 0-0 line 2741 [ 815.204959] 9pnet: Insufficient options for proto=fd [ 815.209867] FAULT_INJECTION: forcing a failure. [ 815.209867] name failslab, interval 1, probability 0, space 0, times 0 [ 815.223538] binder: undelivered TRANSACTION_ERROR: 29201 [ 815.250244] CPU: 0 PID: 31160 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 815.258781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.268146] Call Trace: [ 815.270769] dump_stack+0x244/0x39d [ 815.274434] ? dump_stack_print_info.cold.1+0x20/0x20 [ 815.279656] should_fail.cold.4+0xa/0x17 [ 815.283753] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 815.288871] ? find_held_lock+0x36/0x1c0 [ 815.292956] ? zap_class+0x640/0x640 [ 815.296694] ? lock_downgrade+0x900/0x900 [ 815.300858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.306420] ? check_preemption_disabled+0x48/0x280 [ 815.306601] binder: 31167:31169 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 815.311458] ? find_held_lock+0x36/0x1c0 [ 815.311482] ? __lock_is_held+0xb5/0x140 [ 815.311508] ? v4l2_ctrl_new_std_menu+0x418/0x4b0 [ 815.332556] ? perf_trace_sched_process_exec+0x860/0x860 [ 815.338041] __should_failslab+0x124/0x180 [ 815.342297] should_failslab+0x9/0x14 [ 815.346111] kmem_cache_alloc+0x2be/0x730 [ 815.350286] ? dup_userfaultfd+0x6d8/0x890 [ 815.354544] anon_vma_fork+0x196/0x820 [ 815.355405] binder: 31167:31169 got reply transaction with no transaction stack [ 815.358450] ? anon_vma_clone+0x710/0x710 [ 815.358471] ? vm_area_dup+0x1a8/0x230 [ 815.358492] ? vm_area_alloc+0x1d0/0x1d0 [ 815.370446] 9pnet: Insufficient options for proto=fd [ 815.373974] copy_process+0x47cc/0x8770 [ 815.374026] ? __cleanup_sighand+0x70/0x70 [ 815.379050] 9pnet: Could not find request transport: .d [ 815.383190] ? perf_trace_lock_acquire+0x15b/0x800 [ 815.383215] ? print_usage_bug+0xc0/0xc0 [ 815.383239] ? ima_match_policy+0x848/0x1560 [ 815.387384] binder: 31167:31169 transaction failed 29201/-71, size 0-0 line 2741 [ 815.391440] ? check_preemption_disabled+0x48/0x280 [ 815.391461] ? print_usage_bug+0xc0/0xc0 [ 815.391480] ? kasan_check_read+0x11/0x20 [ 815.391503] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 815.408752] 9pnet: Could not find request transport: .d [ 815.410257] ? __lock_acquire+0x62f/0x4c20 [ 815.410292] ? mark_held_locks+0x130/0x130 08:43:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:58 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfsno', 0x3d, r0}}) 08:43:59 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfgno', 0x3d, r0}}) 08:43:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 815.431878] binder: undelivered TRANSACTION_ERROR: 29201 [ 815.436301] ? mark_held_locks+0x130/0x130 [ 815.436322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.436339] ? check_preemption_disabled+0x48/0x280 [ 815.436361] ? debug_smp_processor_id+0x1c/0x20 [ 815.436380] ? print_usage_bug+0xc0/0xc0 [ 815.479148] ? check_preemption_disabled+0x48/0x280 [ 815.484182] ? print_usage_bug+0xc0/0xc0 [ 815.488270] ? perf_trace_lock_acquire+0x15b/0x800 [ 815.493213] ? zap_class+0x640/0x640 [ 815.496963] ? __lock_acquire+0x62f/0x4c20 08:43:59 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=/d,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 815.501234] ? mark_held_locks+0x130/0x130 [ 815.505492] ? __lock_acquire+0x62f/0x4c20 [ 815.509744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.515293] ? check_preemption_disabled+0x48/0x280 [ 815.515311] ? dput.part.25+0x241/0x860 [ 815.515328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.515343] ? check_preemption_disabled+0x48/0x280 [ 815.515366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.515390] ? mark_held_locks+0x130/0x130 [ 815.544878] ? zap_class+0x640/0x640 [ 815.548612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.554165] ? check_preemption_disabled+0x48/0x280 [ 815.559207] ? debug_smp_processor_id+0x1c/0x20 [ 815.563893] ? perf_trace_lock_acquire+0x15b/0x800 [ 815.568851] ? perf_trace_lock+0x7a0/0x7a0 [ 815.572681] 9pnet: Insufficient options for proto=fd [ 815.573098] ? find_held_lock+0x36/0x1c0 [ 815.573118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.573136] ? _parse_integer+0x134/0x180 [ 815.573158] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 08:43:59 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfVno', 0x3d, r0}}) [ 815.586581] 9pnet: Could not find request transport: /d [ 815.587846] ? _kstrtoull+0x188/0x250 [ 815.587866] ? _parse_integer+0x180/0x180 [ 815.587883] ? zap_class+0x640/0x640 [ 815.587902] ? lock_release+0xa10/0xa10 [ 815.598222] 9pnet: Could not find request transport: /d [ 815.602941] ? find_held_lock+0x36/0x1c0 [ 815.602962] ? zap_class+0x640/0x640 [ 815.602983] ? get_pid_task+0xd6/0x1a0 [ 815.635588] ? lock_downgrade+0x900/0x900 [ 815.639746] ? check_preemption_disabled+0x48/0x280 [ 815.644797] ? find_held_lock+0x36/0x1c0 08:43:59 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fs,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 815.648882] ? __f_unlock_pos+0x19/0x20 [ 815.649459] binder: 31175:31182 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 815.652872] ? lock_downgrade+0x900/0x900 [ 815.652894] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 815.652914] ? proc_fail_nth_write+0x9e/0x210 [ 815.675135] ? proc_cwd_link+0x1d0/0x1d0 [ 815.679247] ? find_held_lock+0x36/0x1c0 [ 815.683334] _do_fork+0x1cb/0x11c0 [ 815.686906] ? fork_idle+0x1d0/0x1d0 [ 815.690437] binder: 31175:31182 got reply transaction with no transaction stack [ 815.690638] ? __lock_is_held+0xb5/0x140 [ 815.702318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.707869] ? check_preemption_disabled+0x48/0x280 [ 815.712916] ? __sb_end_write+0xd9/0x110 [ 815.714116] 9pnet: Insufficient options for proto=fd [ 815.717000] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 815.717018] ? fput+0x130/0x1a0 [ 815.717037] ? do_syscall_64+0x9a/0x820 [ 815.717053] ? do_syscall_64+0x9a/0x820 [ 815.717071] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 815.717090] ? trace_hardirqs_on+0xbd/0x310 [ 815.717104] ? __ia32_sys_read+0xb0/0xb0 [ 815.717121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.717139] ? trace_hardirqs_off_caller+0x300/0x300 [ 815.717161] __x64_sys_clone+0xbf/0x150 [ 815.766338] do_syscall_64+0x1b9/0x820 [ 815.770244] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 815.775651] ? syscall_return_slowpath+0x5e0/0x5e0 [ 815.780608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.785472] ? trace_hardirqs_on_caller+0x310/0x310 [ 815.790509] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 815.795542] ? prepare_exit_to_usermode+0x291/0x3b0 [ 815.800584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.805457] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.808842] 9pnet: Could not find request transport: fs [ 815.810657] RIP: 0033:0x457569 [ 815.810683] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 815.810699] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 815.818686] 9pnet: Could not find request transport: fs 08:43:59 executing program 5 (fault-call:1 fault-nth:20): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:43:59 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfwno', 0x3d, r0}}) 08:43:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:43:59 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fV,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:43:59 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:43:59 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) prctl$setname(0xf, &(0x7f00000000c0)='/dev/vhost-vsock\x00') bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000340)="073c60889edfc3b4e531368ce8f58f22ecb230bfb9aa11bd095a23edfbdc42198b570755ab29de68984506183fdb2a779cda12dc1030604eaaede16f6d69685186c75e259bf2b130637c4190643e384266fe09c1856c16c8f756e2d4d0c6982a6c940801b6cc5d3f87212bc6d4405d4b92d295dabe1524eccc45f77b63d7b792b2017d8c6883b5455581998815806a283ceb7d496e67f0b39b9b9cfe76c142946f20124b8e2c65515bae317e8b0ffc7e4f5c694d40d143f6878fdb3a1a264d127fd4e099800ccdfa42d95dc3c6e468c0edc08311bd1e6052626bc8b157593fd0618dd69bdbd699cb4d743180ba53923a929a33a1978955482f9f5de0178f9791") connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 815.819248] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 815.819265] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 815.865747] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 815.865758] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 815.865768] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 815.968547] 9pnet: Could not find request transport: fV [ 815.976049] binder: 31195:31197 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 815.997637] 9pnet: Could not find request transport: fV [ 816.002197] FAULT_INJECTION: forcing a failure. [ 816.002197] name failslab, interval 1, probability 0, space 0, times 0 [ 816.016628] 9pnet: Insufficient options for proto=fd [ 816.017524] CPU: 1 PID: 31203 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 816.030258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.039613] Call Trace: [ 816.042214] dump_stack+0x244/0x39d [ 816.045855] ? dump_stack_print_info.cold.1+0x20/0x20 [ 816.051064] should_fail.cold.4+0xa/0x17 [ 816.055137] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 816.060261] ? save_stack+0xa9/0xd0 [ 816.063897] ? kasan_kmalloc+0xc7/0xe0 [ 816.067790] ? kasan_slab_alloc+0x12/0x20 [ 816.071945] ? kmem_cache_alloc+0x12e/0x730 [ 816.076288] ? anon_vma_fork+0x196/0x820 [ 816.080369] ? copy_process+0x47cc/0x8770 [ 816.084525] ? _do_fork+0x1cb/0x11c0 [ 816.088245] ? zap_class+0x640/0x640 [ 816.091975] ? find_held_lock+0x36/0x1c0 [ 816.096048] ? __lock_is_held+0xb5/0x140 [ 816.100131] ? perf_trace_sched_process_exec+0x860/0x860 [ 816.105606] __should_failslab+0x124/0x180 [ 816.109853] should_failslab+0x9/0x14 [ 816.113659] kmem_cache_alloc+0x2be/0x730 [ 816.117824] ? dup_userfaultfd+0x6d8/0x890 [ 816.122066] ? anon_vma_fork+0x196/0x820 [ 816.126139] anon_vma_fork+0x2c9/0x820 [ 816.130040] ? anon_vma_clone+0x710/0x710 [ 816.134199] ? vm_area_dup+0x1a8/0x230 [ 816.138105] ? vm_area_alloc+0x1d0/0x1d0 [ 816.142201] copy_process+0x47cc/0x8770 [ 816.146227] ? __cleanup_sighand+0x70/0x70 [ 816.150478] ? perf_trace_lock_acquire+0x15b/0x800 [ 816.155428] ? print_usage_bug+0xc0/0xc0 [ 816.159520] ? ima_match_policy+0x848/0x1560 [ 816.163937] ? check_preemption_disabled+0x48/0x280 [ 816.168979] ? print_usage_bug+0xc0/0xc0 [ 816.173048] ? kasan_check_read+0x11/0x20 [ 816.177209] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 816.182497] ? __lock_acquire+0x62f/0x4c20 [ 816.186758] ? mark_held_locks+0x130/0x130 [ 816.191014] ? mark_held_locks+0x130/0x130 [ 816.195414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.200963] ? check_preemption_disabled+0x48/0x280 [ 816.205993] ? debug_smp_processor_id+0x1c/0x20 [ 816.210670] ? print_usage_bug+0xc0/0xc0 [ 816.214736] ? check_preemption_disabled+0x48/0x280 [ 816.219757] ? print_usage_bug+0xc0/0xc0 [ 816.223840] ? perf_trace_lock_acquire+0x15b/0x800 [ 816.228774] ? zap_class+0x640/0x640 [ 816.232517] ? __lock_acquire+0x62f/0x4c20 [ 816.236778] ? mark_held_locks+0x130/0x130 [ 816.241026] ? __lock_acquire+0x62f/0x4c20 [ 816.245269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.250815] ? check_preemption_disabled+0x48/0x280 [ 816.255839] ? dput.part.25+0x241/0x860 [ 816.259818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.265361] ? check_preemption_disabled+0x48/0x280 [ 816.270401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.275954] ? mark_held_locks+0x130/0x130 [ 816.280214] ? zap_class+0x640/0x640 [ 816.283938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.289479] ? check_preemption_disabled+0x48/0x280 [ 816.294525] ? debug_smp_processor_id+0x1c/0x20 [ 816.299205] ? perf_trace_lock_acquire+0x15b/0x800 [ 816.304151] ? perf_trace_lock+0x7a0/0x7a0 [ 816.308401] ? find_held_lock+0x36/0x1c0 [ 816.312472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.318017] ? _parse_integer+0x134/0x180 [ 816.322184] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 816.327748] ? _kstrtoull+0x188/0x250 [ 816.331557] ? _parse_integer+0x180/0x180 [ 816.335713] ? zap_class+0x640/0x640 [ 816.339436] ? lock_release+0xa10/0xa10 [ 816.343429] ? find_held_lock+0x36/0x1c0 [ 816.347516] ? zap_class+0x640/0x640 [ 816.351243] ? get_pid_task+0xd6/0x1a0 [ 816.355158] ? lock_downgrade+0x900/0x900 [ 816.359320] ? check_preemption_disabled+0x48/0x280 [ 816.364352] ? find_held_lock+0x36/0x1c0 [ 816.368439] ? __f_unlock_pos+0x19/0x20 [ 816.372426] ? lock_downgrade+0x900/0x900 [ 816.376584] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 816.382127] ? proc_fail_nth_write+0x9e/0x210 [ 816.386630] ? proc_cwd_link+0x1d0/0x1d0 [ 816.390705] ? find_held_lock+0x36/0x1c0 [ 816.394782] _do_fork+0x1cb/0x11c0 [ 816.398336] ? fork_idle+0x1d0/0x1d0 [ 816.402060] ? __lock_is_held+0xb5/0x140 [ 816.406134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.411680] ? check_preemption_disabled+0x48/0x280 [ 816.416712] ? __sb_end_write+0xd9/0x110 [ 816.420783] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 816.426330] ? fput+0x130/0x1a0 [ 816.429620] ? do_syscall_64+0x9a/0x820 [ 816.433602] ? do_syscall_64+0x9a/0x820 [ 816.437587] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 816.442183] ? trace_hardirqs_on+0xbd/0x310 [ 816.446509] ? __ia32_sys_read+0xb0/0xb0 [ 816.450576] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.455946] ? trace_hardirqs_off_caller+0x300/0x300 [ 816.461155] __x64_sys_clone+0xbf/0x150 [ 816.465152] do_syscall_64+0x1b9/0x820 [ 816.469068] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 816.474440] ? syscall_return_slowpath+0x5e0/0x5e0 [ 816.479374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 816.484232] ? trace_hardirqs_on_caller+0x310/0x310 [ 816.489259] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 816.494291] ? prepare_exit_to_usermode+0x291/0x3b0 [ 816.499319] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 816.504179] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.509371] RIP: 0033:0x457569 [ 816.512580] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 816.531484] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 816.539195] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 816.546467] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 816.553758] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 816.561032] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:44:00 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:00 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 816.568305] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 816.577785] binder: 31195:31197 got reply transaction with no transaction stack 08:44:00 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfqno', 0x3d, r0}}) 08:44:00 executing program 5 (fault-call:1 fault-nth:21): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:00 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fb,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 816.686996] FAULT_INJECTION: forcing a failure. [ 816.686996] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 816.705428] CPU: 0 PID: 31213 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 816.713974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.723333] Call Trace: [ 816.725941] dump_stack+0x244/0x39d [ 816.729601] ? dump_stack_print_info.cold.1+0x20/0x20 [ 816.734813] ? debug_smp_processor_id+0x1c/0x20 [ 816.739507] ? perf_trace_lock_acquire+0x15b/0x800 [ 816.739540] binder: 31216:31220 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 816.744451] should_fail.cold.4+0xa/0x17 [ 816.744473] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 816.744496] ? zap_class+0x640/0x640 [ 816.765423] ? __lock_acquire+0x62f/0x4c20 [ 816.769681] ? zap_class+0x640/0x640 [ 816.771402] binder: 31216:31220 got reply transaction with no transaction stack [ 816.773415] ? print_usage_bug+0xc0/0xc0 [ 816.773435] ? __lock_acquire+0x62f/0x4c20 [ 816.773469] ? __lock_is_held+0xb5/0x140 [ 816.785838] 9pnet: Insufficient options for proto=fd [ 816.789195] ? __irqentry_text_end+0xcfcc0/0x1f9688 [ 816.789227] ? lock_release+0xa10/0xa10 [ 816.789249] ? perf_trace_sched_process_exec+0x860/0x860 [ 816.812850] ? __might_sleep+0x95/0x190 [ 816.816846] __alloc_pages_nodemask+0x34b/0xdd0 [ 816.821531] ? check_preemption_disabled+0x48/0x280 [ 816.826569] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 816.831815] ? check_preemption_disabled+0x48/0x280 08:44:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:00 executing program 4: msgget$private(0x0, 0x44) r0 = gettid() r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0) r2 = semget$private(0x0, 0x4, 0x300) semctl$IPC_STAT(r2, 0x0, 0x2, &(0x7f0000000540)=""/68) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000100)={'syz_tun\x00', 0x9001}) timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x0}) process_vm_readv(r0, &(0x7f0000000280)=[{&(0x7f0000000340)=""/178, 0xb2}], 0x1, &(0x7f00000002c0)=[{&(0x7f0000000400)=""/189, 0xbd}, {&(0x7f00000004c0)=""/124, 0x7c}], 0x2, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_create(0x7, &(0x7f00000001c0)={0x0, 0x2b, 0x1, @tid=r0}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) fcntl$getflags(r3, 0x3) [ 816.836849] ? print_usage_bug+0xc0/0xc0 [ 816.840937] ? perf_trace_lock+0x7a0/0x7a0 [ 816.845191] ? print_usage_bug+0xc0/0xc0 [ 816.849284] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 816.854844] alloc_pages_current+0x173/0x350 [ 816.859280] get_zeroed_page+0x14/0x50 [ 816.863185] __pud_alloc+0x3b/0x240 [ 816.866836] copy_page_range+0x1c4d/0x2ee0 [ 816.871124] ? mark_held_locks+0x130/0x130 [ 816.875379] ? __lock_acquire+0x62f/0x4c20 [ 816.879648] ? rb_insert_color_cached+0x14b0/0x14b0 [ 816.884716] ? __pmd_alloc+0x450/0x450 [ 816.888617] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 816.894348] ? __rb_insert_augmented+0x3b2/0x1890 [ 816.899214] ? rb_insert_color_cached+0x14b0/0x14b0 [ 816.904276] ? rb_insert_color_cached+0x14b0/0x14b0 [ 816.909309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.914864] ? check_preemption_disabled+0x48/0x280 [ 816.919900] ? kasan_kmalloc+0xc7/0xe0 [ 816.923807] ? debug_smp_processor_id+0x1c/0x20 [ 816.928500] ? perf_trace_lock_acquire+0x15b/0x800 [ 816.933563] ? find_held_lock+0x36/0x1c0 08:44:00 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfuno', 0x3d, r0}}) [ 816.937645] ? zap_class+0x640/0x640 [ 816.941381] ? zap_class+0x640/0x640 [ 816.945120] ? lock_downgrade+0x900/0x900 [ 816.949300] ? find_held_lock+0x36/0x1c0 [ 816.953402] ? copy_process+0x4550/0x8770 [ 816.957572] ? lock_downgrade+0x900/0x900 [ 816.961744] ? lock_release+0xa10/0xa10 [ 816.965738] ? perf_trace_sched_process_exec+0x860/0x860 [ 816.971221] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 816.976256] ? vma_compute_subtree_gap+0x160/0x240 [ 816.981202] ? validate_mm_rb+0xaa/0xc0 08:44:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 816.985194] ? __vma_link_rb+0x26c/0x370 [ 816.989279] copy_process+0x4726/0x8770 [ 816.993313] ? __cleanup_sighand+0x70/0x70 [ 816.997252] 9pnet: Could not find request transport: fb [ 816.997573] ? perf_trace_lock_acquire+0x15b/0x800 [ 817.007867] ? print_usage_bug+0xc0/0xc0 [ 817.011948] ? ima_match_policy+0x848/0x1560 [ 817.016373] ? check_preemption_disabled+0x48/0x280 [ 817.018763] 9pnet: Insufficient options for proto=fd [ 817.021426] ? print_usage_bug+0xc0/0xc0 [ 817.021447] ? kasan_check_read+0x11/0x20 08:44:00 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfbno', 0x3d, r0}}) [ 817.021467] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 817.021492] ? __lock_acquire+0x62f/0x4c20 [ 817.044303] ? mark_held_locks+0x130/0x130 [ 817.048599] ? mark_held_locks+0x130/0x130 [ 817.052849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.058417] ? check_preemption_disabled+0x48/0x280 [ 817.063457] ? debug_smp_processor_id+0x1c/0x20 [ 817.068137] ? print_usage_bug+0xc0/0xc0 [ 817.072207] ? check_preemption_disabled+0x48/0x280 [ 817.077236] ? print_usage_bug+0xc0/0xc0 [ 817.081326] ? perf_trace_lock_acquire+0x15b/0x800 [ 817.086271] ? zap_class+0x640/0x640 [ 817.090026] ? __lock_acquire+0x62f/0x4c20 [ 817.090650] binder: 31236:31238 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 817.094290] ? mark_held_locks+0x130/0x130 [ 817.094315] ? __lock_acquire+0x62f/0x4c20 [ 817.094334] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.094351] ? check_preemption_disabled+0x48/0x280 [ 817.094368] ? dput.part.25+0x241/0x860 [ 817.094389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.117969] binder: 31236:31238 got reply transaction with no transaction stack 08:44:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 817.121457] ? check_preemption_disabled+0x48/0x280 [ 817.121479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.121506] ? mark_held_locks+0x130/0x130 [ 817.121538] ? zap_class+0x640/0x640 [ 817.121557] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.156851] 9pnet: Insufficient options for proto=fd [ 817.156992] ? check_preemption_disabled+0x48/0x280 [ 817.172638] ? debug_smp_processor_id+0x1c/0x20 [ 817.177330] ? perf_trace_lock_acquire+0x15b/0x800 [ 817.182284] ? perf_trace_lock+0x7a0/0x7a0 08:44:00 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xfffffff6}}) [ 817.186536] ? find_held_lock+0x36/0x1c0 [ 817.190619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.196175] ? _parse_integer+0x134/0x180 [ 817.200368] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 817.205925] ? _kstrtoull+0x188/0x250 [ 817.209740] ? _parse_integer+0x180/0x180 [ 817.213907] ? zap_class+0x640/0x640 [ 817.217636] ? lock_release+0xa10/0xa10 [ 817.221644] ? find_held_lock+0x36/0x1c0 [ 817.225730] ? zap_class+0x640/0x640 [ 817.229469] ? get_pid_task+0xd6/0x1a0 [ 817.233373] ? lock_downgrade+0x900/0x900 [ 817.233719] binder: 31242:31243 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 817.237542] ? check_preemption_disabled+0x48/0x280 [ 817.237575] ? find_held_lock+0x36/0x1c0 [ 817.237603] ? __f_unlock_pos+0x19/0x20 [ 817.237622] ? lock_downgrade+0x900/0x900 [ 817.237643] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 817.237659] ? proc_fail_nth_write+0x9e/0x210 [ 817.237682] ? proc_cwd_link+0x1d0/0x1d0 [ 817.237706] ? find_held_lock+0x36/0x1c0 [ 817.264555] binder: 31242:31243 got reply transaction with no transaction stack [ 817.268456] _do_fork+0x1cb/0x11c0 [ 817.268481] ? fork_idle+0x1d0/0x1d0 [ 817.268503] ? __lock_is_held+0xb5/0x140 [ 817.268528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.268545] ? check_preemption_disabled+0x48/0x280 [ 817.268569] ? __sb_end_write+0xd9/0x110 [ 817.268591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 817.268608] ? fput+0x130/0x1a0 [ 817.268628] ? do_syscall_64+0x9a/0x820 [ 817.327172] 9pnet: Insufficient options for proto=fd [ 817.327313] ? do_syscall_64+0x9a/0x820 [ 817.336404] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 817.341007] ? trace_hardirqs_on+0xbd/0x310 [ 817.345351] ? __ia32_sys_read+0xb0/0xb0 [ 817.349449] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.354825] ? trace_hardirqs_off_caller+0x300/0x300 [ 817.359975] __x64_sys_clone+0xbf/0x150 [ 817.363977] do_syscall_64+0x1b9/0x820 [ 817.367877] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 817.373251] ? syscall_return_slowpath+0x5e0/0x5e0 [ 817.378186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 817.378207] ? trace_hardirqs_on_caller+0x310/0x310 [ 817.378225] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 817.378244] ? prepare_exit_to_usermode+0x291/0x3b0 [ 817.378266] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 817.378294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.408166] RIP: 0033:0x457569 [ 817.411373] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 817.430323] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 08:44:01 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:01 executing program 4: r0 = open(&(0x7f00000002c0)='./file0\x00', 0x40000, 0x8d) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000340)={0xe00000000000000, 0x1, 0x1}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000380)=0x1000) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) recvmmsg(r0, &(0x7f0000002b00)=[{{&(0x7f0000000400)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000480)=""/207, 0xcf}, {&(0x7f0000000580)=""/213, 0xd5}, {&(0x7f0000000680)=""/141, 0x8d}, {&(0x7f0000000080)=""/35, 0x23}, {&(0x7f0000000740)=""/1, 0x1}], 0x5, &(0x7f0000000800)=""/148, 0x94, 0xb58a}, 0x2}, {{&(0x7f00000008c0)=@can, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000940)=""/103, 0x67}, {&(0x7f00000009c0)=""/114, 0x72}, {&(0x7f0000000a40)=""/193, 0xc1}, {&(0x7f0000000b40)=""/95, 0x5f}, {&(0x7f0000000bc0)=""/214, 0xd6}, {&(0x7f0000000cc0)=""/239, 0xef}], 0x6, 0x0, 0x0, 0x80000000}, 0x2}, {{&(0x7f0000000e40)=@hci={0x1f, 0x0}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000000ec0)=""/183, 0xb7}, {&(0x7f0000000f80)=""/58, 0x3a}, {&(0x7f0000000fc0)=""/249, 0xf9}, {&(0x7f00000010c0)=""/4096, 0x1000}], 0x4, &(0x7f0000002100)=""/100, 0x64, 0x8}, 0x7}, {{0x0, 0x0, &(0x7f0000002280)=[{&(0x7f0000002180)=""/112, 0x70}, {&(0x7f0000002200)=""/85, 0x55}], 0x2}, 0xe3a}, {{&(0x7f00000022c0)=@nfc_llcp, 0x80, &(0x7f00000026c0)=[{&(0x7f0000002340)=""/244, 0xf4}, {&(0x7f0000002440)=""/113, 0x71}, {&(0x7f00000024c0)=""/50, 0x32}, {&(0x7f0000002500)=""/201, 0xc9}, {&(0x7f0000002600)=""/144, 0x90}], 0x5, &(0x7f0000002740)=""/112, 0x70, 0x9}, 0x2}, {{&(0x7f00000027c0)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000002840), 0x0, &(0x7f0000002880)=""/61, 0x3d}, 0xfff}, {{&(0x7f00000028c0)=@nfc_llcp, 0x80, &(0x7f0000002ac0)=[{&(0x7f0000002940)=""/58, 0x3a}, {&(0x7f0000002980)=""/163, 0xa3}, {&(0x7f0000002a40)=""/99, 0x63}], 0x3, 0x0, 0x0, 0x8}, 0x400}], 0x7, 0x40010002, &(0x7f0000002cc0)={0x77359400}) sendmsg$xdp(r0, &(0x7f0000003040)={&(0x7f0000002d00)={0x2c, 0x1, r4, 0x9}, 0x10, &(0x7f0000003000)=[{&(0x7f0000002d40)="8c749473486598a4b9bd62dcf77ddffbaf197bfe10c2206525002d12fdc53aa7c6fa0708b2f0a187a61060fa836417cb6c73ceabbcf41f274adbd7b6996cd58b46c308d281280cb827b9564f190bf9371175a75d4a476b7b3a2b1e0ff0996a5f46a40004ecd5576dcc02950b6a7852c1886229b16bdea246c4e77c24c5d748c323eabd3284e3b6991689f54acd19514fcaa20e507da421b91596b9d95c02f4c9f2c4251241cc0d4b82e9df7fd249ddcee2ce8a37e2", 0xb5}, {&(0x7f0000002e00)="f9d01c32a5bb63a0d0f36ece10d808bc170cac68f614df9ef20c050a9225ab0e3cd72314775db5ed72473f995f7c19d9ce8cea3987124d7542b3ae2e713aec87ce2cd7e6971a37a25f2e498a82c05e0be0ee766e7ce03a675f6546c2ee596ba112ec07a6424d851eb20eb0001e2dc3a516261de038b7db2e9b79f90533f88eec877c97603d91dceb17417f4cb260", 0x8e}, {&(0x7f0000002ec0)}, {&(0x7f0000002f00)="7ebd6587f40581e2684fd883a2d3e98e06468d401ee90c5a56e47aa7656961c7d7107f74f4cd77df2c2bc9137ad2b265696a4ee6941550b2d49515a419ddee11b092a5a91df5815488ce11b35c6388a50359b3b8e20d15d7653fe6a21853f68f27d9f186a57882c4b8fcb54c0d0d969bc9174ca8199aed9b719adcfbb56df49eb5ea1f94d7de8e7133d381026f12b47dd97af8347e1f7a970d683d725505ee78de64d37ef84ce3ec5f3f572acdcab35bb9a045fea60c3b68befaeb5ff7bdeb79abd3726bcbdfa06466d1d33e4ab01737ab3b2166", 0x1cd}], 0x4, 0x0, 0x0, 0x4008040}, 0x81) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)) lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r5, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r5, &(0x7f00000003c0)={0x28, 0x0, 0x2f11, @my}, 0xfddd) socket$inet6(0xa, 0xf, 0x5) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r1, 0x1004000000016) timer_settime(r2, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000000280)) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003080)=""/230) 08:44:01 executing program 5 (fault-call:1 fault-nth:22): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:01 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fI,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:01 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2}}) [ 817.438042] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 817.445312] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 817.452578] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 817.459851] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 817.467119] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:01 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) r3 = accept4(r2, &(0x7f00000000c0)=@ipx, &(0x7f00000001c0)=0x80, 0x80800) bind$netlink(r3, &(0x7f0000000240)={0x10, 0x0, 0x25dfdbfb, 0xc0010200}, 0xc) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) shutdown(r2, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:01 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 817.536010] binder: 31255:31256 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 817.551569] 9pnet: Could not find request transport: fI [ 817.554771] binder: 31255:31256 got reply transaction with no transaction stack [ 817.578207] 9pnet: Could not find request transport: fI [ 817.624027] FAULT_INJECTION: forcing a failure. [ 817.624027] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 817.649864] binder: 31266:31269 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 817.658494] binder: 31266:31269 got reply transaction with no transaction stack [ 817.658640] CPU: 0 PID: 31263 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 08:44:01 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fQ,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 817.674449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.683809] Call Trace: [ 817.686422] dump_stack+0x244/0x39d [ 817.690075] ? dump_stack_print_info.cold.1+0x20/0x20 [ 817.695288] ? debug_smp_processor_id+0x1c/0x20 [ 817.700211] ? perf_trace_lock_acquire+0x15b/0x800 [ 817.705157] ? mem_cgroup_from_task+0x1f0/0x1f0 [ 817.705180] should_fail.cold.4+0xa/0x17 [ 817.705202] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 817.705218] ? find_held_lock+0x36/0x1c0 [ 817.705234] ? zap_class+0x640/0x640 [ 817.705254] ? zap_class+0x640/0x640 [ 817.705275] ? mark_held_locks+0x130/0x130 [ 817.705294] ? check_preemption_disabled+0x48/0x280 [ 817.714030] ? __lock_is_held+0xb5/0x140 [ 817.714063] ? lock_release+0xa10/0xa10 [ 817.714080] ? perf_trace_sched_process_exec+0x860/0x860 [ 817.714107] ? __might_sleep+0x95/0x190 [ 817.757403] __alloc_pages_nodemask+0x34b/0xdd0 [ 817.762090] ? check_preemption_disabled+0x48/0x280 [ 817.767126] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 817.772179] ? __pud_alloc+0x1db/0x240 [ 817.774174] binder: 31273:31275 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 817.776084] ? lock_downgrade+0x900/0x900 [ 817.776114] ? kasan_check_read+0x11/0x20 [ 817.776129] ? do_raw_spin_unlock+0xa7/0x330 [ 817.776155] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 817.776176] alloc_pages_current+0x173/0x350 [ 817.776199] __pmd_alloc+0x3e/0x450 [ 817.776221] ? __pud_alloc+0x1e0/0x240 [ 817.789754] binder: 31273:31275 got reply transaction with no transaction stack [ 817.792580] copy_page_range+0x1f6c/0x2ee0 [ 817.792611] ? mark_held_locks+0x130/0x130 [ 817.792635] ? __lock_acquire+0x62f/0x4c20 [ 817.792658] ? rb_insert_color_cached+0x14b0/0x14b0 [ 817.792695] ? __pmd_alloc+0x450/0x450 [ 817.819460] 9pnet: Could not find request transport: fQ [ 817.821975] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 817.821998] ? __rb_insert_augmented+0x3b2/0x1890 [ 817.822022] ? rb_insert_color_cached+0x14b0/0x14b0 [ 817.822038] ? rb_insert_color_cached+0x14b0/0x14b0 [ 817.822061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:44:01 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) socketpair$inet(0x2, 0x80f, 0x3a14, &(0x7f00000000c0)={0xffffffffffffffff}) bind$inet(r3, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 817.869842] 9pnet: Could not find request transport: fQ [ 817.875076] ? check_preemption_disabled+0x48/0x280 [ 817.875092] ? kasan_kmalloc+0xc7/0xe0 [ 817.875113] ? debug_smp_processor_id+0x1c/0x20 [ 817.875131] ? perf_trace_lock_acquire+0x15b/0x800 [ 817.875157] ? find_held_lock+0x36/0x1c0 [ 817.875177] ? zap_class+0x640/0x640 [ 817.875195] ? zap_class+0x640/0x640 [ 817.875215] ? lock_downgrade+0x900/0x900 [ 817.914693] ? find_held_lock+0x36/0x1c0 [ 817.918777] ? copy_process+0x4550/0x8770 08:44:01 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fR,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 817.922942] ? lock_downgrade+0x900/0x900 [ 817.927114] ? lock_release+0xa10/0xa10 [ 817.931103] ? perf_trace_sched_process_exec+0x860/0x860 [ 817.936579] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 817.941614] ? vma_compute_subtree_gap+0x160/0x240 [ 817.946566] ? validate_mm_rb+0xaa/0xc0 [ 817.950558] ? __vma_link_rb+0x26c/0x370 [ 817.954642] copy_process+0x4726/0x8770 [ 817.958682] ? __cleanup_sighand+0x70/0x70 [ 817.958708] ? perf_trace_lock_acquire+0x15b/0x800 [ 817.967872] ? print_usage_bug+0xc0/0xc0 [ 817.971954] ? ima_match_policy+0x848/0x1560 [ 817.976377] ? check_preemption_disabled+0x48/0x280 [ 817.981430] ? print_usage_bug+0xc0/0xc0 [ 817.985516] ? kasan_check_read+0x11/0x20 [ 817.989685] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 817.994984] ? __lock_acquire+0x62f/0x4c20 [ 817.999252] ? mark_held_locks+0x130/0x130 [ 818.003513] ? mark_held_locks+0x130/0x130 [ 818.007766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.013320] ? check_preemption_disabled+0x48/0x280 [ 818.018356] ? debug_smp_processor_id+0x1c/0x20 [ 818.023049] ? print_usage_bug+0xc0/0xc0 [ 818.027128] ? check_preemption_disabled+0x48/0x280 [ 818.032165] ? print_usage_bug+0xc0/0xc0 [ 818.033765] 9pnet: Could not find request transport: fR [ 818.036252] ? perf_trace_lock_acquire+0x15b/0x800 [ 818.036271] ? zap_class+0x640/0x640 [ 818.036311] ? __lock_acquire+0x62f/0x4c20 [ 818.036342] ? mark_held_locks+0x130/0x130 [ 818.036364] ? __lock_acquire+0x62f/0x4c20 [ 818.044854] 9pnet: Could not find request transport: fR [ 818.046671] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.046689] ? check_preemption_disabled+0x48/0x280 [ 818.046707] ? dput.part.25+0x241/0x860 [ 818.046724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.046741] ? check_preemption_disabled+0x48/0x280 [ 818.046759] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.046783] ? mark_held_locks+0x130/0x130 [ 818.103331] ? zap_class+0x640/0x640 [ 818.107052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.112584] ? check_preemption_disabled+0x48/0x280 [ 818.117594] ? debug_smp_processor_id+0x1c/0x20 [ 818.122263] ? perf_trace_lock_acquire+0x15b/0x800 [ 818.127218] ? perf_trace_lock+0x7a0/0x7a0 [ 818.131461] ? find_held_lock+0x36/0x1c0 [ 818.135537] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.141092] ? _parse_integer+0x134/0x180 [ 818.145253] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 818.150781] ? _kstrtoull+0x188/0x250 [ 818.154587] ? _parse_integer+0x180/0x180 [ 818.158735] ? zap_class+0x640/0x640 [ 818.162449] ? lock_release+0xa10/0xa10 [ 818.166435] ? find_held_lock+0x36/0x1c0 [ 818.170503] ? zap_class+0x640/0x640 [ 818.174222] ? get_pid_task+0xd6/0x1a0 [ 818.178100] ? lock_downgrade+0x900/0x900 [ 818.182255] ? check_preemption_disabled+0x48/0x280 [ 818.187264] ? find_held_lock+0x36/0x1c0 [ 818.191323] ? __f_unlock_pos+0x19/0x20 [ 818.195289] ? lock_downgrade+0x900/0x900 [ 818.199433] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 818.204970] ? proc_fail_nth_write+0x9e/0x210 [ 818.209473] ? proc_cwd_link+0x1d0/0x1d0 [ 818.213559] ? find_held_lock+0x36/0x1c0 [ 818.217625] _do_fork+0x1cb/0x11c0 [ 818.221165] ? fork_idle+0x1d0/0x1d0 [ 818.224874] ? __lock_is_held+0xb5/0x140 [ 818.228942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.234486] ? check_preemption_disabled+0x48/0x280 [ 818.239493] ? __sb_end_write+0xd9/0x110 [ 818.243549] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 818.249076] ? fput+0x130/0x1a0 [ 818.252346] ? do_syscall_64+0x9a/0x820 [ 818.256320] ? do_syscall_64+0x9a/0x820 [ 818.260299] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 818.264874] ? trace_hardirqs_on+0xbd/0x310 [ 818.269185] ? __ia32_sys_read+0xb0/0xb0 [ 818.273252] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.278607] ? trace_hardirqs_off_caller+0x300/0x300 [ 818.283706] __x64_sys_clone+0xbf/0x150 [ 818.287692] do_syscall_64+0x1b9/0x820 [ 818.291572] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 818.296929] ? syscall_return_slowpath+0x5e0/0x5e0 [ 818.301846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.306705] ? trace_hardirqs_on_caller+0x310/0x310 [ 818.311725] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 818.316733] ? prepare_exit_to_usermode+0x291/0x3b0 [ 818.321742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.326581] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.331769] RIP: 0033:0x457569 [ 818.334983] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 818.353886] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 818.361608] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 818.368878] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 08:44:02 executing program 5 (fault-call:1 fault-nth:23): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:02 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fu,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:02 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0xa) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:02 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x6}}) 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 818.376134] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 818.383398] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 818.390656] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 818.438834] binder_transaction: 9 callbacks suppressed [ 818.438851] binder: 31294:31295 transaction failed 29201/-71, size 0-0 line 2741 [ 818.468369] 9pnet: Could not find request transport: fu [ 818.476778] 9pnet: Could not find request transport: fu 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:44:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 818.485450] binder_release_work: 9 callbacks suppressed [ 818.485458] binder: undelivered TRANSACTION_ERROR: 29201 [ 818.515687] FAULT_INJECTION: forcing a failure. [ 818.515687] name failslab, interval 1, probability 0, space 0, times 0 [ 818.545249] CPU: 1 PID: 31305 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 818.553767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.563130] Call Trace: [ 818.563766] binder: 31310:31311 transaction failed 29201/-71, size 0-0 line 2741 [ 818.565749] dump_stack+0x244/0x39d [ 818.565787] ? dump_stack_print_info.cold.1+0x20/0x20 [ 818.580430] binder: undelivered TRANSACTION_ERROR: 29201 [ 818.582124] should_fail.cold.4+0xa/0x17 [ 818.582147] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 818.596752] ? __lock_is_held+0xb5/0x140 [ 818.600831] ? zap_class+0x640/0x640 [ 818.604571] ? find_held_lock+0x36/0x1c0 [ 818.608658] ? __lock_is_held+0xb5/0x140 [ 818.612749] ? perf_trace_sched_process_exec+0x860/0x860 [ 818.618216] ? __pud_alloc+0x1db/0x240 [ 818.622135] __should_failslab+0x124/0x180 [ 818.626416] should_failslab+0x9/0x14 [ 818.630234] kmem_cache_alloc+0x2be/0x730 [ 818.634408] ? alloc_pages_current+0x17b/0x350 [ 818.639017] __pmd_alloc+0xc2/0x450 [ 818.642658] ? __pud_alloc+0x1e0/0x240 [ 818.646566] copy_page_range+0x1f6c/0x2ee0 [ 818.650826] ? mark_held_locks+0x130/0x130 [ 818.655087] ? __lock_acquire+0x62f/0x4c20 [ 818.659351] ? rb_insert_color_cached+0x14b0/0x14b0 [ 818.664419] ? __pmd_alloc+0x450/0x450 [ 818.668323] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 818.674049] ? __rb_insert_augmented+0x3b2/0x1890 [ 818.678915] ? rb_insert_color_cached+0x14b0/0x14b0 [ 818.683947] ? rb_insert_color_cached+0x14b0/0x14b0 [ 818.688981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 818.694532] ? check_preemption_disabled+0x48/0x280 [ 818.699560] ? kasan_kmalloc+0xc7/0xe0 [ 818.703470] ? debug_smp_processor_id+0x1c/0x20 [ 818.708154] ? perf_trace_lock_acquire+0x15b/0x800 [ 818.713114] ? find_held_lock+0x36/0x1c0 [ 818.717201] ? zap_class+0x640/0x640 [ 818.720933] ? zap_class+0x640/0x640 [ 818.724665] ? lock_downgrade+0x900/0x900 [ 818.728841] ? find_held_lock+0x36/0x1c0 [ 818.732934] ? copy_process+0x4550/0x8770 [ 818.737105] ? lock_downgrade+0x900/0x900 [ 818.741280] ? lock_release+0xa10/0xa10 [ 818.745265] ? perf_trace_sched_process_exec+0x860/0x860 [ 818.750746] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 818.755778] ? vma_compute_subtree_gap+0x160/0x240 [ 818.760723] ? validate_mm_rb+0xaa/0xc0 [ 818.764718] ? __vma_link_rb+0x26c/0x370 [ 818.768799] copy_process+0x4726/0x8770 [ 818.772831] ? __cleanup_sighand+0x70/0x70 [ 818.777088] ? perf_trace_lock_acquire+0x15b/0x800 [ 818.782039] ? print_usage_bug+0xc0/0xc0 [ 818.786106] ? ima_match_policy+0x848/0x1560 [ 818.790507] ? check_preemption_disabled+0x48/0x280 [ 818.795514] ? print_usage_bug+0xc0/0xc0 [ 818.799565] ? kasan_check_read+0x11/0x20 [ 818.803715] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 818.808993] ? __lock_acquire+0x62f/0x4c20 [ 818.813247] ? mark_held_locks+0x130/0x130 [ 818.817477] ? mark_held_locks+0x130/0x130 [ 818.821703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.827228] ? check_preemption_disabled+0x48/0x280 [ 818.832235] ? debug_smp_processor_id+0x1c/0x20 [ 818.836911] ? print_usage_bug+0xc0/0xc0 [ 818.841192] ? check_preemption_disabled+0x48/0x280 [ 818.846198] ? print_usage_bug+0xc0/0xc0 [ 818.850253] ? perf_trace_lock_acquire+0x15b/0x800 [ 818.855176] ? zap_class+0x640/0x640 [ 818.858909] ? __lock_acquire+0x62f/0x4c20 [ 818.863144] ? mark_held_locks+0x130/0x130 [ 818.867375] ? __lock_acquire+0x62f/0x4c20 [ 818.871618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.877169] ? check_preemption_disabled+0x48/0x280 [ 818.882195] ? dput.part.25+0x241/0x860 [ 818.886170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.891712] ? check_preemption_disabled+0x48/0x280 [ 818.896725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.902253] ? mark_held_locks+0x130/0x130 [ 818.906483] ? zap_class+0x640/0x640 [ 818.910191] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.915730] ? check_preemption_disabled+0x48/0x280 [ 818.920753] ? debug_smp_processor_id+0x1c/0x20 [ 818.925499] ? perf_trace_lock_acquire+0x15b/0x800 [ 818.930444] ? perf_trace_lock+0x7a0/0x7a0 [ 818.934669] ? find_held_lock+0x36/0x1c0 [ 818.938722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.944277] ? _parse_integer+0x134/0x180 [ 818.948426] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 818.953962] ? _kstrtoull+0x188/0x250 [ 818.957751] ? _parse_integer+0x180/0x180 [ 818.961887] ? zap_class+0x640/0x640 [ 818.965589] ? lock_release+0xa10/0xa10 [ 818.969567] ? find_held_lock+0x36/0x1c0 [ 818.973633] ? zap_class+0x640/0x640 [ 818.977348] ? get_pid_task+0xd6/0x1a0 [ 818.981239] ? lock_downgrade+0x900/0x900 [ 818.985375] ? check_preemption_disabled+0x48/0x280 [ 818.990416] ? find_held_lock+0x36/0x1c0 [ 818.994472] ? __f_unlock_pos+0x19/0x20 [ 818.998445] ? lock_downgrade+0x900/0x900 [ 819.002595] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.008121] ? proc_fail_nth_write+0x9e/0x210 [ 819.012602] ? proc_cwd_link+0x1d0/0x1d0 [ 819.016658] ? find_held_lock+0x36/0x1c0 [ 819.020727] _do_fork+0x1cb/0x11c0 [ 819.024269] ? fork_idle+0x1d0/0x1d0 [ 819.027975] ? __lock_is_held+0xb5/0x140 [ 819.032028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.037553] ? check_preemption_disabled+0x48/0x280 [ 819.042567] ? __sb_end_write+0xd9/0x110 [ 819.046624] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.052178] ? fput+0x130/0x1a0 [ 819.055450] ? do_syscall_64+0x9a/0x820 [ 819.059423] ? do_syscall_64+0x9a/0x820 [ 819.063387] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 819.067970] ? trace_hardirqs_on+0xbd/0x310 [ 819.072278] ? __ia32_sys_read+0xb0/0xb0 [ 819.076327] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.081682] ? trace_hardirqs_off_caller+0x300/0x300 [ 819.086780] __x64_sys_clone+0xbf/0x150 [ 819.090755] do_syscall_64+0x1b9/0x820 [ 819.094632] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 819.099983] ? syscall_return_slowpath+0x5e0/0x5e0 [ 819.104900] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 819.109731] ? trace_hardirqs_on_caller+0x310/0x310 [ 819.114735] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 819.119759] ? prepare_exit_to_usermode+0x291/0x3b0 [ 819.124768] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 819.129618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.134805] RIP: 0033:0x457569 [ 819.137989] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 819.156882] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 819.164578] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 819.171843] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 819.179106] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 819.186378] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 819.193657] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:02 executing program 5 (fault-call:1 fault-nth:24): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:02 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fg,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:02 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:44:03 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x6, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000100)) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:03 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xedc0}}) 08:44:03 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 819.285213] 9pnet: Could not find request transport: fg [ 819.291718] binder: 31333:31335 transaction failed 29201/-71, size 0-0 line 2741 [ 819.300507] 9pnet: Could not find request transport: fg [ 819.308517] FAULT_INJECTION: forcing a failure. [ 819.308517] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:44:03 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fq,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 819.342990] CPU: 1 PID: 31338 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 819.351683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.361054] Call Trace: [ 819.363667] dump_stack+0x244/0x39d [ 819.367330] ? dump_stack_print_info.cold.1+0x20/0x20 [ 819.372540] ? debug_smp_processor_id+0x1c/0x20 [ 819.377230] ? perf_trace_lock_acquire+0x15b/0x800 [ 819.382273] should_fail.cold.4+0xa/0x17 [ 819.386354] ? fault_create_debugfs_attr+0x1f0/0x1f0 08:44:03 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 819.391486] ? __lock_acquire+0x62f/0x4c20 [ 819.395736] ? kasan_check_read+0x11/0x20 [ 819.399594] 9pnet: Insufficient options for proto=fd [ 819.399899] ? zap_class+0x640/0x640 [ 819.408717] ? rcu_softirq_qs+0x20/0x20 [ 819.412703] ? zap_class+0x640/0x640 [ 819.416463] ? __lock_is_held+0xb5/0x140 [ 819.420556] ? lock_release+0xa10/0xa10 [ 819.424545] ? perf_trace_sched_process_exec+0x860/0x860 [ 819.425740] binder: undelivered TRANSACTION_ERROR: 29201 [ 819.430001] ? perf_trace_lock_acquire+0x15b/0x800 08:44:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 819.430022] ? save_stack+0xa9/0xd0 [ 819.430044] ? __might_sleep+0x95/0x190 [ 819.448017] __alloc_pages_nodemask+0x34b/0xdd0 [ 819.452714] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 819.457754] ? find_held_lock+0x36/0x1c0 [ 819.461838] ? __pmd_alloc+0x373/0x450 [ 819.465746] ? lock_downgrade+0x900/0x900 [ 819.469925] ? kasan_check_read+0x11/0x20 [ 819.474089] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 819.479646] alloc_pages_current+0x173/0x350 [ 819.484076] pte_alloc_one+0x1b/0x1a0 [ 819.487901] __pte_alloc+0x2a/0x350 08:44:03 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) [ 819.491554] copy_page_range+0x2017/0x2ee0 [ 819.495813] ? mark_held_locks+0x130/0x130 [ 819.500091] ? __pmd_alloc+0x450/0x450 [ 819.503992] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 819.509745] ? __rb_insert_augmented+0x3b2/0x1890 [ 819.511497] binder: 31351:31352 transaction failed 29201/-71, size 0-0 line 2741 [ 819.514603] ? rb_insert_color_cached+0x14b0/0x14b0 [ 819.514621] ? rb_insert_color_cached+0x14b0/0x14b0 [ 819.514640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.514658] ? check_preemption_disabled+0x48/0x280 08:44:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 819.514683] ? kasan_kmalloc+0xc7/0xe0 [ 819.540023] binder: undelivered TRANSACTION_ERROR: 29201 [ 819.542782] ? debug_smp_processor_id+0x1c/0x20 [ 819.542802] ? perf_trace_lock_acquire+0x15b/0x800 [ 819.542831] ? find_held_lock+0x36/0x1c0 [ 819.542852] ? zap_class+0x640/0x640 [ 819.542870] ? zap_class+0x640/0x640 [ 819.573242] ? lock_downgrade+0x900/0x900 [ 819.577433] ? find_held_lock+0x36/0x1c0 [ 819.581525] ? copy_process+0x4550/0x8770 [ 819.585689] ? lock_downgrade+0x900/0x900 [ 819.589858] ? lock_release+0xa10/0xa10 [ 819.593844] ? perf_trace_sched_process_exec+0x860/0x860 [ 819.599321] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 819.604357] ? vma_compute_subtree_gap+0x160/0x240 [ 819.609310] ? validate_mm_rb+0xaa/0xc0 [ 819.613301] ? __vma_link_rb+0x26c/0x370 [ 819.617390] copy_process+0x4726/0x8770 [ 819.621442] ? __cleanup_sighand+0x70/0x70 [ 819.625707] ? perf_trace_lock_acquire+0x15b/0x800 [ 819.628044] binder: 31356:31357 transaction failed 29201/-71, size 0-0 line 2741 [ 819.630664] ? print_usage_bug+0xc0/0xc0 [ 819.630690] ? ima_match_policy+0x848/0x1560 [ 819.630711] ? check_preemption_disabled+0x48/0x280 [ 819.630730] ? print_usage_bug+0xc0/0xc0 [ 819.630752] ? kasan_check_read+0x11/0x20 [ 819.640136] binder: undelivered TRANSACTION_ERROR: 29201 [ 819.642350] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 819.642375] ? __lock_acquire+0x62f/0x4c20 [ 819.642425] ? mark_held_locks+0x130/0x130 [ 819.642455] ? mark_held_locks+0x130/0x130 [ 819.683438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.688993] ? check_preemption_disabled+0x48/0x280 [ 819.694022] ? debug_smp_processor_id+0x1c/0x20 [ 819.694041] ? print_usage_bug+0xc0/0xc0 [ 819.694056] ? check_preemption_disabled+0x48/0x280 [ 819.694074] ? print_usage_bug+0xc0/0xc0 [ 819.703046] ? perf_trace_lock_acquire+0x15b/0x800 [ 819.703064] ? zap_class+0x640/0x640 [ 819.703103] ? __lock_acquire+0x62f/0x4c20 [ 819.725044] ? mark_held_locks+0x130/0x130 [ 819.728011] 9pnet: Could not find request transport: fq [ 819.729297] ? __lock_acquire+0x62f/0x4c20 [ 819.729316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.729339] ? check_preemption_disabled+0x48/0x280 [ 819.737528] 9pnet: Could not find request transport: fq [ 819.738937] ? dput.part.25+0x241/0x860 [ 819.738956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.738976] ? check_preemption_disabled+0x48/0x280 [ 819.769378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.774952] ? mark_held_locks+0x130/0x130 [ 819.779229] ? zap_class+0x640/0x640 [ 819.782962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.788516] ? check_preemption_disabled+0x48/0x280 [ 819.793539] ? debug_smp_processor_id+0x1c/0x20 [ 819.798220] ? perf_trace_lock_acquire+0x15b/0x800 [ 819.803157] ? perf_trace_lock+0x7a0/0x7a0 [ 819.807403] ? find_held_lock+0x36/0x1c0 [ 819.811455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.816985] ? _parse_integer+0x134/0x180 [ 819.821126] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.826654] ? _kstrtoull+0x188/0x250 [ 819.830445] ? _parse_integer+0x180/0x180 [ 819.834584] ? zap_class+0x640/0x640 [ 819.838287] ? lock_release+0xa10/0xa10 [ 819.842285] ? find_held_lock+0x36/0x1c0 [ 819.846351] ? zap_class+0x640/0x640 [ 819.850058] ? get_pid_task+0xd6/0x1a0 [ 819.853964] ? lock_downgrade+0x900/0x900 [ 819.858102] ? check_preemption_disabled+0x48/0x280 [ 819.863111] ? find_held_lock+0x36/0x1c0 [ 819.867171] ? __f_unlock_pos+0x19/0x20 [ 819.871136] ? lock_downgrade+0x900/0x900 [ 819.875276] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.880804] ? proc_fail_nth_write+0x9e/0x210 [ 819.885286] ? proc_cwd_link+0x1d0/0x1d0 [ 819.889359] ? find_held_lock+0x36/0x1c0 [ 819.893437] _do_fork+0x1cb/0x11c0 [ 819.896972] ? fork_idle+0x1d0/0x1d0 [ 819.900679] ? __lock_is_held+0xb5/0x140 [ 819.904734] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.910258] ? check_preemption_disabled+0x48/0x280 [ 819.915269] ? __sb_end_write+0xd9/0x110 [ 819.919320] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.924864] ? fput+0x130/0x1a0 [ 819.928136] ? do_syscall_64+0x9a/0x820 [ 819.932098] ? do_syscall_64+0x9a/0x820 [ 819.936080] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 819.940656] ? trace_hardirqs_on+0xbd/0x310 [ 819.944971] ? __ia32_sys_read+0xb0/0xb0 [ 819.949021] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.954373] ? trace_hardirqs_off_caller+0x300/0x300 [ 819.959479] __x64_sys_clone+0xbf/0x150 [ 819.963464] do_syscall_64+0x1b9/0x820 [ 819.967338] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 819.972693] ? syscall_return_slowpath+0x5e0/0x5e0 [ 819.977628] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 819.982459] ? trace_hardirqs_on_caller+0x310/0x310 [ 819.987465] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 819.992470] ? prepare_exit_to_usermode+0x291/0x3b0 [ 819.997478] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.002313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.007513] RIP: 0033:0x457569 [ 820.010703] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 820.029590] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 820.037283] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 08:44:03 executing program 5 (fault-call:1 fault-nth:25): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:03 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:44:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:03 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fS,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 820.044558] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 820.051822] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 820.059080] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 820.066335] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 820.114300] binder: 31362:31366 transaction failed 29201/-71, size 0-0 line 2741 [ 820.123419] binder: undelivered TRANSACTION_ERROR: 29201 [ 820.139017] 9pnet: Could not find request transport: fS [ 820.149890] FAULT_INJECTION: forcing a failure. [ 820.149890] name failslab, interval 1, probability 0, space 0, times 0 [ 820.165360] CPU: 0 PID: 31371 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 820.167356] 9pnet: Could not find request transport: fS [ 820.173899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.188603] Call Trace: [ 820.191207] dump_stack+0x244/0x39d [ 820.194849] ? dump_stack_print_info.cold.1+0x20/0x20 [ 820.200062] should_fail.cold.4+0xa/0x17 [ 820.204135] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 820.209266] ? __lock_is_held+0xb5/0x140 [ 820.213335] ? zap_class+0x640/0x640 [ 820.217067] ? find_held_lock+0x36/0x1c0 [ 820.221142] ? __lock_is_held+0xb5/0x140 [ 820.225228] ? perf_trace_sched_process_exec+0x860/0x860 [ 820.230702] __should_failslab+0x124/0x180 [ 820.234952] should_failslab+0x9/0x14 [ 820.238767] kmem_cache_alloc+0x2be/0x730 [ 820.242922] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 820.248480] ptlock_alloc+0x20/0x80 [ 820.252115] pte_alloc_one+0x6b/0x1a0 [ 820.255951] __pte_alloc+0x2a/0x350 [ 820.259591] copy_page_range+0x2017/0x2ee0 [ 820.263842] ? mark_held_locks+0x130/0x130 [ 820.268135] ? __pmd_alloc+0x450/0x450 [ 820.272030] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 820.277756] ? __rb_insert_augmented+0x3b2/0x1890 [ 820.282610] ? rb_insert_color_cached+0x14b0/0x14b0 [ 820.287633] ? rb_insert_color_cached+0x14b0/0x14b0 [ 820.292673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.298220] ? check_preemption_disabled+0x48/0x280 [ 820.303240] ? kasan_kmalloc+0xc7/0xe0 [ 820.307142] ? debug_smp_processor_id+0x1c/0x20 [ 820.311822] ? perf_trace_lock_acquire+0x15b/0x800 [ 820.316767] ? find_held_lock+0x36/0x1c0 [ 820.320838] ? zap_class+0x640/0x640 [ 820.324558] ? zap_class+0x640/0x640 [ 820.328278] ? lock_downgrade+0x900/0x900 [ 820.332445] ? find_held_lock+0x36/0x1c0 [ 820.336525] ? copy_process+0x4550/0x8770 [ 820.340683] ? lock_downgrade+0x900/0x900 [ 820.344847] ? lock_release+0xa10/0xa10 [ 820.348828] ? perf_trace_sched_process_exec+0x860/0x860 [ 820.354298] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 820.359329] ? vma_compute_subtree_gap+0x160/0x240 [ 820.364265] ? validate_mm_rb+0xaa/0xc0 [ 820.368248] ? __vma_link_rb+0x26c/0x370 [ 820.372321] copy_process+0x4726/0x8770 [ 820.376338] ? __cleanup_sighand+0x70/0x70 [ 820.380597] ? perf_trace_lock_acquire+0x15b/0x800 [ 820.385539] ? print_usage_bug+0xc0/0xc0 [ 820.389616] ? ima_match_policy+0x848/0x1560 [ 820.394033] ? check_preemption_disabled+0x48/0x280 [ 820.399065] ? print_usage_bug+0xc0/0xc0 [ 820.403139] ? kasan_check_read+0x11/0x20 [ 820.407301] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 820.412593] ? __lock_acquire+0x62f/0x4c20 [ 820.416853] ? mark_held_locks+0x130/0x130 [ 820.421111] ? mark_held_locks+0x130/0x130 [ 820.425354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.430898] ? check_preemption_disabled+0x48/0x280 [ 820.435924] ? debug_smp_processor_id+0x1c/0x20 [ 820.440603] ? print_usage_bug+0xc0/0xc0 [ 820.444674] ? check_preemption_disabled+0x48/0x280 [ 820.449703] ? print_usage_bug+0xc0/0xc0 [ 820.453781] ? perf_trace_lock_acquire+0x15b/0x800 [ 820.458719] ? zap_class+0x640/0x640 [ 820.462463] ? __lock_acquire+0x62f/0x4c20 [ 820.466737] ? mark_held_locks+0x130/0x130 [ 820.471001] ? __lock_acquire+0x62f/0x4c20 [ 820.475247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.480790] ? check_preemption_disabled+0x48/0x280 [ 820.485816] ? dput.part.25+0x241/0x860 [ 820.489801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.495341] ? check_preemption_disabled+0x48/0x280 [ 820.500363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.505922] ? mark_held_locks+0x130/0x130 [ 820.510179] ? zap_class+0x640/0x640 [ 820.513899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.519441] ? check_preemption_disabled+0x48/0x280 [ 820.524467] ? debug_smp_processor_id+0x1c/0x20 [ 820.529141] ? perf_trace_lock_acquire+0x15b/0x800 [ 820.534089] ? perf_trace_lock+0x7a0/0x7a0 [ 820.538329] ? find_held_lock+0x36/0x1c0 [ 820.542407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.547970] ? _parse_integer+0x134/0x180 [ 820.552130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 820.557679] ? _kstrtoull+0x188/0x250 [ 820.561487] ? _parse_integer+0x180/0x180 [ 820.565640] ? zap_class+0x640/0x640 [ 820.569366] ? lock_release+0xa10/0xa10 [ 820.573361] ? find_held_lock+0x36/0x1c0 [ 820.577439] ? zap_class+0x640/0x640 [ 820.581168] ? get_pid_task+0xd6/0x1a0 [ 820.585066] ? lock_downgrade+0x900/0x900 [ 820.589218] ? check_preemption_disabled+0x48/0x280 [ 820.594249] ? find_held_lock+0x36/0x1c0 [ 820.598331] ? __f_unlock_pos+0x19/0x20 [ 820.602317] ? lock_downgrade+0x900/0x900 [ 820.606477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 820.612022] ? proc_fail_nth_write+0x9e/0x210 [ 820.616529] ? proc_cwd_link+0x1d0/0x1d0 [ 820.620608] ? find_held_lock+0x36/0x1c0 [ 820.624688] _do_fork+0x1cb/0x11c0 [ 820.628253] ? fork_idle+0x1d0/0x1d0 [ 820.631978] ? __lock_is_held+0xb5/0x140 [ 820.636058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.641600] ? check_preemption_disabled+0x48/0x280 [ 820.646633] ? __sb_end_write+0xd9/0x110 [ 820.650710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 820.656257] ? fput+0x130/0x1a0 [ 820.659547] ? do_syscall_64+0x9a/0x820 [ 820.663527] ? do_syscall_64+0x9a/0x820 [ 820.667508] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 820.672100] ? trace_hardirqs_on+0xbd/0x310 [ 820.676435] ? __ia32_sys_read+0xb0/0xb0 [ 820.680502] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.685871] ? trace_hardirqs_off_caller+0x300/0x300 [ 820.690987] __x64_sys_clone+0xbf/0x150 [ 820.694974] do_syscall_64+0x1b9/0x820 [ 820.699064] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 820.704441] ? syscall_return_slowpath+0x5e0/0x5e0 [ 820.709373] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.714235] ? trace_hardirqs_on_caller+0x310/0x310 [ 820.719258] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 820.724290] ? prepare_exit_to_usermode+0x291/0x3b0 [ 820.729319] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.734175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.739373] RIP: 0033:0x457569 [ 820.742593] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 08:44:04 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x4, 0x90080) gettid() ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) tkill(r0, 0x1004000000016) 08:44:04 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x3000000}}) 08:44:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:04 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) [ 820.761497] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 820.769207] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 820.776481] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 820.783753] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 820.791022] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 820.798294] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:04 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fT,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 820.851052] binder_thread_write: 7 callbacks suppressed [ 820.851064] binder: 31374:31377 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 820.877126] binder_transaction: 7 callbacks suppressed [ 820.877137] binder: 31374:31377 got reply transaction with no transaction stack [ 820.886186] binder: 31374:31377 transaction failed 29201/-71, size 0-0 line 2741 08:44:04 executing program 5 (fault-call:1 fault-nth:26): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:04 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:44:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 820.907472] binder: undelivered TRANSACTION_ERROR: 29201 [ 820.961578] FAULT_INJECTION: forcing a failure. [ 820.961578] name failslab, interval 1, probability 0, space 0, times 0 [ 820.977780] 9pnet: Could not find request transport: fT [ 820.990551] binder: 31393:31394 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 820.998944] CPU: 1 PID: 31388 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 821.007450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.016811] Call Trace: [ 821.018267] binder: 31393:31394 got reply transaction with no transaction stack [ 821.019430] dump_stack+0x244/0x39d [ 821.019460] ? dump_stack_print_info.cold.1+0x20/0x20 [ 821.027005] binder: 31393:31394 transaction failed 29201/-71, size 0-0 line 2741 [ 821.030530] should_fail.cold.4+0xa/0x17 [ 821.030550] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 821.052425] ? debug_smp_processor_id+0x1c/0x20 [ 821.057115] ? perf_trace_lock_acquire+0x15b/0x800 [ 821.062067] ? zap_class+0x640/0x640 [ 821.065796] ? find_held_lock+0x36/0x1c0 [ 821.069876] ? find_held_lock+0x36/0x1c0 [ 821.073956] ? __lock_is_held+0xb5/0x140 [ 821.078032] ? putback_inactive_pages+0x2a8/0x27e0 [ 821.082993] ? perf_trace_sched_process_exec+0x860/0x860 [ 821.083968] 9pnet: Could not find request transport: fT [ 821.088463] ? copy_process+0x4550/0x8770 [ 821.088482] ? lock_downgrade+0x900/0x900 [ 821.088506] __should_failslab+0x124/0x180 [ 821.088529] should_failslab+0x9/0x14 [ 821.110230] kmem_cache_alloc+0x2be/0x730 [ 821.114407] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 821.119446] vm_area_dup+0x7a/0x230 [ 821.123088] ? vm_area_alloc+0x1d0/0x1d0 [ 821.125368] binder: undelivered TRANSACTION_ERROR: 29201 [ 821.127175] copy_process+0x42a5/0x8770 [ 821.127227] ? __cleanup_sighand+0x70/0x70 [ 821.140854] ? perf_trace_lock_acquire+0x15b/0x800 [ 821.145810] ? print_usage_bug+0xc0/0xc0 [ 821.149899] ? ima_match_policy+0x848/0x1560 [ 821.154325] ? check_preemption_disabled+0x48/0x280 [ 821.159364] ? print_usage_bug+0xc0/0xc0 [ 821.163456] ? kasan_check_read+0x11/0x20 [ 821.167624] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 821.172923] ? __lock_acquire+0x62f/0x4c20 [ 821.177207] ? mark_held_locks+0x130/0x130 [ 821.181473] ? mark_held_locks+0x130/0x130 [ 821.185728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.191281] ? check_preemption_disabled+0x48/0x280 [ 821.196321] ? debug_smp_processor_id+0x1c/0x20 [ 821.198351] binder: 31407:31408 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 821.201008] ? print_usage_bug+0xc0/0xc0 [ 821.201025] ? check_preemption_disabled+0x48/0x280 [ 821.201041] ? print_usage_bug+0xc0/0xc0 [ 821.201068] ? perf_trace_lock_acquire+0x15b/0x800 [ 821.217795] binder: 31407:31408 got reply transaction with no transaction stack [ 821.218198] ? zap_class+0x640/0x640 [ 821.222381] binder: 31407:31408 transaction failed 29201/-71, size 0-0 line 2741 [ 821.227202] ? __lock_acquire+0x62f/0x4c20 [ 821.227234] ? mark_held_locks+0x130/0x130 [ 821.227255] ? __lock_acquire+0x62f/0x4c20 08:44:04 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:44:04 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:44:04 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 821.237295] binder: undelivered TRANSACTION_ERROR: 29201 [ 821.238422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.238441] ? check_preemption_disabled+0x48/0x280 [ 821.238461] ? dput.part.25+0x241/0x860 [ 821.278623] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.284190] ? check_preemption_disabled+0x48/0x280 [ 821.289222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.294785] ? mark_held_locks+0x130/0x130 [ 821.299061] ? zap_class+0x640/0x640 [ 821.302783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.308323] ? check_preemption_disabled+0x48/0x280 [ 821.313330] ? debug_smp_processor_id+0x1c/0x20 [ 821.317987] ? perf_trace_lock_acquire+0x15b/0x800 [ 821.322908] ? perf_trace_lock+0x7a0/0x7a0 [ 821.327127] ? find_held_lock+0x36/0x1c0 [ 821.331180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.336721] ? _parse_integer+0x134/0x180 [ 821.340863] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 821.346409] ? _kstrtoull+0x188/0x250 [ 821.350196] ? _parse_integer+0x180/0x180 [ 821.354345] ? zap_class+0x640/0x640 [ 821.358046] ? lock_release+0xa10/0xa10 [ 821.362008] ? find_held_lock+0x36/0x1c0 [ 821.366086] ? zap_class+0x640/0x640 [ 821.369790] ? get_pid_task+0xd6/0x1a0 [ 821.373665] ? lock_downgrade+0x900/0x900 [ 821.377818] ? check_preemption_disabled+0x48/0x280 [ 821.382825] ? find_held_lock+0x36/0x1c0 [ 821.386881] ? __f_unlock_pos+0x19/0x20 [ 821.390841] ? lock_downgrade+0x900/0x900 [ 821.394979] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 821.400504] ? proc_fail_nth_write+0x9e/0x210 [ 821.404985] ? proc_cwd_link+0x1d0/0x1d0 [ 821.409054] ? find_held_lock+0x36/0x1c0 [ 821.413109] _do_fork+0x1cb/0x11c0 [ 821.416639] ? fork_idle+0x1d0/0x1d0 [ 821.420356] ? __lock_is_held+0xb5/0x140 [ 821.424428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.429953] ? check_preemption_disabled+0x48/0x280 [ 821.434959] ? __sb_end_write+0xd9/0x110 [ 821.439011] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 821.444537] ? fput+0x130/0x1a0 [ 821.447804] ? do_syscall_64+0x9a/0x820 [ 821.451768] ? do_syscall_64+0x9a/0x820 [ 821.455730] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 821.460303] ? trace_hardirqs_on+0xbd/0x310 [ 821.464615] ? __ia32_sys_read+0xb0/0xb0 [ 821.468668] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.474022] ? trace_hardirqs_off_caller+0x300/0x300 [ 821.479117] __x64_sys_clone+0xbf/0x150 [ 821.483082] do_syscall_64+0x1b9/0x820 [ 821.486958] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 821.492312] ? syscall_return_slowpath+0x5e0/0x5e0 [ 821.497251] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.502083] ? trace_hardirqs_on_caller+0x310/0x310 [ 821.507088] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 821.512092] ? prepare_exit_to_usermode+0x291/0x3b0 [ 821.517097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.521946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.527121] RIP: 0033:0x457569 [ 821.530314] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 821.549206] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 821.556918] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 821.564176] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 821.571432] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 821.578688] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 821.585943] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:05 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x800) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000340)={{0x4, 0x3, 0x6, 0x1000, 'syz1\x00', 0x5}, 0x6, 0x4, 0x2, r0, 0x5, 0x2, 'syz1\x00', &(0x7f0000000100)=['$cgroup\'\x00', '/dev/vhost-vsock\x00', ']\x00', '/dev/vhost-vsock\x00', '\x00'], 0x2e, [], [0x9, 0x8, 0x98, 0x7ff]}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:44:05 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xffff000000000000}}) 08:44:05 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fw,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:05 executing program 5 (fault-call:1 fault-nth:27): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 821.709843] binder: 31416:31421 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 821.724327] FAULT_INJECTION: forcing a failure. [ 821.724327] name failslab, interval 1, probability 0, space 0, times 0 [ 821.726101] 9pnet: Could not find request transport: fw [ 821.744126] CPU: 1 PID: 31424 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 821.752647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.755887] binder: 31416:31421 got reply transaction with no transaction stack [ 821.762091] Call Trace: [ 821.762123] dump_stack+0x244/0x39d [ 821.762151] ? dump_stack_print_info.cold.1+0x20/0x20 [ 821.762186] ? lock_downgrade+0x900/0x900 [ 821.776653] binder: 31416:31421 transaction failed 29201/-71, size 0-0 line 2741 [ 821.781032] ? check_preemption_disabled+0x48/0x280 [ 821.781057] should_fail.cold.4+0xa/0x17 [ 821.781079] ? fault_create_debugfs_attr+0x1f0/0x1f0 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 821.781093] ? unwind_dump+0x190/0x190 [ 821.781121] ? is_bpf_text_address+0xd3/0x170 [ 821.806255] binder: undelivered TRANSACTION_ERROR: 29201 [ 821.806947] ? kernel_text_address+0x79/0xf0 [ 821.806973] ? __kernel_text_address+0xd/0x40 [ 821.829684] ? unwind_get_return_address+0x61/0xa0 [ 821.834632] ? __save_stack_trace+0x8d/0xf0 [ 821.838989] ? save_stack+0xa9/0xd0 [ 821.842629] ? save_stack+0x43/0xd0 [ 821.846269] ? kasan_kmalloc+0xc7/0xe0 [ 821.850177] ? kasan_slab_alloc+0x12/0x20 [ 821.854344] ? kmem_cache_alloc+0x12e/0x730 08:44:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 821.858682] ? vm_area_dup+0x7a/0x230 [ 821.862497] ? copy_process+0x42a5/0x8770 [ 821.866658] ? __x64_sys_clone+0xbf/0x150 [ 821.870824] ? do_syscall_64+0x1b9/0x820 [ 821.874902] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.880290] ? percpu_ref_put_many+0x11c/0x260 [ 821.884899] __should_failslab+0x124/0x180 [ 821.889150] should_failslab+0x9/0x14 [ 821.892974] kmem_cache_alloc+0x47/0x730 [ 821.897047] ? rcu_softirq_qs+0x20/0x20 [ 821.901038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.906597] anon_vma_clone+0x140/0x710 [ 821.910594] ? unlink_anon_vmas+0xa60/0xa60 [ 821.914938] ? dup_userfaultfd+0x6d8/0x890 [ 821.915476] binder: 31434:31435 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 821.919196] anon_vma_fork+0xf4/0x820 [ 821.919220] ? anon_vma_clone+0x710/0x710 [ 821.919240] ? vm_area_dup+0x1a8/0x230 [ 821.919259] ? vm_area_alloc+0x1d0/0x1d0 [ 821.943225] copy_process+0x47cc/0x8770 [ 821.947253] ? __cleanup_sighand+0x70/0x70 [ 821.948811] binder: 31434:31435 got reply transaction with no transaction stack 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 821.951508] ? perf_trace_lock_acquire+0x15b/0x800 [ 821.951534] ? print_usage_bug+0xc0/0xc0 [ 821.951558] ? ima_match_policy+0x848/0x1560 [ 821.972384] ? check_preemption_disabled+0x48/0x280 [ 821.977448] ? print_usage_bug+0xc0/0xc0 [ 821.981528] ? kasan_check_read+0x11/0x20 [ 821.985697] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 821.991004] ? __lock_acquire+0x62f/0x4c20 [ 821.995272] ? mark_held_locks+0x130/0x130 [ 821.999541] ? mark_held_locks+0x130/0x130 [ 822.003794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:44:05 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) [ 822.009349] ? check_preemption_disabled+0x48/0x280 [ 822.014386] ? debug_smp_processor_id+0x1c/0x20 [ 822.019079] ? print_usage_bug+0xc0/0xc0 [ 822.023151] ? check_preemption_disabled+0x48/0x280 [ 822.028195] ? print_usage_bug+0xc0/0xc0 [ 822.032285] ? perf_trace_lock_acquire+0x15b/0x800 [ 822.037232] ? zap_class+0x640/0x640 [ 822.040990] ? __lock_acquire+0x62f/0x4c20 [ 822.045253] ? mark_held_locks+0x130/0x130 [ 822.049521] ? __lock_acquire+0x62f/0x4c20 [ 822.053778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.059333] ? check_preemption_disabled+0x48/0x280 [ 822.064366] ? dput.part.25+0x241/0x860 [ 822.068364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.073924] ? check_preemption_disabled+0x48/0x280 [ 822.078959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.083114] 9pnet: Could not find request transport: fw [ 822.084521] ? mark_held_locks+0x130/0x130 [ 822.084552] ? zap_class+0x640/0x640 [ 822.097852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.103408] ? check_preemption_disabled+0x48/0x280 [ 822.108446] ? debug_smp_processor_id+0x1c/0x20 [ 822.113129] ? perf_trace_lock_acquire+0x15b/0x800 [ 822.118089] ? perf_trace_lock+0x7a0/0x7a0 [ 822.118105] ? find_held_lock+0x36/0x1c0 [ 822.118122] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.118146] ? _parse_integer+0x134/0x180 [ 822.126438] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 822.126455] ? _kstrtoull+0x188/0x250 [ 822.126475] ? _parse_integer+0x180/0x180 [ 822.126490] ? zap_class+0x640/0x640 [ 822.126509] ? lock_release+0xa10/0xa10 [ 822.157331] ? find_held_lock+0x36/0x1c0 [ 822.161410] ? zap_class+0x640/0x640 [ 822.165135] ? get_pid_task+0xd6/0x1a0 [ 822.169022] ? lock_downgrade+0x900/0x900 [ 822.173159] ? check_preemption_disabled+0x48/0x280 [ 822.178180] ? find_held_lock+0x36/0x1c0 [ 822.182258] ? __f_unlock_pos+0x19/0x20 [ 822.186243] ? lock_downgrade+0x900/0x900 [ 822.190382] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 822.195917] ? proc_fail_nth_write+0x9e/0x210 [ 822.200410] ? proc_cwd_link+0x1d0/0x1d0 [ 822.204466] ? find_held_lock+0x36/0x1c0 [ 822.208522] _do_fork+0x1cb/0x11c0 [ 822.212055] ? fork_idle+0x1d0/0x1d0 [ 822.215758] ? __lock_is_held+0xb5/0x140 [ 822.219813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.225340] ? check_preemption_disabled+0x48/0x280 [ 822.230353] ? __sb_end_write+0xd9/0x110 [ 822.234420] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 822.239965] ? fput+0x130/0x1a0 [ 822.243248] ? do_syscall_64+0x9a/0x820 [ 822.247237] ? do_syscall_64+0x9a/0x820 [ 822.251216] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 822.255791] ? trace_hardirqs_on+0xbd/0x310 [ 822.260194] ? __ia32_sys_read+0xb0/0xb0 [ 822.264244] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.269598] ? trace_hardirqs_off_caller+0x300/0x300 [ 822.274696] __x64_sys_clone+0xbf/0x150 [ 822.278697] do_syscall_64+0x1b9/0x820 [ 822.282581] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 822.287937] ? syscall_return_slowpath+0x5e0/0x5e0 [ 822.292853] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 822.297690] ? trace_hardirqs_on_caller+0x310/0x310 [ 822.302701] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 822.307706] ? prepare_exit_to_usermode+0x291/0x3b0 [ 822.312730] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 822.317584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.322764] RIP: 0033:0x457569 [ 822.325948] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 822.344837] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 822.352536] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 822.359811] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 822.367066] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 822.374321] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 822.381594] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:06 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0xefe, 0x103200) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(r1, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000100)) tkill(r0, 0x1004000000016) 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:06 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'r.dno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:06 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x100000000000000}}) 08:44:06 executing program 5 (fault-call:1 fault-nth:28): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 822.585957] binder: 31455:31456 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 822.586585] FAULT_INJECTION: forcing a failure. [ 822.586585] name failslab, interval 1, probability 0, space 0, times 0 [ 822.600536] 9pnet: Insufficient options for proto=fd [ 822.616184] binder: 31455:31456 got reply transaction with no transaction stack [ 822.626478] CPU: 1 PID: 31460 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 822.634986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 822.644609] Call Trace: [ 822.647217] dump_stack+0x244/0x39d [ 822.650861] ? dump_stack_print_info.cold.1+0x20/0x20 [ 822.654374] 9pnet: Insufficient options for proto=fd [ 822.656069] ? __kernel_text_address+0xd/0x40 [ 822.656097] should_fail.cold.4+0xa/0x17 [ 822.656117] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 822.656133] ? perf_trace_lock+0x7a0/0x7a0 [ 822.656155] ? save_stack+0xa9/0xd0 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 822.682735] ? kasan_kmalloc+0xc7/0xe0 [ 822.686635] ? kasan_slab_alloc+0x12/0x20 [ 822.690795] ? kmem_cache_alloc+0x12e/0x730 [ 822.695138] ? zap_class+0x640/0x640 [ 822.698870] ? _do_fork+0x1cb/0x11c0 [ 822.702598] ? do_syscall_64+0x1b9/0x820 [ 822.706673] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.712059] ? percpu_ref_put_many+0x11c/0x260 [ 822.716659] ? lock_downgrade+0x900/0x900 [ 822.720824] ? __lock_is_held+0xb5/0x140 [ 822.724907] ? lock_acquire+0x1ed/0x520 [ 822.728896] ? anon_vma_clone+0x1a9/0x710 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 822.733069] ? lock_release+0xa10/0xa10 [ 822.737056] ? perf_trace_sched_process_exec+0x860/0x860 [ 822.742529] ? __lock_is_held+0xb5/0x140 [ 822.746617] __should_failslab+0x124/0x180 [ 822.750876] should_failslab+0x9/0x14 [ 822.754689] kmem_cache_alloc+0x47/0x730 [ 822.758766] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 822.764241] anon_vma_clone+0x140/0x710 [ 822.768241] ? unlink_anon_vmas+0xa60/0xa60 [ 822.772579] ? dup_userfaultfd+0x6d8/0x890 [ 822.776833] anon_vma_fork+0xf4/0x820 [ 822.780655] ? anon_vma_clone+0x710/0x710 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 822.784827] ? vm_area_dup+0x1a8/0x230 [ 822.788729] ? vm_area_alloc+0x1d0/0x1d0 [ 822.792818] copy_process+0x47cc/0x8770 [ 822.796851] ? __cleanup_sighand+0x70/0x70 [ 822.801115] ? perf_trace_lock_acquire+0x15b/0x800 [ 822.806066] ? print_usage_bug+0xc0/0xc0 [ 822.810150] ? ima_match_policy+0x848/0x1560 [ 822.814583] ? check_preemption_disabled+0x48/0x280 [ 822.819615] ? print_usage_bug+0xc0/0xc0 [ 822.823696] ? kasan_check_read+0x11/0x20 [ 822.828238] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 822.833539] ? __lock_acquire+0x62f/0x4c20 [ 822.837816] ? mark_held_locks+0x130/0x130 [ 822.842081] ? mark_held_locks+0x130/0x130 [ 822.846333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.851883] ? check_preemption_disabled+0x48/0x280 [ 822.856925] ? debug_smp_processor_id+0x1c/0x20 [ 822.861609] ? print_usage_bug+0xc0/0xc0 [ 822.865683] ? check_preemption_disabled+0x48/0x280 [ 822.870715] ? print_usage_bug+0xc0/0xc0 [ 822.874805] ? perf_trace_lock_acquire+0x15b/0x800 [ 822.879747] ? zap_class+0x640/0x640 [ 822.883498] ? __lock_acquire+0x62f/0x4c20 [ 822.887762] ? mark_held_locks+0x130/0x130 [ 822.892018] ? __lock_acquire+0x62f/0x4c20 [ 822.896246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.901790] ? check_preemption_disabled+0x48/0x280 [ 822.906803] ? dput.part.25+0x241/0x860 [ 822.910769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.916308] ? check_preemption_disabled+0x48/0x280 [ 822.921329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.926871] ? mark_held_locks+0x130/0x130 [ 822.931103] ? zap_class+0x640/0x640 [ 822.934801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.940324] ? check_preemption_disabled+0x48/0x280 [ 822.945332] ? debug_smp_processor_id+0x1c/0x20 [ 822.950003] ? perf_trace_lock_acquire+0x15b/0x800 [ 822.954926] ? perf_trace_lock+0x7a0/0x7a0 [ 822.959148] ? find_held_lock+0x36/0x1c0 [ 822.963214] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.968740] ? _parse_integer+0x134/0x180 [ 822.972893] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 822.978424] ? _kstrtoull+0x188/0x250 [ 822.982226] ? _parse_integer+0x180/0x180 [ 822.986364] ? zap_class+0x640/0x640 [ 822.990065] ? lock_release+0xa10/0xa10 [ 822.994030] ? find_held_lock+0x36/0x1c0 [ 822.998079] ? zap_class+0x640/0x640 [ 823.001783] ? get_pid_task+0xd6/0x1a0 [ 823.005658] ? lock_downgrade+0x900/0x900 [ 823.009797] ? check_preemption_disabled+0x48/0x280 [ 823.014803] ? find_held_lock+0x36/0x1c0 [ 823.018859] ? __f_unlock_pos+0x19/0x20 [ 823.022821] ? lock_downgrade+0x900/0x900 [ 823.026959] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 823.032487] ? proc_fail_nth_write+0x9e/0x210 [ 823.036970] ? proc_cwd_link+0x1d0/0x1d0 [ 823.041025] ? find_held_lock+0x36/0x1c0 [ 823.045084] _do_fork+0x1cb/0x11c0 [ 823.048630] ? fork_idle+0x1d0/0x1d0 [ 823.052333] ? __lock_is_held+0xb5/0x140 [ 823.056384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.061934] ? check_preemption_disabled+0x48/0x280 [ 823.066943] ? __sb_end_write+0xd9/0x110 [ 823.070995] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 823.076521] ? fput+0x130/0x1a0 [ 823.079790] ? do_syscall_64+0x9a/0x820 [ 823.083766] ? do_syscall_64+0x9a/0x820 [ 823.087744] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 823.092315] ? trace_hardirqs_on+0xbd/0x310 [ 823.096623] ? __ia32_sys_read+0xb0/0xb0 [ 823.100672] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.106025] ? trace_hardirqs_off_caller+0x300/0x300 [ 823.111120] __x64_sys_clone+0xbf/0x150 [ 823.115087] do_syscall_64+0x1b9/0x820 [ 823.118975] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 823.124327] ? syscall_return_slowpath+0x5e0/0x5e0 [ 823.129241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 823.134071] ? trace_hardirqs_on_caller+0x310/0x310 [ 823.139093] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 823.144100] ? prepare_exit_to_usermode+0x291/0x3b0 [ 823.149107] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 823.153953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.159142] RIP: 0033:0x457569 [ 823.162330] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 823.181234] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 823.188929] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 823.196188] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 823.203446] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 823.210713] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 823.217972] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:06 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) ptrace$pokeuser(0x6, r0, 0x84, 0x6) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f00000000c0)={0x28, 0x0, 0xfffffffffffffffc, @host}, 0x52) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:06 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:06 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'r/dno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 823.287889] binder: 31488:31490 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 823.318049] binder: 31488:31490 got reply transaction with no transaction stack [ 823.326509] 9pnet: Insufficient options for proto=fd [ 823.351392] 9pnet: Insufficient options for proto=fd 08:44:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:07 executing program 5 (fault-call:1 fault-nth:29): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:07 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:07 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xfeffffff}}) 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfbno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 823.449324] FAULT_INJECTION: forcing a failure. [ 823.449324] name failslab, interval 1, probability 0, space 0, times 0 [ 823.459738] 9pnet: Insufficient options for proto=fd [ 823.466481] binder: 31507:31508 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 823.477913] 9pnet: Insufficient options for proto=fd [ 823.485453] binder: 31507:31508 got reply transaction with no transaction stack [ 823.496818] CPU: 0 PID: 31504 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 823.505331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.514703] Call Trace: [ 823.517314] dump_stack+0x244/0x39d [ 823.518315] binder_transaction: 3 callbacks suppressed [ 823.518332] binder: 31507:31508 transaction failed 29201/-71, size 0-0 line 2741 [ 823.520965] ? dump_stack_print_info.cold.1+0x20/0x20 [ 823.520987] ? __kernel_text_address+0xd/0x40 [ 823.521007] ? unwind_get_return_address+0x61/0xa0 [ 823.521037] should_fail.cold.4+0xa/0x17 [ 823.544860] binder_release_work: 3 callbacks suppressed [ 823.544868] binder: undelivered TRANSACTION_ERROR: 29201 [ 823.548437] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 823.548461] ? save_stack+0xa9/0xd0 [ 823.548478] ? kasan_kmalloc+0xc7/0xe0 [ 823.548491] ? kasan_slab_alloc+0x12/0x20 [ 823.548507] ? kmem_cache_alloc+0x12e/0x730 [ 823.548522] ? anon_vma_clone+0x140/0x710 [ 823.548536] ? anon_vma_fork+0xf4/0x820 [ 823.548551] ? copy_process+0x47cc/0x8770 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfIno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 823.548569] ? _do_fork+0x1cb/0x11c0 [ 823.563089] 9pnet: Insufficient options for proto=fd [ 823.563444] ? do_syscall_64+0x1b9/0x820 [ 823.563462] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.563483] ? percpu_ref_put_many+0x11c/0x260 [ 823.576087] 9pnet: Insufficient options for proto=fd [ 823.580222] ? lock_downgrade+0x900/0x900 [ 823.580239] ? check_preemption_disabled+0x48/0x280 [ 823.580263] ? kasan_check_read+0x11/0x20 [ 823.580284] ? zap_class+0x640/0x640 [ 823.598710] 9pnet: Insufficient options for proto=fd 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfQno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:07 executing program 4: r0 = gettid() r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x23, &(0x7f00000000c0)={@dev, @multicast1, 0x0}, &(0x7f0000000180)=0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'erspan0\x00', r2}) r3 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000340)) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) fcntl$getownex(r4, 0x10, &(0x7f0000000100)) timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000040)={@hyper}) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r7, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(r5, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x989680}}, &(0x7f00000001c0)) tkill(r0, 0x1004000000016) [ 823.600546] ? rcu_softirq_qs+0x20/0x20 [ 823.600570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.600586] ? check_preemption_disabled+0x48/0x280 [ 823.600612] ? __lock_is_held+0xb5/0x140 [ 823.628931] __should_failslab+0x124/0x180 [ 823.638100] should_failslab+0x9/0x14 [ 823.638118] kmem_cache_alloc+0x47/0x730 [ 823.638138] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 823.638163] anon_vma_clone+0x140/0x710 [ 823.638191] ? unlink_anon_vmas+0xa60/0xa60 [ 823.691338] ? dup_userfaultfd+0x6d8/0x890 [ 823.695597] anon_vma_fork+0xf4/0x820 [ 823.699611] ? anon_vma_clone+0x710/0x710 [ 823.703778] ? vm_area_dup+0x1a8/0x230 [ 823.707685] ? vm_area_alloc+0x1d0/0x1d0 [ 823.711769] copy_process+0x47cc/0x8770 [ 823.715805] ? __cleanup_sighand+0x70/0x70 [ 823.720072] ? perf_trace_lock_acquire+0x15b/0x800 [ 823.723025] 9pnet: Insufficient options for proto=fd [ 823.725020] ? print_usage_bug+0xc0/0xc0 [ 823.725045] ? ima_match_policy+0x848/0x1560 [ 823.725067] ? check_preemption_disabled+0x48/0x280 [ 823.739153] 9pnet: Insufficient options for proto=fd 08:44:07 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {r4, r5+10000000}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfRno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 823.743649] ? print_usage_bug+0xc0/0xc0 [ 823.743676] ? kasan_check_read+0x11/0x20 [ 823.743700] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 823.762265] ? __lock_acquire+0x62f/0x4c20 [ 823.766545] ? mark_held_locks+0x130/0x130 [ 823.770811] ? mark_held_locks+0x130/0x130 [ 823.775067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.780617] ? check_preemption_disabled+0x48/0x280 [ 823.785659] ? debug_smp_processor_id+0x1c/0x20 [ 823.790352] ? print_usage_bug+0xc0/0xc0 [ 823.794443] ? check_preemption_disabled+0x48/0x280 [ 823.799481] ? print_usage_bug+0xc0/0xc0 [ 823.803571] ? perf_trace_lock_acquire+0x15b/0x800 [ 823.808524] ? zap_class+0x640/0x640 [ 823.812282] ? __lock_acquire+0x62f/0x4c20 [ 823.816552] ? mark_held_locks+0x130/0x130 [ 823.820809] ? __lock_acquire+0x62f/0x4c20 [ 823.825064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.826759] 9pnet: Insufficient options for proto=fd [ 823.830617] ? check_preemption_disabled+0x48/0x280 [ 823.830636] ? dput.part.25+0x241/0x860 [ 823.830653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfuno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 823.830680] ? check_preemption_disabled+0x48/0x280 [ 823.840825] 9pnet: Insufficient options for proto=fd [ 823.844761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.844788] ? mark_held_locks+0x130/0x130 [ 823.844818] ? zap_class+0x640/0x640 [ 823.873905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.879460] ? check_preemption_disabled+0x48/0x280 [ 823.884497] ? debug_smp_processor_id+0x1c/0x20 [ 823.889180] ? perf_trace_lock_acquire+0x15b/0x800 [ 823.894132] ? perf_trace_lock+0x7a0/0x7a0 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfwno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 823.898385] ? find_held_lock+0x36/0x1c0 [ 823.902475] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.908025] ? _parse_integer+0x134/0x180 [ 823.909581] 9pnet: Insufficient options for proto=fd [ 823.912192] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 823.912211] ? _kstrtoull+0x188/0x250 [ 823.912229] ? _parse_integer+0x180/0x180 [ 823.912249] ? zap_class+0x640/0x640 [ 823.920291] 9pnet: Insufficient options for proto=fd [ 823.922888] ? lock_release+0xa10/0xa10 [ 823.922912] ? find_held_lock+0x36/0x1c0 [ 823.922936] ? zap_class+0x640/0x640 [ 823.951438] ? get_pid_task+0xd6/0x1a0 [ 823.955339] ? lock_downgrade+0x900/0x900 [ 823.955356] ? check_preemption_disabled+0x48/0x280 [ 823.955381] ? find_held_lock+0x36/0x1c0 [ 823.955418] ? __f_unlock_pos+0x19/0x20 [ 823.964568] ? lock_downgrade+0x900/0x900 [ 823.976731] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 823.982282] ? proc_fail_nth_write+0x9e/0x210 [ 823.986793] ? proc_cwd_link+0x1d0/0x1d0 [ 823.990882] ? find_held_lock+0x36/0x1c0 [ 823.993363] 9pnet: Insufficient options for proto=fd [ 823.994966] _do_fork+0x1cb/0x11c0 [ 823.994991] ? fork_idle+0x1d0/0x1d0 [ 823.995011] ? __lock_is_held+0xb5/0x140 [ 824.003040] 9pnet: Insufficient options for proto=fd [ 824.003661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.003687] ? check_preemption_disabled+0x48/0x280 [ 824.003709] ? __sb_end_write+0xd9/0x110 [ 824.031162] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 824.036723] ? fput+0x130/0x1a0 [ 824.040023] ? do_syscall_64+0x9a/0x820 [ 824.044014] ? do_syscall_64+0x9a/0x820 [ 824.048012] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 824.052605] ? trace_hardirqs_on+0xbd/0x310 [ 824.056923] ? __ia32_sys_read+0xb0/0xb0 [ 824.060975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.066329] ? trace_hardirqs_off_caller+0x300/0x300 [ 824.071433] __x64_sys_clone+0xbf/0x150 [ 824.075409] do_syscall_64+0x1b9/0x820 [ 824.079286] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 824.084637] ? syscall_return_slowpath+0x5e0/0x5e0 [ 824.089556] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.094389] ? trace_hardirqs_on_caller+0x310/0x310 [ 824.099412] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 824.104430] ? prepare_exit_to_usermode+0x291/0x3b0 [ 824.109438] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.114283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.119476] RIP: 0033:0x457569 [ 824.122658] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 824.141566] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 08:44:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 824.149263] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 824.156520] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 824.163777] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 824.171033] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 824.178289] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:07 executing program 5 (fault-call:1 fault-nth:30): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:07 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x20100000}}) 08:44:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfSno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:07 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 824.212198] binder: 31542:31543 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 824.225876] binder: 31542:31543 got reply transaction with no transaction stack 08:44:07 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 824.255274] binder: 31542:31543 transaction failed 29201/-71, size 0-0 line 2741 [ 824.270870] 9pnet: Insufficient options for proto=fd [ 824.280038] binder: undelivered TRANSACTION_ERROR: 29201 [ 824.295880] 9pnet: Insufficient options for proto=fd 08:44:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:08 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 824.321981] FAULT_INJECTION: forcing a failure. [ 824.321981] name failslab, interval 1, probability 0, space 0, times 0 [ 824.347020] CPU: 1 PID: 31556 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 824.355552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.364920] Call Trace: [ 824.367534] dump_stack+0x244/0x39d [ 824.371197] ? dump_stack_print_info.cold.1+0x20/0x20 [ 824.376438] should_fail.cold.4+0xa/0x17 [ 824.380522] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 824.385648] ? find_held_lock+0x36/0x1c0 [ 824.389733] ? zap_class+0x640/0x640 [ 824.393462] ? lock_downgrade+0x900/0x900 [ 824.397620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.399946] binder: 31557:31558 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 824.403172] ? check_preemption_disabled+0x48/0x280 [ 824.403203] ? find_held_lock+0x36/0x1c0 [ 824.417084] binder: 31557:31558 got reply transaction with no transaction stack [ 824.420332] ? __lock_is_held+0xb5/0x140 [ 824.420365] ? perf_trace_sched_process_exec+0x860/0x860 [ 824.427893] binder: 31557:31558 transaction failed 29201/-71, size 0-0 line 2741 [ 824.431869] __should_failslab+0x124/0x180 [ 824.431891] should_failslab+0x9/0x14 [ 824.439915] binder: undelivered TRANSACTION_ERROR: 29201 [ 824.444852] kmem_cache_alloc+0x2be/0x730 [ 824.444875] ? dup_userfaultfd+0x6d8/0x890 [ 824.444897] anon_vma_fork+0x196/0x820 [ 824.470664] ? anon_vma_clone+0x710/0x710 [ 824.474817] ? vm_area_dup+0x1a8/0x230 [ 824.478694] ? vm_area_alloc+0x1d0/0x1d0 [ 824.482748] copy_process+0x47cc/0x8770 [ 824.486730] ? __cleanup_sighand+0x70/0x70 [ 824.490957] ? perf_trace_lock_acquire+0x15b/0x800 [ 824.495880] ? print_usage_bug+0xc0/0xc0 [ 824.499933] ? ima_match_policy+0x848/0x1560 [ 824.504331] ? check_preemption_disabled+0x48/0x280 [ 824.509337] ? print_usage_bug+0xc0/0xc0 [ 824.513386] ? kasan_check_read+0x11/0x20 [ 824.517533] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 824.522801] ? __lock_acquire+0x62f/0x4c20 [ 824.527035] ? mark_held_locks+0x130/0x130 [ 824.531280] ? mark_held_locks+0x130/0x130 [ 824.535507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.541034] ? check_preemption_disabled+0x48/0x280 [ 824.546043] ? debug_smp_processor_id+0x1c/0x20 [ 824.550699] ? print_usage_bug+0xc0/0xc0 [ 824.554753] ? check_preemption_disabled+0x48/0x280 [ 824.559781] ? print_usage_bug+0xc0/0xc0 [ 824.563840] ? perf_trace_lock_acquire+0x15b/0x800 [ 824.568770] ? zap_class+0x640/0x640 [ 824.572484] ? __lock_acquire+0x62f/0x4c20 [ 824.576716] ? mark_held_locks+0x130/0x130 [ 824.580942] ? __lock_acquire+0x62f/0x4c20 [ 824.585174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.590701] ? check_preemption_disabled+0x48/0x280 [ 824.595704] ? dput.part.25+0x241/0x860 [ 824.599665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.605196] ? check_preemption_disabled+0x48/0x280 [ 824.610200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.615734] ? mark_held_locks+0x130/0x130 [ 824.619963] ? zap_class+0x640/0x640 [ 824.623666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.629217] ? check_preemption_disabled+0x48/0x280 [ 824.634221] ? debug_smp_processor_id+0x1c/0x20 [ 824.638879] ? perf_trace_lock_acquire+0x15b/0x800 [ 824.643799] ? perf_trace_lock+0x7a0/0x7a0 [ 824.648025] ? find_held_lock+0x36/0x1c0 [ 824.652074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.657599] ? _parse_integer+0x134/0x180 [ 824.661738] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 824.667260] ? _kstrtoull+0x188/0x250 [ 824.671050] ? _parse_integer+0x180/0x180 [ 824.675209] ? zap_class+0x640/0x640 [ 824.678909] ? lock_release+0xa10/0xa10 [ 824.682871] ? find_held_lock+0x36/0x1c0 [ 824.686918] ? zap_class+0x640/0x640 [ 824.690621] ? get_pid_task+0xd6/0x1a0 [ 824.694493] ? lock_downgrade+0x900/0x900 [ 824.698626] ? check_preemption_disabled+0x48/0x280 [ 824.703631] ? find_held_lock+0x36/0x1c0 [ 824.707685] ? __f_unlock_pos+0x19/0x20 [ 824.711646] ? lock_downgrade+0x900/0x900 [ 824.715786] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 824.721310] ? proc_fail_nth_write+0x9e/0x210 [ 824.725790] ? proc_cwd_link+0x1d0/0x1d0 [ 824.729842] ? find_held_lock+0x36/0x1c0 [ 824.733894] _do_fork+0x1cb/0x11c0 [ 824.737431] ? fork_idle+0x1d0/0x1d0 [ 824.741140] ? __lock_is_held+0xb5/0x140 [ 824.745202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.750725] ? check_preemption_disabled+0x48/0x280 [ 824.755730] ? __sb_end_write+0xd9/0x110 [ 824.759785] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 824.765311] ? fput+0x130/0x1a0 [ 824.768576] ? do_syscall_64+0x9a/0x820 [ 824.772537] ? do_syscall_64+0x9a/0x820 [ 824.776501] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 824.781072] ? trace_hardirqs_on+0xbd/0x310 [ 824.785378] ? __ia32_sys_read+0xb0/0xb0 [ 824.789435] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.794786] ? trace_hardirqs_off_caller+0x300/0x300 [ 824.799879] __x64_sys_clone+0xbf/0x150 [ 824.803845] do_syscall_64+0x1b9/0x820 [ 824.807724] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 824.813075] ? syscall_return_slowpath+0x5e0/0x5e0 [ 824.817992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.822824] ? trace_hardirqs_on_caller+0x310/0x310 [ 824.827830] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 824.832981] ? prepare_exit_to_usermode+0x291/0x3b0 [ 824.837992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.842830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.848031] RIP: 0033:0x457569 [ 824.851217] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 824.870109] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 824.877806] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 824.885062] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 824.892320] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 824.899576] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 824.906831] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:10 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000000640)={0x0, 0x200000012, 0x0, @tid=r0}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f00000006c0)={0x2, 0x0, @multicast2}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rtc0\x00', 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000600)={'veth0\x00', &(0x7f00000005c0)=@ethtool_dump={0x3e, 0x7fffffff, 0x2, 0x1c, "b59133643f1985b5de8bb55b0c5b44afc7b980a3ca74eb95485fe5d3"}}) setsockopt$llc_int(r4, 0x10c, 0x1, &(0x7f00000002c0)=0x4, 0x4) setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f00000000c0)={{0x84, @remote, 0x4e22, 0x1, 'lblc\x00', 0x22, 0x2, 0x5c}, {@local, 0x4e21, 0x2, 0x3, 0x4, 0xf38}}, 0x44) r5 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB="cb000000f257fe625a810a1c520797e5a3e41a31f54d25a986c49aa4ec0e451582cb0352a9b3faf27eed801d6f1305ecd3615c13e0de568c84223259d9a8b6b9c76644ee331552827d4dcc1e133c74d0b29997f2e128f0cfd6bcd6fd016bd18069a891fd1e518131bd00fe9a67dcc4504fc14a16bb047ce9932b85dad2dda26706f0deb39be7dff641560500000000000000db05d34a67a4d8af67dfa21ec7a0e59da2e355ee01e527baa4f38c02aedd2ae5f0b23187c002fc2bfe7a6eec1a34811fd405598cc72bb0259fa4d47df7"], &(0x7f0000000240)=0xd3) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000440)={0x0, 0x5}, &(0x7f0000000480)=0xc) getsockopt$inet_sctp6_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f00000004c0)={r6, 0x2d0, 0x5, 0x200000, 0x81, 0x4, 0xfffffffffffffe00, 0xfff, {r7, @in6={{0xa, 0x4e24, 0x5, @dev={0xfe, 0x80, [], 0xe}, 0x6aa8}}, 0x1, 0x1, 0x4, 0x5, 0x3}}, &(0x7f0000000580)=0xb0) tkill(r0, 0x1004000000016) 08:44:10 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:10 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfTno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:10 executing program 5 (fault-call:1 fault-nth:31): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:10 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x4000000}}) [ 826.840446] FAULT_INJECTION: forcing a failure. [ 826.840446] name failslab, interval 1, probability 0, space 0, times 0 [ 826.853486] binder: 31567:31573 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 826.864307] CPU: 1 PID: 31571 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 826.872822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.880300] binder: 31567:31573 got reply transaction with no transaction stack [ 826.882184] Call Trace: [ 826.882216] dump_stack+0x244/0x39d [ 826.882248] ? dump_stack_print_info.cold.1+0x20/0x20 [ 826.897187] binder: 31567:31573 transaction failed 29201/-71, size 0-0 line 2741 [ 826.901075] should_fail.cold.4+0xa/0x17 [ 826.901097] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 826.901119] ? save_stack+0xa9/0xd0 [ 826.901136] ? kasan_kmalloc+0xc7/0xe0 [ 826.916653] 9pnet: Insufficient options for proto=fd [ 826.917933] ? kasan_slab_alloc+0x12/0x20 [ 826.925171] binder: undelivered TRANSACTION_ERROR: 29201 08:44:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:10 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 826.925449] ? kmem_cache_alloc+0x12e/0x730 [ 826.944445] ? anon_vma_fork+0x196/0x820 [ 826.948515] ? copy_process+0x47cc/0x8770 [ 826.952674] ? _do_fork+0x1cb/0x11c0 [ 826.956415] ? zap_class+0x640/0x640 [ 826.960160] ? find_held_lock+0x36/0x1c0 [ 826.964253] ? __lock_is_held+0xb5/0x140 [ 826.968343] ? perf_trace_sched_process_exec+0x860/0x860 [ 826.973819] __should_failslab+0x124/0x180 [ 826.978076] should_failslab+0x9/0x14 [ 826.981893] kmem_cache_alloc+0x2be/0x730 [ 826.986068] ? dup_userfaultfd+0x6d8/0x890 08:44:10 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 826.990323] ? anon_vma_fork+0x196/0x820 [ 826.994417] anon_vma_fork+0x2c9/0x820 [ 826.998326] ? anon_vma_clone+0x710/0x710 [ 827.002278] binder: 31581:31585 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 827.002490] ? vm_area_dup+0x1a8/0x230 [ 827.002508] ? vm_area_alloc+0x1d0/0x1d0 [ 827.002537] copy_process+0x47cc/0x8770 [ 827.002586] ? __cleanup_sighand+0x70/0x70 [ 827.026009] binder: 31581:31585 got reply transaction with no transaction stack [ 827.026754] ? perf_trace_lock_acquire+0x15b/0x800 [ 827.039131] ? print_usage_bug+0xc0/0xc0 [ 827.043222] ? ima_match_policy+0x848/0x1560 [ 827.046823] binder: 31581:31585 transaction failed 29201/-71, size 0-0 line 2741 [ 827.047650] ? check_preemption_disabled+0x48/0x280 [ 827.047670] ? print_usage_bug+0xc0/0xc0 [ 827.047689] ? kasan_check_read+0x11/0x20 [ 827.047709] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 827.047731] ? __lock_acquire+0x62f/0x4c20 [ 827.077989] ? mark_held_locks+0x130/0x130 [ 827.082249] ? mark_held_locks+0x130/0x130 [ 827.084694] binder: undelivered TRANSACTION_ERROR: 29201 [ 827.086500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.086518] ? check_preemption_disabled+0x48/0x280 [ 827.086540] ? debug_smp_processor_id+0x1c/0x20 [ 827.086558] ? print_usage_bug+0xc0/0xc0 [ 827.086573] ? check_preemption_disabled+0x48/0x280 [ 827.086590] ? print_usage_bug+0xc0/0xc0 [ 827.086616] ? perf_trace_lock_acquire+0x15b/0x800 [ 827.125295] ? zap_class+0x640/0x640 [ 827.129045] ? __lock_acquire+0x62f/0x4c20 [ 827.133308] ? mark_held_locks+0x130/0x130 [ 827.137568] ? __lock_acquire+0x62f/0x4c20 08:44:10 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) r3 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000340)="e03424552d8b4b672c460d1244cda2701fdf5503118c5f70fdd70f416974b7b5231e861e3019381e92e80cbfbfb3869535dc58bb7fdbf3a3853890fbf4bd25528b5cca0385db4fb467be456b3a422161daa8389ea23c2175d973cd0cf864a76a2205800dac1ac51b7faa9bd7c00e363c7513b2277667984fe2a6280335984f35e30b47961a02ebaae63dd24df047028c0d5726eb8dfef01d9010f1e06ae6050ba376942f903d94f3a2f9bf377ae1609d3c8ee531c96919c0134063de057bed43d8b3d6f76b6622b3e91f5f521162e8411d4b6f1643ea84c5d355aa386a0f570beba41cc51d6459efe6e64c8213d6d7d44970de203783a816bcf344aeca86cadd99ae7b64b4182b06b03dfb998d6205ea93d4596de216914927795205ac313faeb2ba8491949cfdbc68d297c8ca834286b25398c548cea1351f5d8d7168aab7ef2bd31626a4df38d20ff59a3fb1615034cd5bc6baab00fa4facf7370fba01ae06c45fcc44e1a326f497467ae5b0efa96f65bb1267eb1705f76e77020a65bca2d93b3abc75fc07b15c0f2b014e35a6fbbb3011d44de8cdfed96fe7ce837234d0ee93eff964729bfb9f9b4d460be652038ea21ef7291ad9de9c2773c9efba1b70945922ad2b08e1c0939d2ea32028681591e6971d7003722e98e55172047048813e81e11dc913d477e6da89da9f8b442c0d9d1e085bdea21a387a9c4159dd57869e8ec914a9942319f176a1c66be0c6ced051d2b1438ccee48e19e651cd65ae6f838b37d2667f085e3ccb6080927b6daba0c13155d32a539e34642ab76bc91d3722f51f66f12c1495c255025a33d5dd88125723cdd1fdaa919d496008e20898c33168f2b1f445f7672796ba0a7bdd5d71cde61a63ded0411423cca787e45a67a4cc8decda4281233697e07b36c1beeb51d7b694f53c51efab37949f27f60b5af98717fa15592838816697b45309c59495ab97cb8e9ba09410d513685a3e6f8ebd2593232ba443e0f45e47c24a8afef158e6a70b4a2493a030a339c531d8b8789df99d2e2d3772ef1c14d5b79f634c73d48f95a7ccaac804f207f6cc6a4585914fcf83314e99997395bd313ad3bb3b3ef5c32c73fadd12aee32d31d980cce7ce0aa78427c91caaae82cdae7838632f4def8ccffa4d155004cd31927598eaa2d3799744def672388442851ab0adca41a0f18193d43f9e75d42b52b59ab025b9a0ba22c1d28882ea29b141da45fa96450d825605c260930bd7408ea0e8bfb6ad1c0b23876babf87bcefe7cf6636f52679dee562026b12211235956f46eed9f6c75db7dabccba9a1b8ac2ba2c2fdfd9575c8fc6e3deb4c15923872e5ecec40d0a749b5a0b640f703fc789a81b8e4d0a2e18fd22e1a68b17bc48d863d54accb046a0cb94206381462b45fd40cf3b13677fb433cd0a717b160471c88cfca43b11971d62677e8e0b3e45c4a38d543dd75198891ff2ed7a5a6972770fbc30fa298dd7abd24fe6da9f02bed241815bd4faa934fc60f03ea297cd8fd847671f207da9abb18c716decc460eac8eaa8bb6d15232ecee016b64d39d41453bcbd215b0a8a22c83e804aa77dd4c28ec6a1f37c0691eb87710bf472161550ceb8ca282c126044b4910e8dd728e09b69140cef207a3b2459bdcd54dd3ed64c1a0262a7adcf386f9fc0e3758617de37a6e5ae594fa1c27cf58833a0789eb845ac270b1a3511e7711b8df8b994d2fab8c14a1de8684aa26a7c4181746e43dfb154ea554fa372a871d2e58b0ebce90d3af3e0b8de0c0c8b9c9878812916a0d235d67c91e0f7311fc2783c4bc720caa44e86d760404fad00a62cc8fa320c2aacd35699b7f6af7c46df55aeb316191e9e4967d6567e7b85277f30927a5a30fe33a3ef767a468cadb321d1f6fd1f6cda0abcaced1c1fbf84ca1d8040221839968d64ddcfe17425b29ab57e9d634804e6d248a910edf7f51745c8188b6bf345858f82a6bbf87b7448ee5ff52ff533be8fc1c4d29c6643608f42ae34406009dbed79e4699ba682870a1c0e9df002ab4a4f775a8f9f1c13557710d9602053b7b5258db262f99b4909745a633718490629fb88e2f6ee025115cb56f5f47192ba1a28ddd1f84feb05a81ef8bf75a0c9ec2066beaeb0d1e0b9bff5da45602905b1c0defa309349d527ccac78017715244ee3b1bb5df890a9c0bfd0897c513f1f297ce124c7d6b4352f055db8744186d35f427c69735cfeb54543b9aa5fdd789059a230dbe722caaba04b2bcbc84ac5b3dedc762978a02f45b55af42d67559f016e9a82df7b8538eac05ad11be87fe8bfb02478dc52086b241e4b774b23d4718bdda36d594a576641e82183eff19b67714593484362c32717cc751d7ceabfe66d98cb8b1e9a0b39bc87c00a3bf33aa5ae4dcd3cd841cf11561397ab39ebefb4a74fe41f63cb174cc1781edf9ad918e16bfb3489e71c7904ec17509b60e2d4430dbc1d3e4b569ac0162f6375100a8702ff6ae3fac447e6043e0b80e342527c43f5a62bf7b3d8b013788d88f8657905439f8bc99e16a11642a325c88e286e89abb69cec9cf6678503abded1a742a40949f9b3fb769ae512f49c9d7aa7c834b6c2fb42a2222ebd5eb14e59b7eb2b7c4469874c43af6bcec7dba9b7add6c86440cceec97eafacfff4320f3de77ab6a6a3a06721393fd06553e5793a6e5b7748b0791accdbd14b32ebc061d39a9257a0d28887a4fc41b7c020aee5bd6d4902208315c2a244c6eb32d83e6da47a283f4ee0bd05da72d647ca8727597b0b8a27bc345cbee7e45ba1b511b1867cc63260b78852fcab36b7670ddc0543b79064a8b26483d4b080c40b8dd8717f61603efa5611ca76cb4bde031df2010376bea523444be80cda585ddf2de28c87c6169df2e0437eee3ff5a3524278cc27cd0598d1c69959fb54b05751799ab28cac9922f26087d3b1df97747eec558755c0aa289d36169c0413dbd9489235fdfa44bc72663ed480af1ca960d0df8e3e6a0d4e91318ba6491a482a3ddffe189d02756326d74079641bd27b390ca4909ef2cf0d71f608e5c3c9e4035d07a71988147e9826d0b8cf84d85d494544a831a105a58d44f2341962e22ad5d728d98acc4f30e939114de636f49e196d3e8c621ef4c898a79094eee12ba05c5152cd0372e8b34c2673a6a4f40de260c0adaa2136d0d2f41155352914309f199001bf731eed643a7f554319d6c967f8c426cfb4ef3ef47edc28ba3c7f63425669780e57ae88c480fa995deaf935da17309eaf3f39a01e714f88e194eaced35f596e698e394545ad9f72e9a7055430dd9873cb7d87c9dc48fa05c7a3948fce1ee3cb18ad6cb6b836ba3324391607e80d9f202e9774087a28ffc5e381ca26db135c3880f207ccf306b30b36cf45d5e4e741def641bbc2ca048c9461eb3001086e71a191a83c7cc4764f16ff51de76c55a9d43199bb6268e26605b877bcac77a7f7803a35a7ffabd90b8c1369da0ae25d940a6f0b43484fc07b19d521ad400724dc56d33bf715cdb424f4d3434550364e02db7a5b27cad560fc46e2420bfc0e8b3acf3996a82096a644bb228bdb1b92de0d050226e58db5bad3da0d959db780d2ee4f7ff0e2293b81dbd2b0977425ad5189e340036b02a934fa7b6cdb9a8e11935b8e6b060c5b66650d20711339096058ac7664b6ed2f0d5a95551d66d7bb5d4f4e9254b3cfce82a1a425017921a5fdaad2101be19b0e2755e59ff7f0c45f15f45edcd02bb1e3a1f181adf08626f091c7e659eb04d1ad5d28cd779a58fca99863b39ba78a8cd685cedf6ec1b359d10997dec5ef719fdfd27ed13862c9c56f2529ea330781695fbe3018d9e30072be671db4f5791e1c58d494fc2436880b8e8d962b93ebe8eb6a9e822dff117b636a77cac5a6afed2b240694d385733f7fe3907c2e7d5d12ec7fb457ddf7d3ea8f91c092ef854253a702796af5780cb8a9fdb8e0509a9dbeebe89c495bf8a86104d79917b6d71591e02eb2c60ae5219eba3e3b6266a6b37721e6476bac24e5bc1c78b41dae36207e63098aa78a60730256430af958b87da695c362b55ff986aad36e3ad991bb9da3a7bf1660743fd8d96f55cb5442530586ca2756370f8b6e979421f0890e49c0d3c5b3dac6ea0fc74f330426975edce2dea92608271fec121aae4fa771eae0437ff72aab056f2bd90b0c46c2e7c48050b63d0b633e12037bf42a33e00f2bfd1c8ec1f1023e2c7701ffa2d06f9cd14d04a99aeb894fc5bf812ad569ccf1a40af80795081ae74b740dd48b83e16ed4eec133a4e76b7b96338a8126ec394a505007087545621a5d866f90870749b81319baea5352db84f718d1e6b39c4b4ceabfa5e0f72ba91763311a55a11c0c757e8a130cb7ade2d7baee2866fef08c3e4de0f1db31f75733a29e66e1a82af3eeece7ccd8af09bfcf52bcec4e1df91107fe5adf53344b7e468f5d8f24625431292901bc7fdce330f24324d75cff0ca7553792566099635c40b26c670925a5c55c07694fdd3f2c18d7e75b130048935cc31dc383dffdb6809d8c3d42e9c60b9ef6144fa4134e79cc4f3a7094faa0f9f19507d061fbc4645158ce1a04405340383edbfc28ce7273e283ec2cfd28f044a855e6cc51d646f80446b760088dd47dcd808d5b9584ee1ad6ea461d3757a5851bb034b460511387664ca3f90d4fe04c06237d57e1706823858af43086d24efe14febd9c27d74337e7d7a92d90ed65412276e0d698815b95add70674ac8db028d6d22c2e773e20ce42b66d2e1da84a9f6caaab9af3ee4af64f253b8678f67378cdd3742f3b73db1874b5375f75964bc6d961a29c19cb3bd094ca4f37be940c0b7bf7f03ea3acae9fa94bd764c3918b2a7f1dfbeb097856e0df086598287381d9c3638237e7a2e6b9c3a3385a6d7943438cb58b8b6a2993607bd09712e8165800e520a1a1f34bc264ea408f034a04507c4e43e81d673c131aab50d43ca1987253c93678acdfee724d3adc83a37c203d26dbf732d9aafb0c4f2f2422d97ab6cd7bffb860c0db9cbf892046162f2833ae687ce040856aad5c86b578502fed3783d05b322099d6b3716a61a1f2063029b2be8af63bb235c2b2cc77ad873a5876473232d681e8de3d99667cf95b145938019187abc0ed622c259c39d8e9e7bf448483e9bd0ab2a36923bd10acabab170ffdbd20d0fd3f198ec6b6ad6bde193629229713b421588d00e6e4e7f7fb598d6fa00870fa82033b6b4a8177542a0fdbc2821758ccfefdc64b7fbe248196cc89c0ae75c8a04b5f0086bc9689165024987b72545b8b106aee9e7511b6fb2e16374a7a992a0e326e21d03f03573d6556603910f7c185d63e7e00af7f5b5dcd3b45c74e37afd09fc87a0f0a9b151237a6a3c4b399e9f9cac6b998b18cecab5175c340b25c6203f814d42a167bd85ab6ab29c93daffd84c0a2812f11bddf839254704077cc0f273e4968492763ee4ddeff3f306e5b1471c28d888cbac7033f1d9fb82cf404b2b022176dcc586050c316827bfebd2d51bc60313e85a38bd8edc1e7379f909ab76714fc230b9ca93804ed328d55fe12bbde7d25165cb6ae8e56996ef6ab7a550df49ac9e9d89694cbfe7ca7d74d8876ea9d28f9416c299d47d47247a81651feb20467e2dc1131bed350081fc30d396c593cdf86d2dbaf215bc075c5bae4324bc60e172a262a6f09ebf632dcba3345f6812a3cd60ac06fd84f2e9238e7fb639005bd70dfb6d4e17e87b0f5e5bec791119b3208877b50c8de4e5d6c952fe708404f757524e04d092d5d73be499c1b51977", 0x1000, r3) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:10 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:44:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 827.141816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.147374] ? check_preemption_disabled+0x48/0x280 [ 827.152429] ? dput.part.25+0x241/0x860 [ 827.156437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.161991] ? check_preemption_disabled+0x48/0x280 [ 827.167027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.172589] ? mark_held_locks+0x130/0x130 [ 827.176854] ? zap_class+0x640/0x640 [ 827.180587] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.186145] ? check_preemption_disabled+0x48/0x280 [ 827.191198] ? debug_smp_processor_id+0x1c/0x20 [ 827.195884] ? perf_trace_lock_acquire+0x15b/0x800 [ 827.200835] ? perf_trace_lock+0x7a0/0x7a0 [ 827.203970] binder: 31592:31595 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 827.205082] ? find_held_lock+0x36/0x1c0 [ 827.205103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.205122] ? _parse_integer+0x134/0x180 [ 827.205144] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.205160] ? _kstrtoull+0x188/0x250 [ 827.205184] ? _parse_integer+0x180/0x180 08:44:10 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 827.214457] binder: 31592:31595 got reply transaction with no transaction stack [ 827.217295] ? zap_class+0x640/0x640 [ 827.217312] ? lock_release+0xa10/0xa10 [ 827.217335] ? find_held_lock+0x36/0x1c0 [ 827.217354] ? zap_class+0x640/0x640 [ 827.217380] ? get_pid_task+0xd6/0x1a0 [ 827.234441] binder: 31592:31595 transaction failed 29201/-71, size 0-0 line 2741 [ 827.236383] ? lock_downgrade+0x900/0x900 [ 827.236410] ? check_preemption_disabled+0x48/0x280 [ 827.236437] ? find_held_lock+0x36/0x1c0 [ 827.236465] ? __f_unlock_pos+0x19/0x20 [ 827.236483] ? lock_downgrade+0x900/0x900 [ 827.251064] binder: undelivered TRANSACTION_ERROR: 29201 [ 827.251791] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.307210] ? proc_fail_nth_write+0x9e/0x210 [ 827.311722] ? proc_cwd_link+0x1d0/0x1d0 [ 827.315807] ? find_held_lock+0x36/0x1c0 [ 827.319891] _do_fork+0x1cb/0x11c0 [ 827.323452] ? fork_idle+0x1d0/0x1d0 [ 827.327192] ? __lock_is_held+0xb5/0x140 [ 827.331278] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.336829] ? check_preemption_disabled+0x48/0x280 [ 827.341867] ? __sb_end_write+0xd9/0x110 [ 827.345956] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.351525] ? fput+0x130/0x1a0 [ 827.354832] ? do_syscall_64+0x9a/0x820 [ 827.358824] ? do_syscall_64+0x9a/0x820 [ 827.362816] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 827.367427] ? trace_hardirqs_on+0xbd/0x310 [ 827.371558] binder: 31602:31605 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 827.371766] ? __ia32_sys_read+0xb0/0xb0 [ 827.371787] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.389255] ? trace_hardirqs_off_caller+0x300/0x300 [ 827.394380] __x64_sys_clone+0xbf/0x150 [ 827.398382] do_syscall_64+0x1b9/0x820 [ 827.402294] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 827.403308] binder: 31602:31605 got reply transaction with no transaction stack [ 827.407669] ? syscall_return_slowpath+0x5e0/0x5e0 [ 827.407687] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.407708] ? trace_hardirqs_on_caller+0x310/0x310 [ 827.407725] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 827.407746] ? prepare_exit_to_usermode+0x291/0x3b0 08:44:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:11 executing program 4: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x44202, 0x0) sendto(r0, &(0x7f0000000340)="74a52475b6d8884dbd9eb3608984685a8e3bd23810da41d4578b666e23ec62a673a1d9241dade9b0c5904290dbf1ecb7febccd7f0fbaf9465fe5b2a1b1d6c30147908e790a2e7c9193e5c1580e1e54dddad2b8fdd68f7734f138e1712d5dfe8ef1022bb8a8b1566f8636621cc318c3caa3bbbccb70b4c0fce526b8f0b1f1fb0ca6a4d567be91599924c8d29d9abfedd7b560fe756943b0d1f5701e74fc04c5a4bc6e1033d78315551d73c793e6dfb7a02cc5d04bb372b268306002e8d8fb65d4d59c1e6811", 0xc5, 0x20040005, &(0x7f0000000240)=@un=@abs={0x0, 0x0, 0x4e20}, 0x80) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) syz_mount_image$reiserfs(&(0x7f0000000100)='reiserfs\x00', &(0x7f00000001c0)='./file0\x00', 0xd3, 0x3, &(0x7f0000000540)=[{&(0x7f00000002c0)="88e239", 0x3, 0x7fff}, {&(0x7f0000000440)="192505e1d4285ab747828851fd30641341d1e05064a11c8854cbbdbe8f8d21af7b5485527ca992dd36d021c07f3da54bede44c309f048ebdc968d8e0f86877f1", 0x40, 0x7}, {&(0x7f0000000480)="43c3a194a5dca9b38fadb75193fa2902c6d79b5491ed952905d5d974b355fe39fd6a4a99ec49d0630cc92ecc900b8e2c141381903d12cd75192d0b8da16e8b8f66748c188750dd37648ba7b8245dc4820931698d0576932794aaaa1307cc1a1db458e8f270dc4d1366409fc7ed46ae299abbeb0d6844d68c4c0c4e797486ce56666083e408", 0x85, 0x7}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="726573697a653d3078303030303030303030303030303030322c646174613d6a6f75726e616c2c6e6f757365725f78617474722c626c6f636b2d616c6c6f6361746f723d6861736865645f72656c6f636174696f6e2c6572726f72733d726f2d72656d6f756e742c7265706c61796f6e6c793d6e6f5f756e6861736865645f72656c904c06a95c9ad56f636174696f6e2c686173683d72757061736f762c686173683d72757061736f762c7265706c61796f6e6c792c646f6e745f6d6561737572652c00"]) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r1, 0x13) tkill(r1, 0x2f) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000600)={&(0x7f00000007c0)=@newtaction={0x151c, 0x30, 0x300, 0x70bd2d, 0x25dfdbff, {0x0, 0x3a, 0x660}, [{0x128, 0x1, @m_gact={0x124, 0x13, {{0xc, 0x1, 'gact\x00'}, {0x10, 0x2, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1929, 0x2}}]}, {0x100, 0x6, "3de6b4b687ac899f6c8d37fb93bc713d30e6dcb541d11e6fa5ef737cf4108942993cc587e7cd7142072662dc89986dc6dd95d535b5f0aa43624087e2e25165df91813a8b3bbd53ff268546f0fece503e1ee9511d5dcce58cb77e04d133e89249177d0339706bf40f561275e01475a06fd028a82fd86f9d67cec16630a54a8fdf8d876b503ad997121e61ba4ae84a0fe38d35ac6d20a02a462333e660fcc69bd8c7fb9c501782ffcc9d39077fb0b061eac071327f3a62805626ae62dfac78beeb5871d1553b0bf8ffad6392a5e9bc6260ea0956c38a58ce987330f9782085481885e514ea19ad8c8237e92d5a57ad7c91c6735169bd9869da10eb2951"}}}}, {0xec, 0x1, @m_simple={0xe8, 0x1f, {{0xc, 0x1, 'simple\x00'}, {0x98, 0x2, [@TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x0, 0x6, 0x9, 0xfffffffffffffff7}}, @TCA_DEF_PARMS={0x18, 0x2, {0x401, 0xac, 0x20000000, 0x63c, 0x5}}, @TCA_DEF_DATA={0x10, 0x3, 'reiserfs\x00'}, @TCA_DEF_DATA={0xc, 0x3, '\'cgroup\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x80000001, 0x7, 0x10000000, 0x100000000000, 0x9}}, @TCA_DEF_PARMS={0x18, 0x2, {0x40, 0x2, 0x30000000, 0x43, 0x14}}, @TCA_DEF_PARMS={0x18, 0x2, {0xca75, 0x3, 0x6, 0xfffffffffffffffc, 0x6}}]}, {0x3c, 0x6, "6b588ef0fb10d19797fcb150835423f31c4a3be532319c2a378912a726416f231e6ee860508242d67b4b1aca0196b07c54cf93a6fd697cf7"}}}}, {0x174, 0x1, @m_tunnel_key={0x170, 0x8, {{0x10, 0x1, 'tunnel_key\x00'}, {0x54, 0x2, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0xfff}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x8, 0x9, 0x4e21}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0xc}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xffff, 0x8, 0x10000007, 0x6, 0x7}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x6}]}, {0x104, 0x6, "16265a53f39c1572ddd64ca7b28e341cac7183b48ab78f4887b57f23d9a85d0c702989440ec58bfa730e38273590d4142d7e0d090987266fdde3fe74bdf0480994216ebcbc3c1413264b81bb054d32a00bff49a0bb2dcaf985e881c4af2728eb9bfc1a2d053f3643d88ffe4a235e2b12b7c1ecbe02f79e9ddc10573fa92e29ad70bac52ccaf6be57b4764201d065e73bd039d47180bf01d7f2643703cf13c9d22a242a7ae08e137e3e72c662574b1cbaeaf3aac688ebf2366268649922419e6d1d647f48148d1342d4bf707b906b559fa4f635b0f579a4500b4e857d895ae900c98bdf73ace889b0ff2895d176b8800cc54f65e269a04b20fea54dc51f6492"}}}}, {0x1038, 0x1, @m_skbedit={0x1034, 0x1c, {{0xc, 0x1, 'skbedit\x00'}, {0x1c, 0x2, [@TCA_SKBEDIT_PTYPE={0x8, 0x7, 0x3}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xffff, 0x2}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x8, 0x4, 0x8f}]}, {0x1004, 0x6, "ce3744118071e2da7b8725eed3e47bf301a62f660a5f388ae303f564bc1331018506c842f0c003aebeca1b945a585a9f1cd6c6d484b49938f43e5592c18915c55a8abcb2d103b8eea91b29e2e04bcd2d2473516c27745a3dd06086468fe6eabc1cbbad207c93e2ccb6b685646776ee55b73eb17ba173e9d2c1334001a8bbb3301d0aa0fbe5391f4ea278158927cf439c40e0607d1aad0c8b20a32547d17440b0bae365c207bf2e425cf020d7f7bef3b8b36c1c033de59107138c1ca522f91928cc40b48a823deab0b5136d91270afa02921bd1e901826a6b4dc2d24b0e5c00e1373934f11e672245d3acf56ff07a1caa99369441a8cf0f08d208677c382df45698e833864e029b6412f039678fc527ecf8b299329fd237ebf99e8c03223613b9bdcb7e2752f0d1245ed42dc58985de05eb79f7cc98d62397070ec932bab5ac4d3b3249a4aad05b4cc7295b0203453da07ce9d344675126919706289a0c6a8fdbf3b06ec47a609c8fcea474b3c49df0f344432a8b037b079fbdfebf1a86d533ab92cb52d7c7232eee1ff4d34b00f25b6f5ee80326e367fdcf75cb63b08541fc49db7724390c18f830ea4bb5dc08bd3243a7598041d25ffed770859d9092bdebbdae72c4d0797fe6616cfbc7eddff76a99e8ce17a7eeba40bac37fe597b65185db91a6990f5cc7e4c1b7697dbd3fb82289cd2970965982004586711912d370c33138ac796800184b9f7427a80b726edeeacf3c383fd5d38025befcf003f26f38d3d58162995a35a3aea37aaa525287187d5a08ec7dcda0b5f089f1b0af077fa2e5e3cf6b943480626fe8c3bdb35137d38b99a7e12fb27a9523849e76fe9488b40cd7c1fa53b54a2ba118bdf5fc7e875d918222167923b2ea7f93c30931c6f69e76fa0c861b4c072ac669d8921a73e0744f81599fd68c605b222d758695d416b7b6fa1a9ad5299b55a7eb9fad43fb526f21bc2ce34bae6656c890709145c3f2794ffe557afdd4b42bb48df6ea04078112a2fb5fee66436252a895adfc6fa8932788a388c9fce00e08e232d9080c66f9edc6bcf123b4bc69530565dcb04e317f69dd6c33eb775588c45d35a64911d0c628779e54b0b64e91205f2c91cdcb048c97ab2a84c7ba7dc08436382c8d170eed72caefa66b641bc4a0f17076c5b9ae536950b78efa0ae4efe5899d7e60a02a24293c1c78101464448934774f40f6e1468d6b73cd2d2f324edfa713be0606c3bb75acbe71f39a25ed35253fa4c0183292411a5d00496869f5d64853c18993b6a5fb8aeff1d81ef16f9f32d4330b4dcf202eb082cafd4aa6e8ad234b897789db12b6349fcd5f01264f2decae1439b9ad8b2e62d12af15eab4af6246d042356e2b3e6bd9229e07e79dc54e8b34d1170d93b2ca56d4d37b58a7251729c69f8fd6204028670a7aead63dede7ead95898e4e6342c93de02a2fcdb4993d501ab9b90b64c21136ed74bdd6536035e2d237dccebb84d6e963242a3534f38d5af37eacc26f257f79422bb674bd7a48b51ec3436994c8037088b5c82c0086585bed330472d0dc37792725548de5346cfab6903410ed5662e995e0102cb0e4fe5b205bb365bf315da8ab0d0303b2739ea303c2f975fc8f4a2e200a4dcfc99bd99feaf7139f4b109b23497e16081ee65f3a03709112598adf595b860d9f54de87f692e75c85a2abc75763f9b0c53b0b32c2c2870c118f1e8ef59a20154c51f145aaa310b8410b1cb085e7a3151096c98ae87735ea4c8129e0c918442c85a3a3bec1466785504e8aaefe0d24c316e5957fe722fecd1319bafca10b7cd849b985c91d5bd985e0be84fef5212cd896237d2aade2607cac85b3c067b0eb49720208ed2cccd73f5ee15e7f36d7c9688d88dc883a5663263feaf8c907433f0cc47d9fac21be2b2a3c565a84f5943d72317f05eb340c3c6584dbad496a649f7add51436a1244c861fb3964f4b7994b2ea24c0f108f29eb603ffc6a5ce26f668ac387e8abca301bd1e6e7c67ff09985251270bb0c4f65a3a566089bc72a1e536306eda883de9aa49ab63c95a6576a6fea51298856d73789c8a3130d1f9485932bffa4e31ef1c8c84ac7873cdcffe9354602817630ea6abb424a822679b1ce500d0be7df1c4b710aec8f480c19d2a237369c24d677f2cc9437a57fff0c79fc57cbacc309e1095eabdadfca4e59c9000ca22776a633de561487100e205629e67fd7238d48eb2ed1384330924346ea472e6425c7eabb3b3d3db07a8b87cbcd6d8c53dbdffa78f13253c52a42706870b6f0a3eba3fb4d42ab4c798d7f1f986420c30a27cbbd5506eec547c946ede436de2276cd3d87263d4a21971d7f104e57dcc4816395da69040dd5aecf657be49e0e25db473dd09ec98d748465afeb3707a662b12699c816fa836a1575434014ee4f73e0483b59a23a6eceb5880c9f7f3c387a9c9b3627e47632eaee87d571b6caa18896de72438722b3c13e4757d26afd093705109e5a161be27d5b8e5a1e49c22fe5582cf1471920bc031d451927667458afd68a7aaccc0ad92919d95146577072ad1d06b7f6cba3906abd69fe5943f4ea1559f419bc50d7ee0e56922dbfa53ecdfc8f6eec17306264bb84c559730c5e2e74b408c886ac02a3c28eff053985d9f131a339715ee19bf0ff67dfe43f1173ed8e3a5c706d18a81c302d37127d15b990f95a2da5f56a38676b71cd7d07549422279578d62bb3f2148a7f787bff462621455109401e14c068341598c72f8327de1aea58e7eaf15cf4b8b1dbc034e0cb441993312b85fd2236e8eef1238daa798eca50328ca56ce702d0caeeed00561888671de9aa47b60d62922aeaf2315325302c4c1ec71e0db83d85a8260dd6c304832f4a75cbaaaa7cbf87e464292249681692ec46d47525b4c457b959dbc07fd0e34301ff12d1830393a1cd2ce770dbdc039eacc2ead5e7936cdb3244a6da582d293117da6b49a7bb933159d8b8a770748eda07774d0963a26d504acdd17245af956410d9df40787896da680dfe12b28131bcdd674253674046cadf322d3e08128090b6b103a44b6fbda4413c5868a7fc38681ce77590233c70aa9b0410c3f19cc3864d5d639266f030c5050aff47cdb3b374203004b81046132e5e570930a03a1881058d53342d9ca86e4530fb5898008f4f415eee818cece87eb235df07c4899c04988db9b2e3b70899ed49fe3b5732dd09cbb2c3134bc4e210629066d6d0614a0c738aee65e89b2cc2ea571145de69663455e33ee2a42de6d5fc28a43e1199dcf7db28a077b094837adfc5f85afcb84b7fde3726f648b6ee8229a29d9d3a7d65997d1e0571f79b55ab228a1610d862642e41b53582658938efbfb4f7026aa05ae707f8be672920a58a9564f437e79e5f6cef8b85ab4a51a2afb4b9545583252f4ec3945d0ef7f8ab0334dd8b7133f327d984cf6d537c3a7d13366efbfda674f8c7d708ffa6f288f7f570f5781d212011788f16e310940ab3bec40b448520bee456ae928fe65400467b0e43961aa48dc952de76fa6cdd49cdd6a658ae111129f9e97ce65459b9f357594b2f3d339ce6b1327d6eb86ca4f74287126848446278772e130bd1d7d4b4f8f8a92ac0eafdae7c34645b74e0c2dd53dd9eaa8bf1112383f96680693c04db16d5c620b54fb89f632c2967ce0d5eb2644d69cdc54f73841f6868887edd04ab48196c1bd3f1c36ba9b1b8443d12293520fdd13061d9145b92aea40d60dffe24101d53e9d6406b8032462edb6ee41bee775ee471257408cae1606c015d09afdef36fdc9c292f3286c4db10ae6a44a163d3de48dab8e49f5c243fb4f019150f106cd7ecef156c72354fff3f251263485fd842c24168bdccb78521516e565b892be41bcbc31ef607517bc2bdf1e5f7269acb26ad3c819f2d251e7f03e11b45db9aed0e12ffc0550d499215d1f27677952a9ef35e5bf22ed0606dff8fe0011f5dd4bc479212af16f815ed985f18c4e11de7e35650b25a6024152f82c1b890a17c6b4c990e9a0224f2a072c4585502f528ec59c80aa52779d854a3fcbae319b1c5664c519668091d81508eea1b2b9ccaa1e6bcaaa9d3f1a3530d771d3ba7aa25ae56f80b55e37540437a90e791e3ef050ce4f90d46f827e7da47780d6ece521e789e695723ddcb222c534abf9892f8a5bf9e601c117a3a64ad982041fa162062e0f70ef6695fea9147038b65f5e9727f9f48ff2c8be3f2800ccc1c56f8fd8c3b83edea6ea7b7794f5c2b2474add61aa0ac2bdb99d41f19a11c36a03f561affdcf0d29e000339aeb49355ffa34f7135988059ae247d0dfc67ca05116a1ed09968008d1f0ee8d678144fe1d8fc1572f0952910938053d698d0d5dd6b9b2aeffe18e26463f199e6cdffeeed680df9bc256deb4a41f2f1bcab134eeb89efaaacaebce97f46a5f847d9c3608a86216a7350bea807ee5fbadfac6b96f97ea2f5ec03707f99df65d569bdef51cf42dc78b0876c02013496b5e1d48663c774f768fa1ff3e022bac02dfc47e0873d74a1753cdcb1d1ddebd224e92c3ea74cbbb3481770fc5107b7cc37e56bfdcf5649d8853728499701f5e026ca39ffedd9b1307356c870a3b065531562245e003f124a3267e2a82afa4bcedfcc2b811a3d8c90750bdfca7f9f9ab735fd4f4c27e012b1eec15fa140c4b1e7dabc1d4d11b794b393698644a8ec309a14937a6e9c1a05508f3034e1c8d9d0e250519445ccd403296b6bcd7ac10e2c5e4471cd9f22509f288c10e725b2ae8a112e1b86fa240c6d6bef15020108d95853f1b212b85de1015be2202444e68772a501eb76a923cd8915016c93ae93644f81716af5a5808492debbb9ce215863f02f172fcae10481520495095204d74e9b4230b805c727d68bcc4c6af047e03aebc566557520342a392e858eeda1181e2f823a2e06ae8e3536d6dfe4e211e30db261a02988be0a47738580305dd6a0900c4ac39c0b7c797dc04313625bd5559cbdac4b3d49fea5784d811984865b4794526fababee57d465fd24226eb09f68dfbcac326f62fce447210dc70e2340984eba1a46c54d65509d1d8a9d06e8258ca818bc7e0613863bb871fe4e1c6cb7ceb2477799c9a0f070f048b0ff860c7aa59ca8007e5d12ead6c290f6438cecd7f751ae8e4adcd01a5023b0bddd24ad825ab6fdd661ee19ddbe6e4b1f2c7b8924d206965b7b7affc68bfbca9e88f201bcbf26e5a257093aca82ec1fbdcdb9d2b185bb548916e52fb9cf6d8e4bc0ba773d4e18418cfedbcc54b2b1c63679fa27d9c627dfe40d3f19d6aabb4ba4a2d64c95a8067de962e79a9ca70dd82cc3e25562abc27287ca5d18da8e4d24ec35079c60d8d426c22b98236f44ed74293e32563cf80f5ceba8921dd13c191ac2bef536573833667758d7e995a39018453c936b01a71facf4919d6c31532d20a744f058bb418d2fe1e57fc53a3e02cd90e066768cd6f2fb2e1ea36414c54e03a36530c496b21a802744c54bbb2dfc80bebcdf508b1a4054defecea93acae8737eb7a32d2c9ba838894a6829e2d2e4d743276469566f8b511169db5db6f7c4bfdb4f605d52fda2e8e6ac0fbfcb9a8e25350a556cc3cbeb84291325a95c1b2215accdb4de845f10cd82a59ce053c63cd97d61c3bc7f17a76c333e11942a35b30ca9569d3f0d6039cce1cf83e93da333d14d103584dffaf787ef53588c1a203aeb93e69203aec59bf18ab7953f1d5be051b9f6870c74ae7316577a315f4a45cfbac1942e793677e4d5c2411eb252fc7648a050ab974e7667b5a1a55e8577cb"}}}}, {0xd8, 0x1, @m_sample={0xd4, 0xc, {{0xc, 0x1, 'sample\x00'}, {0x3c, 0x2, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0xfff, 0x3, 0x7, 0x1800000000000000, 0x92}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xd30a}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x40, 0x0, 0xffffffffffffffff, 0x6, 0x2}}]}, {0x84, 0x6, "b86ad6ed864e60cb8d82ecf53b8ddae3c57b56c37e4f98cd7a7fef6f74490f89f5ff8847d0187d62996f68c20df7bb182c05451a82b04d0030bbe23f25bc16d0125f74ec0386260f7f1fac185838b98cd6d60d9e175f75b7307776fab6a20e461636147dcd2258ee529881d23825e0c21113f794485bce4974386dd25a40"}}}}, {0x70, 0x1, @m_csum={0x6c, 0x19, {{0xc, 0x1, 'csum\x00'}, {0x20, 0x2, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x0, 0x7, 0x3, 0x5}, 0x45}}}, {0x38, 0x6, "478512fc0c0533bcbb07405e57c8e2025af45d0e471bea769d413f55f45118883ffb2d84a4072bda80804f1181e14ba935f5ea"}}}}]}, 0x151c}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000) [ 827.426827] binder: 31602:31605 transaction failed 29201/-71, size 0-0 line 2741 [ 827.429977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.430006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.430020] RIP: 0033:0x457569 [ 827.430040] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 827.455371] binder: undelivered TRANSACTION_ERROR: 29201 [ 827.457599] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 08:44:11 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfsno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:11 executing program 5 (fault-call:1 fault-nth:32): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 827.457616] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 827.457627] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 827.457638] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 827.457648] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 827.457658] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 827.547195] FAULT_INJECTION: forcing a failure. [ 827.547195] name failslab, interval 1, probability 0, space 0, times 0 [ 827.566738] CPU: 1 PID: 31611 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 827.574179] 9pnet: Insufficient options for proto=fd [ 827.575270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.575279] Call Trace: [ 827.575308] dump_stack+0x244/0x39d [ 827.575337] ? dump_stack_print_info.cold.1+0x20/0x20 [ 827.575368] should_fail.cold.4+0xa/0x17 [ 827.583569] 9pnet: Insufficient options for proto=fd [ 827.589832] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 827.589851] ? __x64_sys_clone+0xbf/0x150 [ 827.589867] ? do_syscall_64+0x1b9/0x820 [ 827.589884] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.589909] ? zap_class+0x640/0x640 [ 827.632770] ? find_held_lock+0x36/0x1c0 [ 827.636830] ? find_held_lock+0x36/0x1c0 [ 827.640886] ? __lock_is_held+0xb5/0x140 [ 827.644964] ? perf_trace_sched_process_exec+0x860/0x860 [ 827.650414] ? up_write+0x7b/0x220 [ 827.653954] __should_failslab+0x124/0x180 [ 827.658186] should_failslab+0x9/0x14 [ 827.661979] kmem_cache_alloc+0x2be/0x730 [ 827.666138] ? anon_vma_fork+0x13c/0x820 [ 827.670208] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 827.675218] vm_area_dup+0x7a/0x230 [ 827.678853] ? vm_area_alloc+0x1d0/0x1d0 [ 827.682906] ? __vma_link_rb+0x26c/0x370 [ 827.686971] copy_process+0x42a5/0x8770 [ 827.690979] ? __cleanup_sighand+0x70/0x70 [ 827.695213] ? perf_trace_lock_acquire+0x15b/0x800 [ 827.700441] ? print_usage_bug+0xc0/0xc0 [ 827.704513] ? ima_match_policy+0x848/0x1560 [ 827.708915] ? check_preemption_disabled+0x48/0x280 [ 827.713924] ? print_usage_bug+0xc0/0xc0 [ 827.718088] ? kasan_check_read+0x11/0x20 [ 827.722227] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 827.727497] ? __lock_acquire+0x62f/0x4c20 [ 827.731746] ? mark_held_locks+0x130/0x130 [ 827.735981] ? mark_held_locks+0x130/0x130 [ 827.740205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.745730] ? check_preemption_disabled+0x48/0x280 [ 827.750751] ? debug_smp_processor_id+0x1c/0x20 [ 827.755426] ? print_usage_bug+0xc0/0xc0 [ 827.759476] ? check_preemption_disabled+0x48/0x280 [ 827.764484] ? print_usage_bug+0xc0/0xc0 [ 827.768559] ? perf_trace_lock_acquire+0x15b/0x800 [ 827.773492] ? zap_class+0x640/0x640 [ 827.777210] ? __lock_acquire+0x62f/0x4c20 [ 827.781443] ? mark_held_locks+0x130/0x130 [ 827.785671] ? __lock_acquire+0x62f/0x4c20 [ 827.789897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.795437] ? check_preemption_disabled+0x48/0x280 [ 827.800468] ? dput.part.25+0x241/0x860 [ 827.804436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.809974] ? check_preemption_disabled+0x48/0x280 [ 827.814987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.820518] ? mark_held_locks+0x130/0x130 [ 827.824749] ? zap_class+0x640/0x640 [ 827.828455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.833999] ? check_preemption_disabled+0x48/0x280 [ 827.839013] ? debug_smp_processor_id+0x1c/0x20 [ 827.843686] ? perf_trace_lock_acquire+0x15b/0x800 [ 827.848611] ? perf_trace_lock+0x7a0/0x7a0 [ 827.852832] ? find_held_lock+0x36/0x1c0 [ 827.856883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.862423] ? _parse_integer+0x134/0x180 [ 827.866567] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.872093] ? _kstrtoull+0x188/0x250 [ 827.875882] ? _parse_integer+0x180/0x180 [ 827.880019] ? zap_class+0x640/0x640 [ 827.883725] ? lock_release+0xa10/0xa10 [ 827.887694] ? find_held_lock+0x36/0x1c0 [ 827.891747] ? zap_class+0x640/0x640 [ 827.895460] ? get_pid_task+0xd6/0x1a0 [ 827.899337] ? lock_downgrade+0x900/0x900 [ 827.903477] ? check_preemption_disabled+0x48/0x280 [ 827.908501] ? find_held_lock+0x36/0x1c0 [ 827.912574] ? __f_unlock_pos+0x19/0x20 [ 827.916544] ? lock_downgrade+0x900/0x900 [ 827.920689] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.926232] ? proc_fail_nth_write+0x9e/0x210 [ 827.930738] ? proc_cwd_link+0x1d0/0x1d0 [ 827.934805] ? find_held_lock+0x36/0x1c0 [ 827.938880] _do_fork+0x1cb/0x11c0 [ 827.942421] ? fork_idle+0x1d0/0x1d0 [ 827.946129] ? __lock_is_held+0xb5/0x140 [ 827.950189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.955716] ? check_preemption_disabled+0x48/0x280 [ 827.960725] ? __sb_end_write+0xd9/0x110 [ 827.964792] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.970324] ? fput+0x130/0x1a0 [ 827.973596] ? do_syscall_64+0x9a/0x820 [ 827.977562] ? do_syscall_64+0x9a/0x820 [ 827.981532] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 827.986107] ? trace_hardirqs_on+0xbd/0x310 [ 827.990424] ? __ia32_sys_read+0xb0/0xb0 [ 827.994490] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.999852] ? trace_hardirqs_off_caller+0x300/0x300 [ 828.004948] __x64_sys_clone+0xbf/0x150 [ 828.008919] do_syscall_64+0x1b9/0x820 [ 828.012816] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 828.018177] ? syscall_return_slowpath+0x5e0/0x5e0 [ 828.023096] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.027929] ? trace_hardirqs_on_caller+0x310/0x310 [ 828.032938] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 828.037948] ? prepare_exit_to_usermode+0x291/0x3b0 [ 828.042958] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.047796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.052971] RIP: 0033:0x457569 [ 828.056162] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 828.075065] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 828.082778] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 828.090043] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 08:44:11 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xedc000000000}}) 08:44:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:11 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 08:44:11 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfgno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:11 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@reserved}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) timer_create(0x6, &(0x7f0000000140)={0x0, 0x27, 0x4, @tid=r0}, &(0x7f0000000240)) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x400000, 0x0) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000340)) r4 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0x401, 0x8000) connect$vsock_dgram(r4, &(0x7f00000002c0)={0x28, 0x0, 0xffffffff}, 0xfffffffffffffef6) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) prctl$seccomp(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x2, 0x0, 0x3, 0x80000001}]}) ioctl$SG_GET_TIMEOUT(r4, 0x2202, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(r1, 0x0, &(0x7f0000000200)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) [ 828.097302] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 828.104562] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 828.111820] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:11 executing program 5 (fault-call:1 fault-nth:33): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 828.204929] 9pnet: Insufficient options for proto=fd [ 828.213004] binder: 31623:31629 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 828.220159] 9pnet: Insufficient options for proto=fd [ 828.243075] binder: 31623:31629 got reply transaction with no transaction stack 08:44:11 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x4400, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000018) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getgid() write$P9_RGETATTR(r3, &(0x7f0000000340)={0xa0, 0x19, 0x2, {0x1, {0xa0, 0x4, 0x2}, 0x8, r4, r5, 0x4fc, 0x5, 0x6, 0x6, 0x3f, 0xfffffffffffffff8, 0xffff, 0x7fffffff, 0x7, 0x7, 0x9, 0x7, 0xdc46, 0x8, 0x9}}, 0xa0) 08:44:11 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfqno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:11 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 828.252195] binder: 31623:31629 transaction failed 29201/-71, size 100663296-0 line 2741 [ 828.264746] FAULT_INJECTION: forcing a failure. [ 828.264746] name failslab, interval 1, probability 0, space 0, times 0 [ 828.302599] binder: undelivered TRANSACTION_ERROR: 29201 [ 828.325465] CPU: 1 PID: 31633 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 828.333989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.343352] Call Trace: [ 828.345978] dump_stack+0x244/0x39d [ 828.349626] ? dump_stack_print_info.cold.1+0x20/0x20 [ 828.354845] should_fail.cold.4+0xa/0x17 [ 828.358927] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 828.364047] ? debug_smp_processor_id+0x1c/0x20 [ 828.368736] ? perf_trace_lock_acquire+0x15b/0x800 [ 828.373680] ? kasan_kmalloc+0xc7/0xe0 [ 828.377577] ? kasan_slab_alloc+0x12/0x20 [ 828.381744] ? zap_class+0x640/0x640 [ 828.385487] ? find_held_lock+0x36/0x1c0 [ 828.389565] ? __lock_is_held+0xb5/0x140 [ 828.391051] 9pnet: Insufficient options for proto=fd [ 828.393657] ? perf_trace_sched_process_exec+0x860/0x860 [ 828.393674] ? copy_process+0x4550/0x8770 [ 828.393699] ? lock_downgrade+0x900/0x900 [ 828.412537] __should_failslab+0x124/0x180 [ 828.416792] should_failslab+0x9/0x14 [ 828.420642] kmem_cache_alloc+0x2be/0x730 [ 828.424815] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 828.429853] vm_area_dup+0x7a/0x230 [ 828.433495] ? vm_area_alloc+0x1d0/0x1d0 [ 828.437590] copy_process+0x42a5/0x8770 [ 828.441618] ? __cleanup_sighand+0x70/0x70 [ 828.445882] ? perf_trace_lock_acquire+0x15b/0x800 [ 828.450833] ? print_usage_bug+0xc0/0xc0 [ 828.454919] ? ima_match_policy+0x848/0x1560 [ 828.459341] ? check_preemption_disabled+0x48/0x280 [ 828.464372] ? print_usage_bug+0xc0/0xc0 [ 828.468462] ? kasan_check_read+0x11/0x20 [ 828.472630] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 828.477935] ? __lock_acquire+0x62f/0x4c20 [ 828.482211] ? mark_held_locks+0x130/0x130 [ 828.486477] ? mark_held_locks+0x130/0x130 [ 828.490733] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.496285] ? check_preemption_disabled+0x48/0x280 [ 828.501420] ? debug_smp_processor_id+0x1c/0x20 [ 828.506105] ? print_usage_bug+0xc0/0xc0 [ 828.510183] ? check_preemption_disabled+0x48/0x280 [ 828.515221] ? print_usage_bug+0xc0/0xc0 [ 828.519309] ? perf_trace_lock_acquire+0x15b/0x800 [ 828.524259] ? zap_class+0x640/0x640 [ 828.528014] ? __lock_acquire+0x62f/0x4c20 [ 828.531720] 9pnet: Insufficient options for proto=fd [ 828.532274] ? mark_held_locks+0x130/0x130 [ 828.541604] ? __lock_acquire+0x62f/0x4c20 [ 828.545858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.551421] ? check_preemption_disabled+0x48/0x280 [ 828.556453] ? dput.part.25+0x241/0x860 [ 828.560444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.565997] ? check_preemption_disabled+0x48/0x280 [ 828.571027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.571053] ? mark_held_locks+0x130/0x130 [ 828.571083] ? zap_class+0x640/0x640 [ 828.580840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.580857] ? check_preemption_disabled+0x48/0x280 [ 828.580879] ? debug_smp_processor_id+0x1c/0x20 08:44:12 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:12 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 08:44:12 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 828.580897] ? perf_trace_lock_acquire+0x15b/0x800 [ 828.580924] ? perf_trace_lock+0x7a0/0x7a0 [ 828.580942] ? find_held_lock+0x36/0x1c0 [ 828.613218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.618748] ? _parse_integer+0x134/0x180 [ 828.622904] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 828.628455] ? _kstrtoull+0x188/0x250 [ 828.632259] ? _parse_integer+0x180/0x180 [ 828.636420] ? zap_class+0x640/0x640 [ 828.640139] ? lock_release+0xa10/0xa10 [ 828.644107] ? find_held_lock+0x36/0x1c0 [ 828.648159] ? zap_class+0x640/0x640 [ 828.651870] ? get_pid_task+0xd6/0x1a0 [ 828.655758] ? lock_downgrade+0x900/0x900 [ 828.659905] ? check_preemption_disabled+0x48/0x280 [ 828.664928] ? find_held_lock+0x36/0x1c0 [ 828.669014] ? __f_unlock_pos+0x19/0x20 [ 828.672979] ? lock_downgrade+0x900/0x900 [ 828.677134] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 828.682686] ? proc_fail_nth_write+0x9e/0x210 [ 828.687190] ? proc_cwd_link+0x1d0/0x1d0 [ 828.691248] ? find_held_lock+0x36/0x1c0 [ 828.695306] _do_fork+0x1cb/0x11c0 [ 828.698861] ? fork_idle+0x1d0/0x1d0 [ 828.702581] ? __lock_is_held+0xb5/0x140 [ 828.706648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.712208] ? check_preemption_disabled+0x48/0x280 [ 828.717231] ? __sb_end_write+0xd9/0x110 [ 828.721290] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 828.726833] ? fput+0x130/0x1a0 [ 828.730117] ? do_syscall_64+0x9a/0x820 [ 828.734080] ? do_syscall_64+0x9a/0x820 [ 828.738045] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 828.742638] ? trace_hardirqs_on+0xbd/0x310 [ 828.746955] ? __ia32_sys_read+0xb0/0xb0 [ 828.751031] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.756414] ? trace_hardirqs_off_caller+0x300/0x300 [ 828.761526] __x64_sys_clone+0xbf/0x150 [ 828.765510] do_syscall_64+0x1b9/0x820 [ 828.769408] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 828.774773] ? syscall_return_slowpath+0x5e0/0x5e0 [ 828.779695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.784552] ? trace_hardirqs_on_caller+0x310/0x310 [ 828.789574] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 828.794581] ? prepare_exit_to_usermode+0x291/0x3b0 [ 828.799589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.804433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.809657] RIP: 0033:0x457569 [ 828.812845] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 828.831742] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 828.839567] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 828.846842] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 828.854110] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 828.861381] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 828.868644] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:12 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:12 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfVno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 08:44:12 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2000000000000000}}) 08:44:12 executing program 5 (fault-call:1 fault-nth:34): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 829.045044] FAULT_INJECTION: forcing a failure. [ 829.045044] name failslab, interval 1, probability 0, space 0, times 0 [ 829.068351] 9pnet: Insufficient options for proto=fd [ 829.073936] CPU: 1 PID: 31661 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 829.082446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.091810] Call Trace: 08:44:12 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 829.094431] dump_stack+0x244/0x39d [ 829.098088] ? dump_stack_print_info.cold.1+0x20/0x20 [ 829.103303] ? lock_downgrade+0x900/0x900 [ 829.107471] ? check_preemption_disabled+0x48/0x280 [ 829.112516] should_fail.cold.4+0xa/0x17 [ 829.116596] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 829.121712] ? unwind_dump+0x190/0x190 [ 829.125634] ? is_bpf_text_address+0xd3/0x170 [ 829.130150] ? kernel_text_address+0x79/0xf0 [ 829.134587] ? __kernel_text_address+0xd/0x40 [ 829.139096] ? unwind_get_return_address+0x61/0xa0 [ 829.144045] ? __save_stack_trace+0x8d/0xf0 [ 829.148414] ? save_stack+0xa9/0xd0 [ 829.152064] ? save_stack+0x43/0xd0 [ 829.155704] ? kasan_kmalloc+0xc7/0xe0 [ 829.159603] ? kasan_slab_alloc+0x12/0x20 [ 829.163765] ? kmem_cache_alloc+0x12e/0x730 [ 829.168104] ? vm_area_dup+0x7a/0x230 [ 829.171748] binder: 31660:31665 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 829.171913] ? copy_process+0x42a5/0x8770 [ 829.171932] ? __x64_sys_clone+0xbf/0x150 [ 829.185170] binder: 31660:31665 got reply transaction with no transaction stack [ 829.188272] ? do_syscall_64+0x1b9/0x820 [ 829.188290] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.188314] ? percpu_ref_put_many+0x11c/0x260 [ 829.188338] __should_failslab+0x124/0x180 [ 829.188360] should_failslab+0x9/0x14 [ 829.188380] kmem_cache_alloc+0x47/0x730 [ 829.198907] binder: 31660:31665 transaction failed 29201/-71, size 24576-0 line 2741 [ 829.199896] ? rcu_softirq_qs+0x20/0x20 [ 829.199919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.199943] anon_vma_clone+0x140/0x710 [ 829.199970] ? unlink_anon_vmas+0xa60/0xa60 [ 829.199992] ? dup_userfaultfd+0x6d8/0x890 [ 829.209988] binder: undelivered TRANSACTION_ERROR: 29201 [ 829.214151] anon_vma_fork+0xf4/0x820 [ 829.214183] ? anon_vma_clone+0x710/0x710 [ 829.214202] ? vm_area_dup+0x1a8/0x230 [ 829.214218] ? vm_area_alloc+0x1d0/0x1d0 [ 829.214244] copy_process+0x47cc/0x8770 [ 829.277246] ? __cleanup_sighand+0x70/0x70 [ 829.281486] ? perf_trace_lock_acquire+0x15b/0x800 [ 829.286416] ? print_usage_bug+0xc0/0xc0 [ 829.290476] ? ima_match_policy+0x848/0x1560 [ 829.294876] ? check_preemption_disabled+0x48/0x280 [ 829.299901] ? print_usage_bug+0xc0/0xc0 [ 829.303967] ? kasan_check_read+0x11/0x20 [ 829.308121] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 829.313417] ? __lock_acquire+0x62f/0x4c20 [ 829.317684] ? mark_held_locks+0x130/0x130 [ 829.321934] ? mark_held_locks+0x130/0x130 [ 829.326183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.331726] ? check_preemption_disabled+0x48/0x280 [ 829.336745] ? debug_smp_processor_id+0x1c/0x20 [ 829.341417] ? print_usage_bug+0xc0/0xc0 [ 829.345471] ? check_preemption_disabled+0x48/0x280 [ 829.350484] ? print_usage_bug+0xc0/0xc0 [ 829.354566] ? perf_trace_lock_acquire+0x15b/0x800 [ 829.359491] ? zap_class+0x640/0x640 [ 829.363207] ? __lock_acquire+0x62f/0x4c20 [ 829.367437] ? mark_held_locks+0x130/0x130 [ 829.371671] ? __lock_acquire+0x62f/0x4c20 [ 829.375911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.381437] ? check_preemption_disabled+0x48/0x280 [ 829.386441] ? dput.part.25+0x241/0x860 [ 829.390413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.395944] ? check_preemption_disabled+0x48/0x280 [ 829.400952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.406484] ? mark_held_locks+0x130/0x130 [ 829.410734] ? zap_class+0x640/0x640 [ 829.414439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.419965] ? check_preemption_disabled+0x48/0x280 [ 829.424985] ? debug_smp_processor_id+0x1c/0x20 [ 829.429680] ? perf_trace_lock_acquire+0x15b/0x800 [ 829.434607] ? perf_trace_lock+0x7a0/0x7a0 [ 829.438838] ? find_held_lock+0x36/0x1c0 [ 829.442932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.448486] ? _parse_integer+0x134/0x180 [ 829.452655] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 829.458220] ? _kstrtoull+0x188/0x250 [ 829.462027] ? _parse_integer+0x180/0x180 [ 829.466164] ? zap_class+0x640/0x640 [ 829.469904] ? lock_release+0xa10/0xa10 [ 829.473873] ? find_held_lock+0x36/0x1c0 [ 829.477928] ? zap_class+0x640/0x640 [ 829.481653] ? get_pid_task+0xd6/0x1a0 [ 829.485537] ? lock_downgrade+0x900/0x900 [ 829.489680] ? check_preemption_disabled+0x48/0x280 [ 829.494711] ? find_held_lock+0x36/0x1c0 [ 829.498790] ? __f_unlock_pos+0x19/0x20 [ 829.502775] ? lock_downgrade+0x900/0x900 [ 829.506928] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 829.512467] ? proc_fail_nth_write+0x9e/0x210 [ 829.516971] ? proc_cwd_link+0x1d0/0x1d0 [ 829.521030] ? find_held_lock+0x36/0x1c0 [ 829.525106] _do_fork+0x1cb/0x11c0 [ 829.528654] ? fork_idle+0x1d0/0x1d0 [ 829.532391] ? __lock_is_held+0xb5/0x140 [ 829.536458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.542001] ? check_preemption_disabled+0x48/0x280 [ 829.547031] ? __sb_end_write+0xd9/0x110 [ 829.551127] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 829.556654] ? fput+0x130/0x1a0 [ 829.559940] ? do_syscall_64+0x9a/0x820 [ 829.563920] ? do_syscall_64+0x9a/0x820 [ 829.567892] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 829.572503] ? trace_hardirqs_on+0xbd/0x310 [ 829.576839] ? __ia32_sys_read+0xb0/0xb0 [ 829.580923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.586297] ? trace_hardirqs_off_caller+0x300/0x300 [ 829.591419] __x64_sys_clone+0xbf/0x150 [ 829.595420] do_syscall_64+0x1b9/0x820 [ 829.599308] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 829.604676] ? syscall_return_slowpath+0x5e0/0x5e0 [ 829.609604] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 829.614453] ? trace_hardirqs_on_caller+0x310/0x310 [ 829.619489] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 829.624511] ? prepare_exit_to_usermode+0x291/0x3b0 [ 829.629536] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 829.634382] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.639571] RIP: 0033:0x457569 [ 829.642756] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 829.661665] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 829.669373] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 829.676647] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 829.683917] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 829.691188] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 829.698621] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 829.710980] 9pnet: Insufficient options for proto=fd 08:44:13 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) gettid() timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x2, 0x0) ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000340)=""/198) tkill(r0, 0x1004000000016) 08:44:13 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 08:44:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:13 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Ifdno', 0x3d, r0}}) 08:44:13 executing program 5 (fault-call:1 fault-nth:35): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:13 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 829.859054] 9pnet: Insufficient options for proto=fd [ 829.866029] FAULT_INJECTION: forcing a failure. [ 829.866029] name failslab, interval 1, probability 0, space 0, times 0 [ 829.866323] binder: 31679:31686 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 829.885772] binder: 31679:31686 got reply transaction with no transaction stack [ 829.893468] binder: 31679:31686 transaction failed 29201/-71, size 116-0 line 2741 [ 829.902888] 9pnet: Insufficient options for proto=fd 08:44:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 829.910896] binder: undelivered TRANSACTION_ERROR: 29201 [ 829.923915] CPU: 0 PID: 31685 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 829.932440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.941808] Call Trace: [ 829.944429] dump_stack+0x244/0x39d [ 829.948084] ? dump_stack_print_info.cold.1+0x20/0x20 [ 829.953294] ? __kernel_text_address+0xd/0x40 08:44:13 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Qfdno', 0x3d, r0}}) [ 829.957818] should_fail.cold.4+0xa/0x17 [ 829.961901] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 829.967022] ? perf_trace_lock+0x7a0/0x7a0 [ 829.971282] ? save_stack+0xa9/0xd0 [ 829.974927] ? kasan_kmalloc+0xc7/0xe0 [ 829.978824] ? kasan_slab_alloc+0x12/0x20 [ 829.982989] ? kmem_cache_alloc+0x12e/0x730 [ 829.987326] ? zap_class+0x640/0x640 [ 829.987606] binder: 31691:31692 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 829.991059] ? _do_fork+0x1cb/0x11c0 [ 829.991079] ? do_syscall_64+0x1b9/0x820 [ 829.991097] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.991125] ? percpu_ref_put_many+0x11c/0x260 [ 830.008532] binder: 31691:31692 got reply transaction with no transaction stack [ 830.012306] ? lock_downgrade+0x900/0x900 [ 830.012330] ? __lock_is_held+0xb5/0x140 [ 830.012351] ? lock_acquire+0x1ed/0x520 [ 830.012371] ? anon_vma_clone+0x1a9/0x710 [ 830.024059] binder: 31691:31692 transaction failed 29201/-71, size 4294966781-0 line 2741 [ 830.024416] ? lock_release+0xa10/0xa10 [ 830.034612] 9pnet: Insufficient options for proto=fd 08:44:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 830.036576] ? perf_trace_sched_process_exec+0x860/0x860 [ 830.036601] ? __lock_is_held+0xb5/0x140 [ 830.036628] __should_failslab+0x124/0x180 [ 830.036651] should_failslab+0x9/0x14 [ 830.036676] kmem_cache_alloc+0x47/0x730 [ 830.036704] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 830.043839] binder: undelivered TRANSACTION_ERROR: 29201 [ 830.049171] anon_vma_clone+0x140/0x710 [ 830.049201] ? unlink_anon_vmas+0xa60/0xa60 [ 830.049224] ? dup_userfaultfd+0x6d8/0x890 [ 830.049245] anon_vma_fork+0xf4/0x820 [ 830.049266] ? anon_vma_clone+0x710/0x710 [ 830.076118] 9pnet: Insufficient options for proto=fd [ 830.079888] ? vm_area_dup+0x1a8/0x230 [ 830.079913] ? vm_area_alloc+0x1d0/0x1d0 [ 830.090838] copy_process+0x47cc/0x8770 [ 830.099132] ? __cleanup_sighand+0x70/0x70 [ 830.099158] ? perf_trace_lock_acquire+0x15b/0x800 [ 830.099179] ? print_usage_bug+0xc0/0xc0 [ 830.099201] ? ima_match_policy+0x848/0x1560 [ 830.099219] ? check_preemption_disabled+0x48/0x280 [ 830.099239] ? print_usage_bug+0xc0/0xc0 [ 830.155074] ? kasan_check_read+0x11/0x20 [ 830.155967] binder: 31697:31698 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 830.159239] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 830.159265] ? __lock_acquire+0x62f/0x4c20 [ 830.159302] ? mark_held_locks+0x130/0x130 [ 830.159331] ? mark_held_locks+0x130/0x130 [ 830.174011] binder: 31697:31698 got reply transaction with no transaction stack [ 830.176905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.176924] ? check_preemption_disabled+0x48/0x280 [ 830.176946] ? debug_smp_processor_id+0x1c/0x20 [ 830.176968] ? print_usage_bug+0xc0/0xc0 [ 830.176984] ? check_preemption_disabled+0x48/0x280 [ 830.177001] ? print_usage_bug+0xc0/0xc0 [ 830.177028] ? perf_trace_lock_acquire+0x15b/0x800 [ 830.181991] binder: 31697:31698 transaction failed 29201/-71, size 4-0 line 2741 [ 830.185483] ? zap_class+0x640/0x640 [ 830.185525] ? __lock_acquire+0x62f/0x4c20 [ 830.185557] ? mark_held_locks+0x130/0x130 [ 830.185580] ? __lock_acquire+0x62f/0x4c20 [ 830.185599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.195896] binder: undelivered TRANSACTION_ERROR: 29201 [ 830.198572] ? check_preemption_disabled+0x48/0x280 [ 830.198591] ? dput.part.25+0x241/0x860 [ 830.198609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.198627] ? check_preemption_disabled+0x48/0x280 [ 830.280638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.286214] ? mark_held_locks+0x130/0x130 [ 830.290463] ? zap_class+0x640/0x640 [ 830.294178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.299729] ? check_preemption_disabled+0x48/0x280 [ 830.304761] ? debug_smp_processor_id+0x1c/0x20 [ 830.309432] ? perf_trace_lock_acquire+0x15b/0x800 [ 830.314355] ? perf_trace_lock+0x7a0/0x7a0 [ 830.318580] ? find_held_lock+0x36/0x1c0 [ 830.322633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.328161] ? _parse_integer+0x134/0x180 [ 830.332308] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 830.337954] ? _kstrtoull+0x188/0x250 [ 830.341747] ? _parse_integer+0x180/0x180 [ 830.345891] ? zap_class+0x640/0x640 [ 830.349600] ? lock_release+0xa10/0xa10 [ 830.353570] ? find_held_lock+0x36/0x1c0 [ 830.357624] ? zap_class+0x640/0x640 [ 830.361332] ? get_pid_task+0xd6/0x1a0 [ 830.365209] ? lock_downgrade+0x900/0x900 [ 830.369345] ? check_preemption_disabled+0x48/0x280 [ 830.374364] ? find_held_lock+0x36/0x1c0 [ 830.378451] ? __f_unlock_pos+0x19/0x20 [ 830.382443] ? lock_downgrade+0x900/0x900 [ 830.386600] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 830.392133] ? proc_fail_nth_write+0x9e/0x210 [ 830.396621] ? proc_cwd_link+0x1d0/0x1d0 [ 830.400683] ? find_held_lock+0x36/0x1c0 [ 830.404739] _do_fork+0x1cb/0x11c0 [ 830.408274] ? fork_idle+0x1d0/0x1d0 [ 830.411986] ? __lock_is_held+0xb5/0x140 [ 830.416043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.421579] ? check_preemption_disabled+0x48/0x280 [ 830.426595] ? __sb_end_write+0xd9/0x110 [ 830.430653] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 830.436194] ? fput+0x130/0x1a0 [ 830.439468] ? do_syscall_64+0x9a/0x820 [ 830.443440] ? do_syscall_64+0x9a/0x820 [ 830.447427] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 830.452005] ? trace_hardirqs_on+0xbd/0x310 [ 830.456319] ? __ia32_sys_read+0xb0/0xb0 [ 830.460382] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.465763] ? trace_hardirqs_off_caller+0x300/0x300 [ 830.470879] __x64_sys_clone+0xbf/0x150 [ 830.474848] do_syscall_64+0x1b9/0x820 [ 830.478731] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 830.484110] ? syscall_return_slowpath+0x5e0/0x5e0 [ 830.489034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 830.493869] ? trace_hardirqs_on_caller+0x310/0x310 [ 830.498890] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 830.503912] ? prepare_exit_to_usermode+0x291/0x3b0 [ 830.508923] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 830.513764] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.518944] RIP: 0033:0x457569 [ 830.522131] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 830.541027] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 830.548736] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 830.556006] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 830.563265] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 830.570530] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 830.577807] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:14 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x600000000000000}}) 08:44:14 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'bfdno', 0x3d, r0}}) 08:44:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:14 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x2}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000240)={r4, 0x7}, &(0x7f0000000280)=0x8) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) ioctl$KVM_SET_NR_MMU_PAGES(r3, 0xae44, 0x0) r5 = semget(0x1, 0x3, 0x40) semctl$GETALL(r5, 0x0, 0xd, &(0x7f0000000340)=""/188) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:14 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 08:44:14 executing program 5 (fault-call:1 fault-nth:36): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 830.666121] binder: 31706:31709 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 830.677352] binder: 31706:31709 got reply transaction with no transaction stack [ 830.685074] binder: 31706:31709 transaction failed 29201/-71, size 216172782113783808-0 line 2741 [ 830.702367] 9pnet: Insufficient options for proto=fd [ 830.703972] binder: undelivered TRANSACTION_ERROR: 29201 08:44:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 830.729556] 9pnet: Insufficient options for proto=fd 08:44:14 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'qfdno', 0x3d, r0}}) 08:44:14 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 830.765949] FAULT_INJECTION: forcing a failure. [ 830.765949] name failslab, interval 1, probability 0, space 0, times 0 [ 830.790299] binder: 31721:31723 transaction failed 29201/-71, size 167772160-0 line 2741 [ 830.805248] CPU: 1 PID: 31716 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 830.813775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.823140] Call Trace: [ 830.825768] dump_stack+0x244/0x39d [ 830.829912] ? dump_stack_print_info.cold.1+0x20/0x20 [ 830.835128] ? __kernel_text_address+0xd/0x40 [ 830.836611] 9pnet: Insufficient options for proto=fd [ 830.839646] ? unwind_get_return_address+0x61/0xa0 [ 830.839672] should_fail.cold.4+0xa/0x17 [ 830.839693] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 830.839716] ? save_stack+0xa9/0xd0 [ 830.839734] ? kasan_kmalloc+0xc7/0xe0 [ 830.866428] ? kasan_slab_alloc+0x12/0x20 [ 830.867359] 9pnet: Insufficient options for proto=fd [ 830.870592] ? kmem_cache_alloc+0x12e/0x730 [ 830.870609] ? anon_vma_clone+0x140/0x710 [ 830.870624] ? anon_vma_fork+0xf4/0x820 [ 830.870640] ? copy_process+0x47cc/0x8770 [ 830.870653] ? _do_fork+0x1cb/0x11c0 [ 830.870677] ? do_syscall_64+0x1b9/0x820 [ 830.900120] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.905509] ? percpu_ref_put_many+0x11c/0x260 [ 830.910109] ? lock_downgrade+0x900/0x900 [ 830.914268] ? check_preemption_disabled+0x48/0x280 [ 830.919307] ? kasan_check_read+0x11/0x20 [ 830.923473] ? zap_class+0x640/0x640 [ 830.927210] ? rcu_softirq_qs+0x20/0x20 [ 830.931211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.936762] ? check_preemption_disabled+0x48/0x280 [ 830.941812] ? __lock_is_held+0xb5/0x140 [ 830.945902] __should_failslab+0x124/0x180 [ 830.950157] should_failslab+0x9/0x14 [ 830.953983] kmem_cache_alloc+0x47/0x730 [ 830.958066] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 830.963538] anon_vma_clone+0x140/0x710 [ 830.967539] ? unlink_anon_vmas+0xa60/0xa60 [ 830.971882] ? dup_userfaultfd+0x6d8/0x890 [ 830.976139] anon_vma_fork+0xf4/0x820 [ 830.979965] ? anon_vma_clone+0x710/0x710 [ 830.984128] ? vm_area_dup+0x1a8/0x230 [ 830.988036] ? vm_area_alloc+0x1d0/0x1d0 [ 830.992122] copy_process+0x47cc/0x8770 [ 830.996152] ? __cleanup_sighand+0x70/0x70 [ 831.000433] ? perf_trace_lock_acquire+0x15b/0x800 [ 831.005388] ? print_usage_bug+0xc0/0xc0 [ 831.005709] 9pnet: Insufficient options for proto=fd [ 831.009483] ? ima_match_policy+0x848/0x1560 [ 831.009504] ? check_preemption_disabled+0x48/0x280 [ 831.009524] ? print_usage_bug+0xc0/0xc0 [ 831.009544] ? kasan_check_read+0x11/0x20 [ 831.009570] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 831.029599] 9pnet: Insufficient options for proto=fd [ 831.032292] ? __lock_acquire+0x62f/0x4c20 [ 831.032332] ? mark_held_locks+0x130/0x130 [ 831.032372] ? mark_held_locks+0x130/0x130 [ 831.055459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.061023] ? check_preemption_disabled+0x48/0x280 [ 831.066058] ? debug_smp_processor_id+0x1c/0x20 [ 831.070744] ? print_usage_bug+0xc0/0xc0 [ 831.074815] ? check_preemption_disabled+0x48/0x280 [ 831.079847] ? print_usage_bug+0xc0/0xc0 [ 831.083941] ? perf_trace_lock_acquire+0x15b/0x800 [ 831.088884] ? zap_class+0x640/0x640 [ 831.092631] ? __lock_acquire+0x62f/0x4c20 [ 831.096900] ? mark_held_locks+0x130/0x130 [ 831.101160] ? __lock_acquire+0x62f/0x4c20 [ 831.105432] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.110987] ? check_preemption_disabled+0x48/0x280 08:44:14 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:14 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Tfdno', 0x3d, r0}}) 08:44:14 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 831.116018] ? dput.part.25+0x241/0x860 [ 831.120011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.125553] ? check_preemption_disabled+0x48/0x280 [ 831.130562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.136097] ? mark_held_locks+0x130/0x130 [ 831.140330] ? zap_class+0x640/0x640 [ 831.144037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.149564] ? check_preemption_disabled+0x48/0x280 [ 831.154573] ? debug_smp_processor_id+0x1c/0x20 [ 831.159233] ? perf_trace_lock_acquire+0x15b/0x800 [ 831.164157] ? perf_trace_lock+0x7a0/0x7a0 [ 831.168383] ? find_held_lock+0x36/0x1c0 [ 831.172456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.177983] ? _parse_integer+0x134/0x180 [ 831.182127] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 831.187665] ? _kstrtoull+0x188/0x250 [ 831.191469] ? _parse_integer+0x180/0x180 [ 831.195612] ? zap_class+0x640/0x640 [ 831.199319] ? lock_release+0xa10/0xa10 [ 831.203286] ? find_held_lock+0x36/0x1c0 [ 831.207338] ? zap_class+0x640/0x640 [ 831.211047] ? print_usage_bug+0xc0/0xc0 [ 831.215106] ? lock_downgrade+0x900/0x900 [ 831.219265] ? check_preemption_disabled+0x48/0x280 [ 831.224293] ? find_held_lock+0x36/0x1c0 [ 831.228359] ? __f_unlock_pos+0x19/0x20 [ 831.232352] ? lock_downgrade+0x900/0x900 [ 831.236492] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 831.241242] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 831.245813] ? retint_kernel+0x2d/0x2d [ 831.249692] ? trace_hardirqs_on_caller+0xc0/0x310 [ 831.254629] ? find_held_lock+0x36/0x1c0 [ 831.258688] _do_fork+0x1cb/0x11c0 [ 831.262235] ? fork_idle+0x1d0/0x1d0 [ 831.265956] ? __lock_is_held+0xb5/0x140 [ 831.270034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.275573] ? check_preemption_disabled+0x48/0x280 [ 831.280606] ? __sb_end_write+0xd9/0x110 [ 831.284674] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 831.290225] ? fput+0x130/0x1a0 [ 831.293511] ? do_syscall_64+0x9a/0x820 [ 831.297486] ? do_syscall_64+0x9a/0x820 [ 831.301455] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 831.306069] ? trace_hardirqs_on+0xbd/0x310 [ 831.310408] ? __ia32_sys_read+0xb0/0xb0 [ 831.314476] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.319845] ? trace_hardirqs_off_caller+0x300/0x300 [ 831.324969] __x64_sys_clone+0xbf/0x150 [ 831.328960] do_syscall_64+0x1b9/0x820 [ 831.332840] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 831.338200] ? syscall_return_slowpath+0x5e0/0x5e0 [ 831.343120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 831.347958] ? trace_hardirqs_on_caller+0x310/0x310 [ 831.352965] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 831.357974] ? prepare_exit_to_usermode+0x291/0x3b0 [ 831.362999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 831.367838] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.373016] RIP: 0033:0x457569 [ 831.376209] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 831.395128] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 831.402855] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 831.410118] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 831.417382] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 831.424669] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 831.431952] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 831.442446] binder: 31721:31723 transaction failed 29201/-71, size 167772160-0 line 2741 [ 831.442729] binder: undelivered TRANSACTION_ERROR: 29201 [ 831.459919] binder: undelivered TRANSACTION_ERROR: 29201 08:44:15 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xfeffffff00000000}}) 08:44:15 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Vfdno', 0x3d, r0}}) [ 831.541484] 9pnet: Insufficient options for proto=fd [ 831.549604] 9pnet: Insufficient options for proto=fd 08:44:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:15 executing program 5 (fault-call:1 fault-nth:37): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:15 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 08:44:15 executing program 4: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x42000, 0x0) write$P9_RRENAME(r0, &(0x7f0000000100)={0x7, 0x15, 0x2}, 0x7) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) getpeername$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x1d, r4}, 0x10, &(0x7f00000003c0)={&(0x7f0000000340)={0x5, 0x80, 0x2, {}, {r5, r6/1000+10000}, {0x4, 0x3f, 0x0, 0x7fffffff}, 0x1, @canfd={{0x3, 0x78, 0x2, 0x2}, 0x11, 0x0, 0x0, 0x0, "5a7f23f9d59fc4cc04e95ff44fccbdf53300f05902a311307bf6be732dc78a96867792673d876c956b12e9840560c035ef8a9c171a708c652281224821cf8498"}}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x4040001) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) write$P9_RLOCK(r0, &(0x7f0000000440)={0x8, 0x35, 0x1, 0x3}, 0x8) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r1, 0x1004000000016) 08:44:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'sfdno', 0x3d, r0}}) [ 831.642332] binder: 31754:31755 transaction failed 29201/-71, size 72-0 line 2741 [ 831.665649] FAULT_INJECTION: forcing a failure. [ 831.665649] name failslab, interval 1, probability 0, space 0, times 0 [ 831.671282] binder: undelivered TRANSACTION_ERROR: 29201 [ 831.684654] 9pnet: Insufficient options for proto=fd [ 831.694806] CPU: 0 PID: 31759 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 831.703487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 831.712058] 9pnet: Insufficient options for proto=fd [ 831.712844] Call Trace: [ 831.712875] dump_stack+0x244/0x39d [ 831.712904] ? dump_stack_print_info.cold.1+0x20/0x20 [ 831.729391] should_fail.cold.4+0xa/0x17 [ 831.733481] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 831.738589] ? find_held_lock+0x36/0x1c0 [ 831.742662] ? zap_class+0x640/0x640 [ 831.746423] ? lock_downgrade+0x900/0x900 [ 831.746442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.746459] ? check_preemption_disabled+0x48/0x280 [ 831.746481] ? find_held_lock+0x36/0x1c0 [ 831.746506] ? __lock_is_held+0xb5/0x140 [ 831.756244] ? tcf_connmark_init+0x898/0x8e0 [ 831.756278] ? perf_trace_sched_process_exec+0x860/0x860 [ 831.779247] __should_failslab+0x124/0x180 [ 831.783508] should_failslab+0x9/0x14 [ 831.787330] kmem_cache_alloc+0x2be/0x730 08:44:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'ufdno', 0x3d, r0}}) [ 831.791500] ? dup_userfaultfd+0x6d8/0x890 [ 831.795758] anon_vma_fork+0x196/0x820 [ 831.799675] ? anon_vma_clone+0x710/0x710 [ 831.803843] ? vm_area_dup+0x1a8/0x230 [ 831.807752] ? vm_area_alloc+0x1d0/0x1d0 [ 831.811839] copy_process+0x47cc/0x8770 [ 831.812507] 9pnet: Insufficient options for proto=fd [ 831.815862] ? __cleanup_sighand+0x70/0x70 [ 831.815890] ? perf_trace_lock_acquire+0x15b/0x800 [ 831.815914] ? print_usage_bug+0xc0/0xc0 [ 831.815939] ? ima_match_policy+0x848/0x1560 [ 831.815960] ? check_preemption_disabled+0x48/0x280 08:44:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Sfdno', 0x3d, r0}}) [ 831.824322] 9pnet: Insufficient options for proto=fd [ 831.825307] ? print_usage_bug+0xc0/0xc0 [ 831.825328] ? kasan_check_read+0x11/0x20 [ 831.825346] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 831.825369] ? __lock_acquire+0x62f/0x4c20 [ 831.825414] ? mark_held_locks+0x130/0x130 [ 831.825453] ? mark_held_locks+0x130/0x130 [ 831.875082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.880631] ? check_preemption_disabled+0x48/0x280 [ 831.880653] ? debug_smp_processor_id+0x1c/0x20 [ 831.880681] ? print_usage_bug+0xc0/0xc0 [ 831.894424] ? check_preemption_disabled+0x48/0x280 [ 831.899457] ? print_usage_bug+0xc0/0xc0 [ 831.903541] ? perf_trace_lock_acquire+0x15b/0x800 [ 831.908491] ? zap_class+0x640/0x640 [ 831.912248] ? __lock_acquire+0x62f/0x4c20 [ 831.916517] ? mark_held_locks+0x130/0x130 [ 831.920778] ? __lock_acquire+0x62f/0x4c20 [ 831.923225] 9pnet: Insufficient options for proto=fd [ 831.925025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.925045] ? check_preemption_disabled+0x48/0x280 [ 831.925062] ? dput.part.25+0x241/0x860 08:44:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'Rfdno', 0x3d, r0}}) [ 831.925083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.933141] 9pnet: Insufficient options for proto=fd [ 831.935733] ? check_preemption_disabled+0x48/0x280 [ 831.935754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.935781] ? mark_held_locks+0x130/0x130 [ 831.935818] ? zap_class+0x640/0x640 [ 831.935839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.979454] ? check_preemption_disabled+0x48/0x280 [ 831.984493] ? debug_smp_processor_id+0x1c/0x20 [ 831.989180] ? perf_trace_lock_acquire+0x15b/0x800 08:44:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'dfdno', 0x3d, r0}}) [ 831.994133] ? perf_trace_lock+0x7a0/0x7a0 [ 831.998389] ? find_held_lock+0x36/0x1c0 [ 832.002480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.005256] 9pnet: Insufficient options for proto=fd [ 832.008053] ? _parse_integer+0x134/0x180 [ 832.008078] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 832.008100] ? _kstrtoull+0x188/0x250 [ 832.016742] 9pnet: Insufficient options for proto=fd [ 832.017357] ? _parse_integer+0x180/0x180 [ 832.017375] ? zap_class+0x640/0x640 [ 832.017392] ? lock_release+0xa10/0xa10 [ 832.017425] ? find_held_lock+0x36/0x1c0 [ 832.047730] ? zap_class+0x640/0x640 [ 832.051461] ? get_pid_task+0xd6/0x1a0 [ 832.051482] ? lock_downgrade+0x900/0x900 [ 832.051502] ? check_preemption_disabled+0x48/0x280 [ 832.059550] ? find_held_lock+0x36/0x1c0 [ 832.059579] ? __f_unlock_pos+0x19/0x20 [ 832.072614] ? lock_downgrade+0x900/0x900 [ 832.076784] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 832.082512] ? proc_fail_nth_write+0x9e/0x210 [ 832.087024] ? proc_cwd_link+0x1d0/0x1d0 [ 832.091111] ? find_held_lock+0x36/0x1c0 [ 832.093604] 9pnet: Insufficient options for proto=fd [ 832.095195] _do_fork+0x1cb/0x11c0 [ 832.095219] ? fork_idle+0x1d0/0x1d0 [ 832.095240] ? __lock_is_held+0xb5/0x140 [ 832.095265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.095286] ? check_preemption_disabled+0x48/0x280 [ 832.103008] 9pnet: Insufficient options for proto=fd [ 832.103944] ? __sb_end_write+0xd9/0x110 [ 832.103974] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 832.136980] ? fput+0x130/0x1a0 [ 832.140277] ? do_syscall_64+0x9a/0x820 [ 832.144267] ? do_syscall_64+0x9a/0x820 [ 832.148257] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 832.152851] ? trace_hardirqs_on+0xbd/0x310 [ 832.157170] ? __ia32_sys_read+0xb0/0xb0 [ 832.161259] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.166614] ? trace_hardirqs_off_caller+0x300/0x300 [ 832.171724] __x64_sys_clone+0xbf/0x150 [ 832.175708] do_syscall_64+0x1b9/0x820 [ 832.179597] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 832.184968] ? syscall_return_slowpath+0x5e0/0x5e0 [ 832.189890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.194724] ? trace_hardirqs_on_caller+0x310/0x310 [ 832.199732] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 832.204743] ? prepare_exit_to_usermode+0x291/0x3b0 [ 832.209771] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.214614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.219793] RIP: 0033:0x457569 [ 832.222978] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 832.241870] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 832.249566] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 832.256835] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 832.264099] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 832.271366] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 832.278636] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:16 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2010000000000000}}) 08:44:16 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'gfdno', 0x3d, r0}}) 08:44:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:16 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:44:16 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x42000, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000100)={0x0, 0x6}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000240)={r4, 0x100000001}, 0x8) 08:44:16 executing program 5 (fault-call:1 fault-nth:38): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:16 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 832.389750] 9pnet: Insufficient options for proto=fd [ 832.403025] binder_thread_write: 3 callbacks suppressed [ 832.403036] binder: 31786:31794 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 832.418162] FAULT_INJECTION: forcing a failure. [ 832.418162] name failslab, interval 1, probability 0, space 0, times 0 [ 832.425310] binder_transaction: 3 callbacks suppressed [ 832.425345] binder: 31786:31794 got reply transaction with no transaction stack [ 832.433252] 9pnet: Insufficient options for proto=fd [ 832.434952] binder: 31786:31794 transaction failed 29201/-71, size 2305843009213693952-0 line 2741 [ 832.442671] CPU: 1 PID: 31791 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 832.465129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.467887] binder: undelivered TRANSACTION_ERROR: 29201 [ 832.474493] Call Trace: [ 832.474519] dump_stack+0x244/0x39d [ 832.474544] ? dump_stack_print_info.cold.1+0x20/0x20 [ 832.474573] should_fail.cold.4+0xa/0x17 [ 832.474598] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 832.500598] ? save_stack+0xa9/0xd0 [ 832.504246] ? kasan_kmalloc+0xc7/0xe0 [ 832.508149] ? kasan_slab_alloc+0x12/0x20 [ 832.512313] ? kmem_cache_alloc+0x12e/0x730 [ 832.516645] ? anon_vma_fork+0x196/0x820 [ 832.520721] ? copy_process+0x47cc/0x8770 [ 832.524885] ? _do_fork+0x1cb/0x11c0 [ 832.528620] ? zap_class+0x640/0x640 [ 832.532355] ? find_held_lock+0x36/0x1c0 [ 832.536452] ? __lock_is_held+0xb5/0x140 [ 832.540549] ? perf_trace_sched_process_exec+0x860/0x860 [ 832.546028] __should_failslab+0x124/0x180 [ 832.550285] should_failslab+0x9/0x14 [ 832.554100] kmem_cache_alloc+0x2be/0x730 [ 832.558270] ? dup_userfaultfd+0x6d8/0x890 [ 832.562518] ? anon_vma_fork+0x196/0x820 [ 832.566596] anon_vma_fork+0x2c9/0x820 [ 832.570507] ? anon_vma_clone+0x710/0x710 [ 832.574675] ? vm_area_dup+0x1a8/0x230 [ 832.576339] binder: 31804:31806 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 832.578578] ? vm_area_alloc+0x1d0/0x1d0 [ 832.578609] copy_process+0x47cc/0x8770 [ 832.578665] ? __cleanup_sighand+0x70/0x70 [ 832.578694] ? perf_trace_lock_acquire+0x15b/0x800 [ 832.600498] binder: 31804:31806 got reply transaction with no transaction stack [ 832.603939] ? print_usage_bug+0xc0/0xc0 [ 832.603965] ? ima_match_policy+0x848/0x1560 [ 832.603986] ? check_preemption_disabled+0x48/0x280 [ 832.604005] ? print_usage_bug+0xc0/0xc0 [ 832.604025] ? kasan_check_read+0x11/0x20 [ 832.628950] binder: 31804:31806 transaction failed 29201/-71, size 720575940379279360-0 line 2741 [ 832.628991] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 832.646775] binder: undelivered TRANSACTION_ERROR: 29201 [ 832.647430] ? __lock_acquire+0x62f/0x4c20 [ 832.657126] ? mark_held_locks+0x130/0x130 [ 832.661412] ? mark_held_locks+0x130/0x130 [ 832.665664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.671214] ? check_preemption_disabled+0x48/0x280 [ 832.676250] ? debug_smp_processor_id+0x1c/0x20 [ 832.680936] ? print_usage_bug+0xc0/0xc0 [ 832.685011] ? check_preemption_disabled+0x48/0x280 [ 832.690039] ? print_usage_bug+0xc0/0xc0 [ 832.694126] ? perf_trace_lock_acquire+0x15b/0x800 [ 832.699082] ? zap_class+0x640/0x640 [ 832.702841] ? __lock_acquire+0x62f/0x4c20 [ 832.707111] ? mark_held_locks+0x130/0x130 [ 832.711366] ? __lock_acquire+0x62f/0x4c20 [ 832.715625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.721183] ? check_preemption_disabled+0x48/0x280 [ 832.726218] ? dput.part.25+0x241/0x860 [ 832.730213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.735767] ? check_preemption_disabled+0x48/0x280 [ 832.740804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.742385] binder: 31812:31813 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 832.746370] ? mark_held_locks+0x130/0x130 [ 832.746414] ? zap_class+0x640/0x640 [ 832.746433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.746450] ? check_preemption_disabled+0x48/0x280 [ 832.746471] ? debug_smp_processor_id+0x1c/0x20 [ 832.746494] ? perf_trace_lock_acquire+0x15b/0x800 [ 832.760458] binder: 31812:31813 got reply transaction with no transaction stack 08:44:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:16 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 08:44:16 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:16 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 832.762513] ? perf_trace_lock+0x7a0/0x7a0 [ 832.762529] ? find_held_lock+0x36/0x1c0 [ 832.762548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.762569] ? _parse_integer+0x134/0x180 [ 832.808118] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 832.813678] ? _kstrtoull+0x188/0x250 [ 832.817498] ? _parse_integer+0x180/0x180 [ 832.821664] ? zap_class+0x640/0x640 [ 832.825392] ? lock_release+0xa10/0xa10 [ 832.829917] ? find_held_lock+0x36/0x1c0 [ 832.833999] ? zap_class+0x640/0x640 [ 832.837742] ? get_pid_task+0xd6/0x1a0 [ 832.841655] ? lock_downgrade+0x900/0x900 [ 832.845814] ? check_preemption_disabled+0x48/0x280 [ 832.850867] ? find_held_lock+0x36/0x1c0 [ 832.854944] ? __f_unlock_pos+0x19/0x20 [ 832.858927] ? lock_downgrade+0x900/0x900 [ 832.863086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 832.868633] ? proc_fail_nth_write+0x9e/0x210 [ 832.873134] ? proc_cwd_link+0x1d0/0x1d0 [ 832.877220] ? find_held_lock+0x36/0x1c0 [ 832.881294] _do_fork+0x1cb/0x11c0 [ 832.884847] ? fork_idle+0x1d0/0x1d0 [ 832.888575] ? __lock_is_held+0xb5/0x140 [ 832.892652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.898199] ? check_preemption_disabled+0x48/0x280 [ 832.903227] ? __sb_end_write+0xd9/0x110 [ 832.907300] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 832.912847] ? fput+0x130/0x1a0 [ 832.916138] ? do_syscall_64+0x9a/0x820 [ 832.920123] ? do_syscall_64+0x9a/0x820 [ 832.924104] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 832.928696] ? trace_hardirqs_on+0xbd/0x310 [ 832.933023] ? __ia32_sys_read+0xb0/0xb0 [ 832.937092] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.942483] ? trace_hardirqs_off_caller+0x300/0x300 [ 832.947599] __x64_sys_clone+0xbf/0x150 [ 832.951590] do_syscall_64+0x1b9/0x820 [ 832.955486] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 832.960857] ? syscall_return_slowpath+0x5e0/0x5e0 [ 832.965792] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.970645] ? trace_hardirqs_on_caller+0x310/0x310 [ 832.975677] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 832.980709] ? prepare_exit_to_usermode+0x291/0x3b0 [ 832.985740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.990603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.995800] RIP: 0033:0x457569 [ 832.999003] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 833.017914] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 833.025658] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 833.032936] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 833.040220] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 833.047496] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 833.054771] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:16 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x1000000}}) 08:44:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:16 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 08:44:16 executing program 5 (fault-call:1 fault-nth:39): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:16 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'w.dno', 0x3d, r0}}) 08:44:16 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) getsockname(r2, &(0x7f00000000c0)=@ipx, &(0x7f00000001c0)=0x80) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 833.250629] FAULT_INJECTION: forcing a failure. [ 833.250629] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 833.264039] binder: 31823:31830 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 833.276037] CPU: 1 PID: 31828 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 833.284557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.293337] binder: 31823:31830 got reply transaction with no transaction stack [ 833.293923] Call Trace: [ 833.303970] dump_stack+0x244/0x39d [ 833.307622] ? dump_stack_print_info.cold.1+0x20/0x20 [ 833.312830] ? debug_smp_processor_id+0x1c/0x20 [ 833.317516] ? perf_trace_lock_acquire+0x15b/0x800 [ 833.322459] ? lock_downgrade+0x900/0x900 [ 833.326627] should_fail.cold.4+0xa/0x17 [ 833.330707] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 833.332967] 9pnet: Insufficient options for proto=fd [ 833.335825] ? zap_class+0x640/0x640 [ 833.335843] ? print_usage_bug+0xc0/0xc0 [ 833.335861] ? zap_class+0x640/0x640 [ 833.335881] ? print_usage_bug+0xc0/0xc0 [ 833.335914] ? __lock_is_held+0xb5/0x140 [ 833.344095] 9pnet: Insufficient options for proto=fd [ 833.344815] ? next_root_backup+0x698/0x8c0 [ 833.344847] ? lock_release+0xa10/0xa10 [ 833.374088] ? perf_trace_sched_process_exec+0x860/0x860 [ 833.379568] ? mark_held_locks+0x130/0x130 [ 833.383854] ? __might_sleep+0x95/0x190 [ 833.387846] __alloc_pages_nodemask+0x34b/0xdd0 [ 833.387869] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 08:44:17 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'w/dno', 0x3d, r0}}) 08:44:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:17 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 833.387887] ? debug_smp_processor_id+0x1c/0x20 [ 833.387904] ? perf_trace_lock_acquire+0x15b/0x800 [ 833.387918] ? check_preemption_disabled+0x48/0x280 [ 833.387939] ? print_usage_bug+0xc0/0xc0 [ 833.416312] ? print_usage_bug+0xc0/0xc0 [ 833.420413] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 833.425972] alloc_pages_current+0x173/0x350 [ 833.430416] pte_alloc_one+0x1b/0x1a0 [ 833.434240] __pte_alloc+0x2a/0x350 [ 833.437897] copy_page_range+0x2017/0x2ee0 [ 833.442192] ? mark_held_locks+0x130/0x130 [ 833.446481] ? __pmd_alloc+0x450/0x450 08:44:17 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 833.450388] ? __rb_insert_augmented+0x3b2/0x1890 [ 833.455267] ? rb_insert_color_cached+0x14b0/0x14b0 [ 833.460308] ? save_stack+0xa9/0xd0 [ 833.463950] ? zap_class+0x640/0x640 [ 833.467669] ? kasan_kmalloc+0xc7/0xe0 [ 833.471571] ? kasan_slab_alloc+0x12/0x20 [ 833.475729] ? kmem_cache_alloc+0x12e/0x730 [ 833.480065] ? zap_class+0x640/0x640 [ 833.483795] ? __x64_sys_clone+0xbf/0x150 [ 833.487956] ? do_syscall_64+0x1b9/0x820 [ 833.492033] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 833.497443] ? find_held_lock+0x36/0x1c0 08:44:17 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 833.501536] ? anon_vma_fork+0x5ef/0x820 [ 833.505616] ? lock_downgrade+0x900/0x900 [ 833.509784] ? lock_release+0xa10/0xa10 [ 833.513782] ? perf_trace_sched_process_exec+0x860/0x860 [ 833.519254] ? __lock_is_held+0xb5/0x140 [ 833.523339] ? up_write+0x7b/0x220 [ 833.526890] ? down_write_nested+0x130/0x130 [ 833.531316] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 833.536794] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 833.541833] ? vma_compute_subtree_gap+0x160/0x240 [ 833.546783] ? validate_mm_rb+0xaa/0xc0 [ 833.550779] ? __vma_link_rb+0x26c/0x370 [ 833.554865] copy_process+0x4726/0x8770 [ 833.558893] ? __cleanup_sighand+0x70/0x70 [ 833.563153] ? perf_trace_lock_acquire+0x15b/0x800 [ 833.568116] ? print_usage_bug+0xc0/0xc0 [ 833.572204] ? ima_match_policy+0x848/0x1560 [ 833.576638] ? check_preemption_disabled+0x48/0x280 [ 833.581675] ? print_usage_bug+0xc0/0xc0 [ 833.585752] ? kasan_check_read+0x11/0x20 [ 833.589920] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 833.595220] ? __lock_acquire+0x62f/0x4c20 08:44:17 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 833.599489] ? mark_held_locks+0x130/0x130 [ 833.603756] ? mark_held_locks+0x130/0x130 [ 833.608007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.613564] ? check_preemption_disabled+0x48/0x280 [ 833.618605] ? debug_smp_processor_id+0x1c/0x20 [ 833.623290] ? print_usage_bug+0xc0/0xc0 [ 833.627366] ? check_preemption_disabled+0x48/0x280 [ 833.632419] ? print_usage_bug+0xc0/0xc0 [ 833.636515] ? perf_trace_lock_acquire+0x15b/0x800 [ 833.641464] ? zap_class+0x640/0x640 [ 833.645220] ? __lock_acquire+0x62f/0x4c20 [ 833.649486] ? mark_held_locks+0x130/0x130 [ 833.653739] ? __lock_acquire+0x62f/0x4c20 [ 833.657991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.663547] ? check_preemption_disabled+0x48/0x280 [ 833.668575] ? dput.part.25+0x241/0x860 [ 833.672565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.678115] ? check_preemption_disabled+0x48/0x280 [ 833.683145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.683379] 9pnet: Insufficient options for proto=fd [ 833.688713] ? mark_held_locks+0x130/0x130 [ 833.688746] ? zap_class+0x640/0x640 [ 833.688763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.688779] ? check_preemption_disabled+0x48/0x280 [ 833.688798] ? debug_smp_processor_id+0x1c/0x20 [ 833.688813] ? perf_trace_lock_acquire+0x15b/0x800 [ 833.688836] ? perf_trace_lock+0x7a0/0x7a0 [ 833.688855] ? find_held_lock+0x36/0x1c0 [ 833.730616] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.736189] ? _parse_integer+0x134/0x180 [ 833.740359] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 833.745917] ? _kstrtoull+0x188/0x250 [ 833.749738] ? _parse_integer+0x180/0x180 [ 833.753909] ? zap_class+0x640/0x640 [ 833.757642] ? lock_release+0xa10/0xa10 [ 833.761641] ? find_held_lock+0x36/0x1c0 [ 833.765723] ? zap_class+0x640/0x640 [ 833.769444] ? get_pid_task+0xd6/0x1a0 [ 833.773323] ? lock_downgrade+0x900/0x900 [ 833.777460] ? check_preemption_disabled+0x48/0x280 [ 833.782487] ? find_held_lock+0x36/0x1c0 [ 833.786566] ? __f_unlock_pos+0x19/0x20 [ 833.790547] ? lock_downgrade+0x900/0x900 [ 833.794689] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 833.800226] ? proc_fail_nth_write+0x9e/0x210 [ 833.804737] ? proc_cwd_link+0x1d0/0x1d0 [ 833.808824] ? find_held_lock+0x36/0x1c0 [ 833.812882] _do_fork+0x1cb/0x11c0 [ 833.816421] ? fork_idle+0x1d0/0x1d0 [ 833.820128] ? __lock_is_held+0xb5/0x140 [ 833.824189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.829728] ? check_preemption_disabled+0x48/0x280 [ 833.834748] ? __sb_end_write+0xd9/0x110 [ 833.838810] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 833.844354] ? fput+0x130/0x1a0 [ 833.847650] ? do_syscall_64+0x9a/0x820 [ 833.851623] ? do_syscall_64+0x9a/0x820 [ 833.855589] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 833.860165] ? trace_hardirqs_on+0xbd/0x310 [ 833.864483] ? __ia32_sys_read+0xb0/0xb0 [ 833.868555] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 833.873910] ? trace_hardirqs_off_caller+0x300/0x300 [ 833.879006] __x64_sys_clone+0xbf/0x150 [ 833.882986] do_syscall_64+0x1b9/0x820 [ 833.886864] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 833.892216] ? syscall_return_slowpath+0x5e0/0x5e0 [ 833.897142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 833.902013] ? trace_hardirqs_on_caller+0x310/0x310 [ 833.907019] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 833.912027] ? prepare_exit_to_usermode+0x291/0x3b0 [ 833.917037] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 833.921878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 833.927055] RIP: 0033:0x457569 [ 833.930250] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 833.949180] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 833.956879] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 833.964135] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 833.971392] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 833.978681] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 833.985942] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:17 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x3}}) 08:44:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:17 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 08:44:17 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfTno', 0x3d, r0}}) 08:44:17 executing program 5 (fault-call:1 fault-nth:40): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:17 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x800) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000001c0), &(0x7f0000000240)=0x4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 834.101656] binder: 31861:31863 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 834.136972] FAULT_INJECTION: forcing a failure. [ 834.136972] name failslab, interval 1, probability 0, space 0, times 0 [ 834.148385] binder: 31861:31863 got reply transaction with no transaction stack [ 834.158104] 9pnet: Insufficient options for proto=fd [ 834.165253] binder_transaction: 2 callbacks suppressed [ 834.165271] binder: 31861:31863 transaction failed 29201/-71, size 3-0 line 2741 [ 834.179447] CPU: 1 PID: 31866 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 834.187965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 834.195731] binder_release_work: 2 callbacks suppressed [ 834.195739] binder: undelivered TRANSACTION_ERROR: 29201 [ 834.197325] Call Trace: [ 834.197357] dump_stack+0x244/0x39d [ 834.197387] ? dump_stack_print_info.cold.1+0x20/0x20 [ 834.197432] should_fail.cold.4+0xa/0x17 [ 834.222334] 9pnet: Insufficient options for proto=fd [ 834.223657] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 834.233872] ? __lock_is_held+0xb5/0x140 [ 834.237944] ? zap_class+0x640/0x640 [ 834.241677] ? find_held_lock+0x36/0x1c0 [ 834.245751] ? __lock_is_held+0xb5/0x140 [ 834.249836] ? perf_trace_sched_process_exec+0x860/0x860 [ 834.255329] __should_failslab+0x124/0x180 [ 834.259574] should_failslab+0x9/0x14 [ 834.263382] kmem_cache_alloc+0x2be/0x730 [ 834.267550] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 834.273103] ptlock_alloc+0x20/0x80 [ 834.276738] pte_alloc_one+0x6b/0x1a0 [ 834.280548] __pte_alloc+0x2a/0x350 [ 834.284191] copy_page_range+0x2017/0x2ee0 [ 834.288447] ? mark_held_locks+0x130/0x130 [ 834.292717] ? __pmd_alloc+0x450/0x450 [ 834.296617] ? __rb_insert_augmented+0x3b2/0x1890 [ 834.301472] ? rb_insert_color_cached+0x14b0/0x14b0 [ 834.306493] ? save_stack+0xa9/0xd0 [ 834.310131] ? zap_class+0x640/0x640 [ 834.313845] ? kasan_kmalloc+0xc7/0xe0 [ 834.317738] ? kasan_slab_alloc+0x12/0x20 [ 834.321892] ? kmem_cache_alloc+0x12e/0x730 [ 834.326239] ? zap_class+0x640/0x640 [ 834.329960] ? __x64_sys_clone+0xbf/0x150 [ 834.334116] ? do_syscall_64+0x1b9/0x820 [ 834.338188] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 834.343571] ? find_held_lock+0x36/0x1c0 [ 834.347649] ? anon_vma_fork+0x5ef/0x820 [ 834.351719] ? lock_downgrade+0x900/0x900 [ 834.355879] ? lock_release+0xa10/0xa10 [ 834.359856] ? perf_trace_sched_process_exec+0x860/0x860 [ 834.365318] ? __lock_is_held+0xb5/0x140 [ 834.369409] ? up_write+0x7b/0x220 [ 834.372958] ? down_write_nested+0x130/0x130 [ 834.377376] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 834.382855] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 834.387880] ? vma_compute_subtree_gap+0x160/0x240 [ 834.392821] ? validate_mm_rb+0xaa/0xc0 [ 834.396803] ? __vma_link_rb+0x26c/0x370 [ 834.400875] copy_process+0x4726/0x8770 [ 834.404895] ? __cleanup_sighand+0x70/0x70 [ 834.409151] ? perf_trace_lock_acquire+0x15b/0x800 [ 834.414097] ? print_usage_bug+0xc0/0xc0 [ 834.418178] ? ima_match_policy+0x848/0x1560 [ 834.422594] ? check_preemption_disabled+0x48/0x280 [ 834.427618] ? print_usage_bug+0xc0/0xc0 [ 834.431687] ? kasan_check_read+0x11/0x20 [ 834.435847] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 834.441136] ? __lock_acquire+0x62f/0x4c20 [ 834.445412] ? mark_held_locks+0x130/0x130 [ 834.449671] ? mark_held_locks+0x130/0x130 [ 834.453918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.459461] ? check_preemption_disabled+0x48/0x280 [ 834.464491] ? debug_smp_processor_id+0x1c/0x20 [ 834.469177] ? print_usage_bug+0xc0/0xc0 [ 834.473247] ? check_preemption_disabled+0x48/0x280 [ 834.478270] ? print_usage_bug+0xc0/0xc0 [ 834.482349] ? perf_trace_lock_acquire+0x15b/0x800 [ 834.487287] ? zap_class+0x640/0x640 [ 834.491030] ? __lock_acquire+0x62f/0x4c20 [ 834.495286] ? mark_held_locks+0x130/0x130 [ 834.499535] ? __lock_acquire+0x62f/0x4c20 [ 834.503779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.509322] ? check_preemption_disabled+0x48/0x280 [ 834.514344] ? dput.part.25+0x241/0x860 [ 834.518327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.523869] ? check_preemption_disabled+0x48/0x280 [ 834.528894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.534450] ? mark_held_locks+0x130/0x130 [ 834.538711] ? zap_class+0x640/0x640 [ 834.542441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.547984] ? check_preemption_disabled+0x48/0x280 [ 834.553009] ? debug_smp_processor_id+0x1c/0x20 [ 834.557682] ? perf_trace_lock_acquire+0x15b/0x800 [ 834.562628] ? perf_trace_lock+0x7a0/0x7a0 [ 834.566865] ? find_held_lock+0x36/0x1c0 [ 834.570948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.576502] ? _parse_integer+0x134/0x180 [ 834.580662] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 834.586207] ? _kstrtoull+0x188/0x250 [ 834.590033] ? _parse_integer+0x180/0x180 [ 834.594191] ? zap_class+0x640/0x640 [ 834.597910] ? lock_release+0xa10/0xa10 [ 834.601897] ? find_held_lock+0x36/0x1c0 [ 834.605966] ? zap_class+0x640/0x640 [ 834.609694] ? get_pid_task+0xd6/0x1a0 [ 834.613587] ? lock_downgrade+0x900/0x900 [ 834.617741] ? check_preemption_disabled+0x48/0x280 [ 834.622771] ? find_held_lock+0x36/0x1c0 [ 834.626851] ? __f_unlock_pos+0x19/0x20 [ 834.630831] ? lock_downgrade+0x900/0x900 [ 834.634986] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 834.640533] ? proc_fail_nth_write+0x9e/0x210 [ 834.647034] ? proc_cwd_link+0x1d0/0x1d0 [ 834.651113] ? find_held_lock+0x36/0x1c0 [ 834.655194] _do_fork+0x1cb/0x11c0 [ 834.658751] ? fork_idle+0x1d0/0x1d0 [ 834.662474] ? __lock_is_held+0xb5/0x140 [ 834.666550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.672095] ? check_preemption_disabled+0x48/0x280 [ 834.677124] ? __sb_end_write+0xd9/0x110 [ 834.681289] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 834.686830] ? fput+0x130/0x1a0 [ 834.690117] ? do_syscall_64+0x9a/0x820 [ 834.694097] ? do_syscall_64+0x9a/0x820 [ 834.698079] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 834.702668] ? trace_hardirqs_on+0xbd/0x310 [ 834.706994] ? __ia32_sys_read+0xb0/0xb0 [ 834.711060] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 834.716442] ? trace_hardirqs_off_caller+0x300/0x300 [ 834.721556] __x64_sys_clone+0xbf/0x150 [ 834.725547] do_syscall_64+0x1b9/0x820 [ 834.729442] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 834.734818] ? syscall_return_slowpath+0x5e0/0x5e0 [ 834.739752] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 834.744605] ? trace_hardirqs_on_caller+0x310/0x310 [ 834.749629] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 834.754656] ? prepare_exit_to_usermode+0x291/0x3b0 [ 834.759684] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 834.764549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 834.769745] RIP: 0033:0x457569 [ 834.772949] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 834.791856] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 08:44:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:18 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 834.799568] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 834.806839] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 834.814109] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 834.821378] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 834.829186] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:18 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfVno', 0x3d, r0}}) 08:44:18 executing program 5 (fault-call:1 fault-nth:41): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:18 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) [ 834.897517] binder: 31877:31880 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 834.933289] binder: 31877:31880 got reply transaction with no transaction stack [ 834.943224] FAULT_INJECTION: forcing a failure. 08:44:18 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 834.943224] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 834.955693] CPU: 1 PID: 31886 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 834.964207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 834.973570] Call Trace: [ 834.974132] binder: 31877:31880 transaction failed 29201/-71, size 8358680908399640576-0 line 2741 [ 834.976187] dump_stack+0x244/0x39d [ 834.976216] ? dump_stack_print_info.cold.1+0x20/0x20 [ 834.976238] ? debug_smp_processor_id+0x1c/0x20 [ 834.976264] ? perf_trace_lock_acquire+0x15b/0x800 [ 835.003760] ? lock_downgrade+0x900/0x900 [ 835.007934] should_fail.cold.4+0xa/0x17 [ 835.012021] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 835.017141] ? zap_class+0x640/0x640 [ 835.020880] ? __lock_acquire+0x62f/0x4c20 [ 835.025126] ? __lock_acquire+0x62f/0x4c20 [ 835.029382] ? zap_class+0x640/0x640 [ 835.033147] ? __lock_is_held+0xb5/0x140 [ 835.037280] ? cake_dequeue+0x498/0x3e60 [ 835.041373] ? lock_release+0xa10/0xa10 [ 835.045379] ? perf_trace_sched_process_exec+0x860/0x860 [ 835.046896] 9pnet: Insufficient options for proto=fd [ 835.050856] ? debug_smp_processor_id+0x1c/0x20 [ 835.050879] ? __might_sleep+0x95/0x190 [ 835.050902] __alloc_pages_nodemask+0x34b/0xdd0 [ 835.061113] 9pnet: Insufficient options for proto=fd [ 835.064642] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 835.064670] ? zap_class+0x640/0x640 [ 835.083186] ? __lock_is_held+0xb5/0x140 [ 835.087260] ? lock_downgrade+0x900/0x900 [ 835.091432] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 835.096988] alloc_pages_current+0x173/0x350 [ 835.101420] pte_alloc_one+0x1b/0x1a0 [ 835.105246] __pte_alloc+0x2a/0x350 [ 835.108880] copy_page_range+0x2017/0x2ee0 [ 835.113127] ? __pmd_alloc+0x450/0x450 [ 835.117023] ? __rb_insert_augmented+0x3b2/0x1890 [ 835.121862] ? rb_insert_color_cached+0x14b0/0x14b0 [ 835.126872] ? save_stack+0xa9/0xd0 [ 835.130491] ? zap_class+0x640/0x640 [ 835.134198] ? kasan_kmalloc+0xc7/0xe0 [ 835.138070] ? kasan_slab_alloc+0x12/0x20 [ 835.142205] ? kmem_cache_alloc+0x12e/0x730 [ 835.146518] ? __x64_sys_clone+0xbf/0x150 [ 835.150656] ? do_syscall_64+0x1b9/0x820 [ 835.154709] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.160072] ? find_held_lock+0x36/0x1c0 [ 835.164131] ? anon_vma_fork+0x5ef/0x820 [ 835.168205] ? lock_downgrade+0x900/0x900 [ 835.172351] ? lock_release+0xa10/0xa10 [ 835.176335] ? perf_trace_sched_process_exec+0x860/0x860 [ 835.181782] ? __lock_is_held+0xb5/0x140 [ 835.185836] ? up_write+0x7b/0x220 [ 835.189366] ? down_write_nested+0x130/0x130 [ 835.193769] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 835.199217] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 835.204227] ? vma_compute_subtree_gap+0x160/0x240 [ 835.209151] ? validate_mm_rb+0xaa/0xc0 [ 835.213122] ? __vma_link_rb+0x26c/0x370 [ 835.217187] copy_process+0x4726/0x8770 [ 835.221175] ? __cleanup_sighand+0x70/0x70 [ 835.225431] ? perf_trace_lock_acquire+0x15b/0x800 [ 835.230387] ? print_usage_bug+0xc0/0xc0 [ 835.234450] ? ima_match_policy+0x848/0x1560 [ 835.238853] ? check_preemption_disabled+0x48/0x280 [ 835.243860] ? print_usage_bug+0xc0/0xc0 [ 835.247915] ? kasan_check_read+0x11/0x20 [ 835.252057] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 835.257326] ? __lock_acquire+0x62f/0x4c20 [ 835.261580] ? mark_held_locks+0x130/0x130 [ 835.265814] ? mark_held_locks+0x130/0x130 [ 835.270051] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.275590] ? check_preemption_disabled+0x48/0x280 [ 835.280598] ? debug_smp_processor_id+0x1c/0x20 [ 835.285255] ? print_usage_bug+0xc0/0xc0 [ 835.289307] ? check_preemption_disabled+0x48/0x280 [ 835.294312] ? print_usage_bug+0xc0/0xc0 [ 835.298367] ? perf_trace_lock_acquire+0x15b/0x800 [ 835.303287] ? zap_class+0x640/0x640 [ 835.307002] ? __lock_acquire+0x62f/0x4c20 [ 835.311231] ? mark_held_locks+0x130/0x130 [ 835.315457] ? __lock_acquire+0x62f/0x4c20 [ 835.319686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.325218] ? check_preemption_disabled+0x48/0x280 [ 835.330238] ? dput.part.25+0x241/0x860 [ 835.334218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.339744] ? check_preemption_disabled+0x48/0x280 [ 835.344762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.350326] ? mark_held_locks+0x130/0x130 [ 835.354574] ? zap_class+0x640/0x640 [ 835.358277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.363804] ? check_preemption_disabled+0x48/0x280 [ 835.368815] ? debug_smp_processor_id+0x1c/0x20 [ 835.373475] ? perf_trace_lock_acquire+0x15b/0x800 [ 835.378406] ? perf_trace_lock+0x7a0/0x7a0 [ 835.382628] ? find_held_lock+0x36/0x1c0 [ 835.386679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.392209] ? _parse_integer+0x134/0x180 [ 835.396351] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 835.401878] ? _kstrtoull+0x188/0x250 [ 835.405672] ? _parse_integer+0x180/0x180 [ 835.409818] ? zap_class+0x640/0x640 [ 835.413525] ? lock_release+0xa10/0xa10 [ 835.417491] ? find_held_lock+0x36/0x1c0 [ 835.421544] ? zap_class+0x640/0x640 [ 835.425249] ? get_pid_task+0xd6/0x1a0 [ 835.429135] ? lock_downgrade+0x900/0x900 [ 835.433283] ? check_preemption_disabled+0x48/0x280 [ 835.438296] ? find_held_lock+0x36/0x1c0 [ 835.442352] ? __f_unlock_pos+0x19/0x20 [ 835.446314] ? lock_downgrade+0x900/0x900 [ 835.450479] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 835.456018] ? proc_fail_nth_write+0x9e/0x210 [ 835.460521] ? proc_cwd_link+0x1d0/0x1d0 [ 835.464581] ? find_held_lock+0x36/0x1c0 [ 835.468651] _do_fork+0x1cb/0x11c0 [ 835.472209] ? fork_idle+0x1d0/0x1d0 [ 835.475917] ? __lock_is_held+0xb5/0x140 [ 835.479971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.485510] ? check_preemption_disabled+0x48/0x280 [ 835.490531] ? __sb_end_write+0xd9/0x110 [ 835.494586] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 835.500111] ? fput+0x130/0x1a0 [ 835.503383] ? do_syscall_64+0x9a/0x820 [ 835.507353] ? do_syscall_64+0x9a/0x820 [ 835.511316] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 835.515903] ? trace_hardirqs_on+0xbd/0x310 [ 835.520237] ? __ia32_sys_read+0xb0/0xb0 [ 835.524302] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.529658] ? trace_hardirqs_off_caller+0x300/0x300 [ 835.534754] __x64_sys_clone+0xbf/0x150 [ 835.538728] do_syscall_64+0x1b9/0x820 [ 835.542603] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 835.547966] ? syscall_return_slowpath+0x5e0/0x5e0 [ 835.552885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 835.557719] ? trace_hardirqs_on_caller+0x310/0x310 [ 835.562726] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 835.567731] ? prepare_exit_to_usermode+0x291/0x3b0 [ 835.572739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 835.577575] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.582750] RIP: 0033:0x457569 08:44:19 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xfffffffe}}) 08:44:19 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 08:44:19 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfbno', 0x3d, r0}}) [ 835.585933] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 835.604820] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 835.612516] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 835.619775] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 835.627030] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 835.634284] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 835.641541] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 835.677066] binder: 31877:31880 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 835.699692] 9pnet: Insufficient options for proto=fd [ 835.707410] 9pnet: Insufficient options for proto=fd [ 835.709315] binder: undelivered TRANSACTION_ERROR: 29201 08:44:19 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfQno', 0x3d, r0}}) [ 835.721733] binder: 31877:31880 got reply transaction with no transaction stack 08:44:19 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) write$P9_RVERSION(r2, &(0x7f00000000c0)={0x13, 0x65, 0xffff, 0x9, 0x6, '9P2000'}, 0x13) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x10d400) setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00000002c0)=0x2, 0x1) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f0000000340)) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000240)=0x4) 08:44:19 executing program 5 (fault-call:1 fault-nth:42): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 835.756056] binder: 31877:31880 transaction failed 29201/-71, size 8358680908399640576-0 line 2741 [ 835.785849] binder: undelivered TRANSACTION_ERROR: 29201 08:44:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:19 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 835.811079] 9pnet: Insufficient options for proto=fd [ 835.831193] FAULT_INJECTION: forcing a failure. [ 835.831193] name failslab, interval 1, probability 0, space 0, times 0 [ 835.843063] CPU: 1 PID: 31914 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 835.851576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 08:44:19 executing program 3: r0 = accept4$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs, &(0x7f0000000040)=0x6e, 0x80800) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000140)={0xffffffffffffffff, 0xc4b, 0x8}) r1 = timerfd_create(0x0, 0x0) r2 = dup(r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000180), &(0x7f00000001c0)=0x4) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000200)={0x7, 0x0, 0x1, 0xffffffffffffffd8, 0x0, 0x6}) [ 835.860940] Call Trace: [ 835.863557] dump_stack+0x244/0x39d [ 835.867217] ? dump_stack_print_info.cold.1+0x20/0x20 [ 835.872443] should_fail.cold.4+0xa/0x17 [ 835.876527] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 835.881639] 9pnet: Insufficient options for proto=fd [ 835.881667] ? __lock_is_held+0xb5/0x140 [ 835.890832] ? zap_class+0x640/0x640 [ 835.894575] ? find_held_lock+0x36/0x1c0 [ 835.898654] ? __lock_is_held+0xb5/0x140 [ 835.902747] ? perf_trace_sched_process_exec+0x860/0x860 08:44:19 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x9}) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f0000000040)={0x6, 0x8, 0x4f4a}) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f00000000c0)) [ 835.908228] __should_failslab+0x124/0x180 [ 835.912481] should_failslab+0x9/0x14 [ 835.916296] kmem_cache_alloc+0x2be/0x730 [ 835.920461] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 835.926027] ptlock_alloc+0x20/0x80 [ 835.929670] pte_alloc_one+0x6b/0x1a0 [ 835.933491] __pte_alloc+0x2a/0x350 [ 835.937142] copy_page_range+0x2017/0x2ee0 [ 835.941450] ? __pmd_alloc+0x450/0x450 [ 835.945354] ? __rb_insert_augmented+0x3b2/0x1890 [ 835.950223] ? rb_insert_color_cached+0x14b0/0x14b0 [ 835.955254] ? save_stack+0xa9/0xd0 [ 835.958983] ? zap_class+0x640/0x640 [ 835.962709] ? kasan_kmalloc+0xc7/0xe0 [ 835.966607] ? kasan_slab_alloc+0x12/0x20 [ 835.970773] ? kmem_cache_alloc+0x12e/0x730 [ 835.975109] ? __x64_sys_clone+0xbf/0x150 [ 835.976033] binder: 31917:31923 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 835.979267] ? do_syscall_64+0x1b9/0x820 [ 835.979285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.979314] ? find_held_lock+0x36/0x1c0 [ 835.996247] binder: 31917:31923 got reply transaction with no transaction stack 08:44:19 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000000040)={0x2004, 0xf000, 0x1, 0x6, 0x5b97}) [ 835.996799] ? anon_vma_fork+0x5ef/0x820 [ 836.005091] binder: 31917:31923 transaction failed 29201/-71, size 83886080-0 line 2741 [ 836.008299] ? lock_downgrade+0x900/0x900 [ 836.008324] ? lock_release+0xa10/0xa10 [ 836.025753] binder: undelivered TRANSACTION_ERROR: 29201 [ 836.028693] ? perf_trace_sched_process_exec+0x860/0x860 [ 836.039595] ? __lock_is_held+0xb5/0x140 [ 836.043683] ? up_write+0x7b/0x220 [ 836.047238] ? down_write_nested+0x130/0x130 [ 836.051666] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 836.057144] ? __sanitizer_cov_trace_cmp8+0x18/0x20 08:44:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 836.062199] ? vma_compute_subtree_gap+0x160/0x240 [ 836.067156] ? validate_mm_rb+0xaa/0xc0 [ 836.071155] ? __vma_link_rb+0x26c/0x370 [ 836.075246] copy_process+0x4726/0x8770 [ 836.079288] ? __cleanup_sighand+0x70/0x70 [ 836.083548] ? perf_trace_lock_acquire+0x15b/0x800 [ 836.088501] ? print_usage_bug+0xc0/0xc0 [ 836.092584] ? ima_match_policy+0x848/0x1560 [ 836.097011] ? check_preemption_disabled+0x48/0x280 [ 836.102050] ? print_usage_bug+0xc0/0xc0 [ 836.106128] ? kasan_check_read+0x11/0x20 [ 836.110333] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 836.115634] ? __lock_acquire+0x62f/0x4c20 [ 836.119904] ? mark_held_locks+0x130/0x130 [ 836.124175] ? mark_held_locks+0x130/0x130 [ 836.128438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.132874] binder: 31928:31931 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 836.133987] ? check_preemption_disabled+0x48/0x280 [ 836.134009] ? debug_smp_processor_id+0x1c/0x20 [ 836.134031] ? print_usage_bug+0xc0/0xc0 [ 836.143273] binder: 31928:31931 got reply transaction with no transaction stack [ 836.147090] ? check_preemption_disabled+0x48/0x280 [ 836.147110] ? print_usage_bug+0xc0/0xc0 [ 836.147139] ? perf_trace_lock_acquire+0x15b/0x800 [ 836.147155] ? zap_class+0x640/0x640 [ 836.147199] ? __lock_acquire+0x62f/0x4c20 [ 836.157549] binder: 31928:31931 transaction failed 29201/-71, size 18432-0 line 2741 [ 836.163360] ? mark_held_locks+0x130/0x130 [ 836.163382] ? __lock_acquire+0x62f/0x4c20 [ 836.171059] binder: undelivered TRANSACTION_ERROR: 29201 [ 836.172461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.172479] ? check_preemption_disabled+0x48/0x280 [ 836.172499] ? dput.part.25+0x241/0x860 [ 836.221561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.227091] ? check_preemption_disabled+0x48/0x280 [ 836.232101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.237722] ? mark_held_locks+0x130/0x130 [ 836.241950] ? zap_class+0x640/0x640 [ 836.245651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.251181] ? check_preemption_disabled+0x48/0x280 [ 836.256192] ? debug_smp_processor_id+0x1c/0x20 [ 836.260847] ? perf_trace_lock_acquire+0x15b/0x800 [ 836.265786] ? perf_trace_lock+0x7a0/0x7a0 [ 836.270016] ? find_held_lock+0x36/0x1c0 [ 836.274068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.279595] ? _parse_integer+0x134/0x180 [ 836.283734] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 836.289260] ? _kstrtoull+0x188/0x250 [ 836.293049] ? _parse_integer+0x180/0x180 [ 836.297188] ? zap_class+0x640/0x640 [ 836.300894] ? lock_release+0xa10/0xa10 [ 836.304859] ? find_held_lock+0x36/0x1c0 [ 836.308925] ? zap_class+0x640/0x640 [ 836.312630] ? get_pid_task+0xd6/0x1a0 [ 836.316527] ? lock_downgrade+0x900/0x900 [ 836.320663] ? check_preemption_disabled+0x48/0x280 [ 836.325678] ? find_held_lock+0x36/0x1c0 [ 836.329734] ? __f_unlock_pos+0x19/0x20 [ 836.333695] ? lock_downgrade+0x900/0x900 [ 836.337842] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 836.343383] ? proc_fail_nth_write+0x9e/0x210 [ 836.347872] ? proc_cwd_link+0x1d0/0x1d0 [ 836.351925] ? find_held_lock+0x36/0x1c0 [ 836.355979] _do_fork+0x1cb/0x11c0 [ 836.359513] ? fork_idle+0x1d0/0x1d0 [ 836.363216] ? __lock_is_held+0xb5/0x140 [ 836.367271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.372796] ? check_preemption_disabled+0x48/0x280 [ 836.377810] ? __sb_end_write+0xd9/0x110 [ 836.381864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 836.387391] ? fput+0x130/0x1a0 [ 836.390667] ? do_syscall_64+0x9a/0x820 [ 836.394629] ? do_syscall_64+0x9a/0x820 [ 836.398609] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 836.403184] ? trace_hardirqs_on+0xbd/0x310 [ 836.407496] ? __ia32_sys_read+0xb0/0xb0 [ 836.411548] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 836.416902] ? trace_hardirqs_off_caller+0x300/0x300 [ 836.421996] __x64_sys_clone+0xbf/0x150 [ 836.425961] do_syscall_64+0x1b9/0x820 [ 836.429839] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 836.435211] ? syscall_return_slowpath+0x5e0/0x5e0 [ 836.440134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 836.444964] ? trace_hardirqs_on_caller+0x310/0x310 [ 836.449967] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 836.454968] ? prepare_exit_to_usermode+0x291/0x3b0 [ 836.459985] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 836.464822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 836.469997] RIP: 0033:0x457569 [ 836.473182] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 836.492090] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 836.499789] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 836.507049] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 836.514306] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 836.521562] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 836.528823] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:20 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2000000}}) 08:44:20 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timerfd_settime(r1, 0x1, &(0x7f00000000c0)={{}, {r2, r3+10000000}}, &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0xfffffffffffffffc}) 08:44:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:20 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfgno', 0x3d, r0}}) [ 836.609982] binder: 31937:31941 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 836.626090] 9pnet: Insufficient options for proto=fd [ 836.631362] binder: 31937:31941 got reply transaction with no transaction stack [ 836.644466] 9pnet: Insufficient options for proto=fd [ 836.644624] binder: 31937:31941 transaction failed 29201/-71, size 76-0 line 2741 [ 836.661122] binder: undelivered TRANSACTION_ERROR: 29201 [ 836.668011] binder: 31937:31941 transaction failed 29201/-71, size 76-0 line 2741 [ 836.685777] binder: undelivered TRANSACTION_ERROR: 29201 08:44:20 executing program 4: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f00000000c0)) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x90080, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @hyper}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000340)={0x16, 0x98, 0xfa00, {&(0x7f00000002c0)={0xffffffffffffffff}, 0x2, 0xffffffffffffffff, 0x3c, 0x0, @in={0x2, 0x4e23, @broadcast}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r2, &(0x7f0000000400)={0x11, 0x10, 0xfa00, {&(0x7f0000000280), r3}}, 0x18) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x400000, 0x0) write$cgroup_int(r4, &(0x7f00000001c0)=0x8000, 0x12) 08:44:20 executing program 5 (fault-call:1 fault-nth:43): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:20 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) timerfd_gettime(r1, &(0x7f0000000040)) 08:44:20 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfsno', 0x3d, r0}}) 08:44:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 836.768649] FAULT_INJECTION: forcing a failure. [ 836.768649] name failslab, interval 1, probability 0, space 0, times 0 [ 836.783170] binder: 31952:31956 transaction failed 29201/-71, size 6917529027641081856-0 line 2741 [ 836.792877] 9pnet: Insufficient options for proto=fd [ 836.798265] CPU: 1 PID: 31954 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 836.806774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 08:44:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:20 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1ff, 0x1) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x3ff, 0x3}, &(0x7f0000000100)=0x8) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000200)={&(0x7f0000ffc000/0x1000)=nil, 0x5, 0x4, 0x10, &(0x7f0000ffc000/0x4000)=nil, 0x401}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x4, 0x0, 0x1cc, 0x8001, r1}, &(0x7f0000000180)=0x10) r2 = timerfd_create(0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000001c0)=0x6) r3 = dup(r2) timerfd_settime(r3, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$HDIO_GETGEO(r3, 0x301, &(0x7f0000000240)) [ 836.813332] binder: undelivered TRANSACTION_ERROR: 29201 [ 836.816132] Call Trace: [ 836.816161] dump_stack+0x244/0x39d [ 836.816199] ? dump_stack_print_info.cold.1+0x20/0x20 [ 836.816233] should_fail.cold.4+0xa/0x17 [ 836.816256] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 836.816280] ? __x64_sys_clone+0xbf/0x150 [ 836.846899] ? do_syscall_64+0x1b9/0x820 [ 836.850971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 836.856359] ? zap_class+0x640/0x640 [ 836.860099] ? find_held_lock+0x36/0x1c0 [ 836.864176] ? find_held_lock+0x36/0x1c0 [ 836.868252] ? __lock_is_held+0xb5/0x140 [ 836.872341] ? perf_trace_sched_process_exec+0x860/0x860 [ 836.877809] ? up_write+0x7b/0x220 [ 836.881376] __should_failslab+0x124/0x180 [ 836.885646] should_failslab+0x9/0x14 [ 836.889471] kmem_cache_alloc+0x2be/0x730 [ 836.893642] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 836.898676] vm_area_dup+0x7a/0x230 [ 836.902320] ? vm_area_alloc+0x1d0/0x1d0 [ 836.906414] copy_process+0x42a5/0x8770 [ 836.910454] ? __cleanup_sighand+0x70/0x70 08:44:20 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x3, 0x80a00) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x5, 0x4, 0x4, 0xde, 0x80000000}, &(0x7f00000001c0)=0x14) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000340)={r3, @in6={{0xa, 0x4e21, 0x8, @remote, 0xf64b}}, [0x4, 0xffffffff, 0x9, 0x7fffffff, 0x1ff, 0xfffffffffffffffb, 0x0, 0x99, 0x2, 0x7, 0x10000, 0x5, 0x7ff, 0x400, 0x5]}, &(0x7f0000000240)=0x100) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(r2, &(0x7f0000000300)={0x2, 0x0, @broadcast}, 0x10) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 836.914719] ? perf_trace_lock_acquire+0x15b/0x800 [ 836.919672] ? print_usage_bug+0xc0/0xc0 [ 836.923761] ? ima_match_policy+0x848/0x1560 [ 836.928195] ? check_preemption_disabled+0x48/0x280 [ 836.933232] ? print_usage_bug+0xc0/0xc0 [ 836.937311] ? kasan_check_read+0x11/0x20 [ 836.941479] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 836.946777] ? __lock_acquire+0x62f/0x4c20 [ 836.951047] ? mark_held_locks+0x130/0x130 [ 836.955313] ? mark_held_locks+0x130/0x130 [ 836.959565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.965119] ? check_preemption_disabled+0x48/0x280 [ 836.970195] ? debug_smp_processor_id+0x1c/0x20 [ 836.971132] 9pnet: Insufficient options for proto=fd [ 836.974881] ? print_usage_bug+0xc0/0xc0 [ 836.984035] ? check_preemption_disabled+0x48/0x280 [ 836.989071] ? print_usage_bug+0xc0/0xc0 [ 836.993160] ? perf_trace_lock_acquire+0x15b/0x800 [ 836.998108] ? zap_class+0x640/0x640 [ 837.000925] binder: 31961:31965 transaction failed 29201/-71, size 33554432-0 line 2741 [ 837.001853] ? __lock_acquire+0x62f/0x4c20 [ 837.001882] ? mark_held_locks+0x130/0x130 [ 837.018063] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.018474] ? __lock_acquire+0x62f/0x4c20 [ 837.028209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.033762] ? check_preemption_disabled+0x48/0x280 [ 837.038788] ? dput.part.25+0x241/0x860 [ 837.042776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.048321] ? check_preemption_disabled+0x48/0x280 [ 837.053350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.058908] ? mark_held_locks+0x130/0x130 [ 837.063180] ? zap_class+0x640/0x640 [ 837.063200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.072446] ? check_preemption_disabled+0x48/0x280 [ 837.077480] ? debug_smp_processor_id+0x1c/0x20 [ 837.082182] ? perf_trace_lock_acquire+0x15b/0x800 [ 837.087137] ? perf_trace_lock+0x7a0/0x7a0 [ 837.091407] ? find_held_lock+0x36/0x1c0 [ 837.095480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.101010] ? _parse_integer+0x134/0x180 [ 837.105202] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.110747] ? _kstrtoull+0x188/0x250 [ 837.114554] ? _parse_integer+0x180/0x180 [ 837.118697] ? zap_class+0x640/0x640 [ 837.122407] ? lock_release+0xa10/0xa10 [ 837.126387] ? find_held_lock+0x36/0x1c0 [ 837.130480] ? zap_class+0x640/0x640 [ 837.134193] ? get_pid_task+0xd6/0x1a0 [ 837.138084] ? lock_downgrade+0x900/0x900 [ 837.142220] ? check_preemption_disabled+0x48/0x280 [ 837.147230] ? find_held_lock+0x36/0x1c0 [ 837.151284] ? __f_unlock_pos+0x19/0x20 [ 837.155250] ? lock_downgrade+0x900/0x900 [ 837.159393] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.164929] ? proc_fail_nth_write+0x9e/0x210 [ 837.169422] ? proc_cwd_link+0x1d0/0x1d0 [ 837.173492] ? find_held_lock+0x36/0x1c0 [ 837.177561] _do_fork+0x1cb/0x11c0 [ 837.181092] ? fork_idle+0x1d0/0x1d0 [ 837.184797] ? __lock_is_held+0xb5/0x140 [ 837.188851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.194374] ? check_preemption_disabled+0x48/0x280 [ 837.199391] ? __sb_end_write+0xd9/0x110 [ 837.203456] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.209000] ? fput+0x130/0x1a0 [ 837.212272] ? do_syscall_64+0x9a/0x820 [ 837.216238] ? do_syscall_64+0x9a/0x820 [ 837.220219] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 837.224805] ? trace_hardirqs_on+0xbd/0x310 [ 837.229140] ? __ia32_sys_read+0xb0/0xb0 [ 837.233223] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.238604] ? trace_hardirqs_off_caller+0x300/0x300 [ 837.243727] __x64_sys_clone+0xbf/0x150 [ 837.247725] do_syscall_64+0x1b9/0x820 [ 837.251608] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 837.256965] ? syscall_return_slowpath+0x5e0/0x5e0 [ 837.261896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 837.266746] ? trace_hardirqs_on_caller+0x310/0x310 [ 837.271749] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 837.276755] ? prepare_exit_to_usermode+0x291/0x3b0 [ 837.281761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 837.286596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.291770] RIP: 0033:0x457569 [ 837.294951] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 837.313858] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 837.321558] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 837.328813] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 837.336066] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 837.343323] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 837.350580] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:21 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x600}}) 08:44:21 executing program 3: r0 = dup(0xffffffffffffffff) timerfd_settime(r0, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:21 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfRno', 0x3d, r0}}) 08:44:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:21 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {r3, r4+10000000}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:21 executing program 5 (fault-call:1 fault-nth:44): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 837.484674] FAULT_INJECTION: forcing a failure. [ 837.484674] name failslab, interval 1, probability 0, space 0, times 0 [ 837.496951] binder_thread_write: 3 callbacks suppressed [ 837.496962] binder: 31977:31981 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 837.497023] CPU: 1 PID: 31978 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 837.517410] binder_transaction: 3 callbacks suppressed [ 837.517422] binder: 31977:31981 got reply transaction with no transaction stack 08:44:21 executing program 3: r0 = timerfd_create(0x7feeb6281125cbef, 0x7ffff) r1 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x8, 0x80200) ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000100)) r2 = dup(r0) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) accept$nfc_llcp(r2, 0x0, &(0x7f0000000040)) [ 837.518925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.518932] Call Trace: [ 837.518960] dump_stack+0x244/0x39d [ 837.518983] ? dump_stack_print_info.cold.1+0x20/0x20 [ 837.519008] ? lock_downgrade+0x900/0x900 [ 837.529138] binder: 31977:31981 transaction failed 29201/-71, size 122-0 line 2741 [ 837.531736] ? check_preemption_disabled+0x48/0x280 [ 837.531762] should_fail.cold.4+0xa/0x17 [ 837.531790] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 837.559807] binder: 31977:31981 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 837.564385] ? unwind_dump+0x190/0x190 [ 837.564428] ? is_bpf_text_address+0xd3/0x170 [ 837.564448] ? kernel_text_address+0x79/0xf0 [ 837.564468] ? __kernel_text_address+0xd/0x40 [ 837.577312] 9pnet: Insufficient options for proto=fd [ 837.578645] ? unwind_get_return_address+0x61/0xa0 [ 837.601135] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.603976] ? __save_stack_trace+0x8d/0xf0 [ 837.604015] ? save_stack+0xa9/0xd0 [ 837.604034] ? save_stack+0x43/0xd0 [ 837.604050] ? kasan_kmalloc+0xc7/0xe0 08:44:21 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0xb, 0xb, 0x4, "40a3d82b307be0dc9dd8e89755041adb6cb682da343fb2ed669646c763a1f168c333b2641d8cc4c3d5b7734459923f49d2ba9acca8436b04e351dad8a69eb7a1", "65b73a72024698f4ccb8c0a9aac7b0f4570045ea910e909597b0366df55b75de", [0x0, 0x6]}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 837.610960] binder: 31977:31981 got reply transaction with no transaction stack [ 837.614086] ? kasan_slab_alloc+0x12/0x20 [ 837.614102] ? kmem_cache_alloc+0x12e/0x730 [ 837.614118] ? vm_area_dup+0x7a/0x230 [ 837.614131] ? copy_process+0x42a5/0x8770 [ 837.614147] ? __x64_sys_clone+0xbf/0x150 [ 837.614163] ? do_syscall_64+0x1b9/0x820 [ 837.614186] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.614211] ? percpu_ref_put_many+0x11c/0x260 [ 837.677034] __should_failslab+0x124/0x180 [ 837.681291] should_failslab+0x9/0x14 08:44:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 837.685107] kmem_cache_alloc+0x47/0x730 [ 837.689195] ? rcu_softirq_qs+0x20/0x20 [ 837.693198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.698942] anon_vma_clone+0x140/0x710 [ 837.702945] ? unlink_anon_vmas+0xa60/0xa60 [ 837.707292] ? dup_userfaultfd+0x6d8/0x890 [ 837.711552] anon_vma_fork+0xf4/0x820 [ 837.712191] 9pnet: Insufficient options for proto=fd [ 837.715370] ? anon_vma_clone+0x710/0x710 [ 837.715391] ? vm_area_dup+0x1a8/0x230 [ 837.715417] ? vm_area_alloc+0x1d0/0x1d0 08:44:21 executing program 3: r0 = timerfd_create(0x0, 0x0) fdatasync(r0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x77359400}}, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 837.715445] copy_process+0x47cc/0x8770 [ 837.715493] ? __cleanup_sighand+0x70/0x70 [ 837.715520] ? perf_trace_lock_acquire+0x15b/0x800 [ 837.715545] ? print_usage_bug+0xc0/0xc0 [ 837.749896] ? ima_match_policy+0x848/0x1560 [ 837.754331] ? check_preemption_disabled+0x48/0x280 [ 837.759365] ? print_usage_bug+0xc0/0xc0 [ 837.763450] ? kasan_check_read+0x11/0x20 [ 837.767622] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 837.772922] ? __lock_acquire+0x62f/0x4c20 [ 837.777203] ? mark_held_locks+0x130/0x130 [ 837.781468] ? mark_held_locks+0x130/0x130 08:44:21 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 837.784609] binder: 31998:32001 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 837.785719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.785737] ? check_preemption_disabled+0x48/0x280 [ 837.785759] ? debug_smp_processor_id+0x1c/0x20 [ 837.785776] ? print_usage_bug+0xc0/0xc0 [ 837.785791] ? check_preemption_disabled+0x48/0x280 [ 837.785808] ? print_usage_bug+0xc0/0xc0 [ 837.785833] ? perf_trace_lock_acquire+0x15b/0x800 [ 837.785847] ? zap_class+0x640/0x640 [ 837.785884] ? __lock_acquire+0x62f/0x4c20 08:44:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 837.796439] binder: 31998:32001 got reply transaction with no transaction stack [ 837.799482] ? mark_held_locks+0x130/0x130 [ 837.799507] ? __lock_acquire+0x62f/0x4c20 [ 837.799525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.799546] ? check_preemption_disabled+0x48/0x280 [ 837.861609] ? dput.part.25+0x241/0x860 [ 837.865605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.871157] ? check_preemption_disabled+0x48/0x280 [ 837.876205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.881773] ? mark_held_locks+0x130/0x130 [ 837.886039] ? zap_class+0x640/0x640 [ 837.889770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.895318] ? check_preemption_disabled+0x48/0x280 [ 837.900349] ? debug_smp_processor_id+0x1c/0x20 [ 837.905031] ? perf_trace_lock_acquire+0x15b/0x800 [ 837.909982] ? perf_trace_lock+0x7a0/0x7a0 [ 837.914233] ? find_held_lock+0x36/0x1c0 [ 837.918312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.923863] ? _parse_integer+0x134/0x180 [ 837.927889] binder: 32006:32007 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 837.928032] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.928051] ? _kstrtoull+0x188/0x250 [ 837.928069] ? _parse_integer+0x180/0x180 [ 837.928089] ? zap_class+0x640/0x640 [ 837.936426] binder: 32006:32007 got reply transaction with no transaction stack [ 837.941673] ? lock_release+0xa10/0xa10 [ 837.941696] ? find_held_lock+0x36/0x1c0 [ 837.941717] ? zap_class+0x640/0x640 [ 837.941738] ? get_pid_task+0xd6/0x1a0 [ 837.941756] ? lock_downgrade+0x900/0x900 [ 837.980580] ? check_preemption_disabled+0x48/0x280 08:44:21 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2010}}) 08:44:21 executing program 3: r0 = timerfd_create(0x0, 0x0) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x7, 0x20000) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 837.985620] ? find_held_lock+0x36/0x1c0 [ 837.989758] ? __f_unlock_pos+0x19/0x20 [ 837.993749] ? lock_downgrade+0x900/0x900 [ 837.997917] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 838.003464] ? proc_fail_nth_write+0x9e/0x210 [ 838.007971] ? proc_cwd_link+0x1d0/0x1d0 [ 838.012054] ? find_held_lock+0x36/0x1c0 [ 838.016137] _do_fork+0x1cb/0x11c0 [ 838.019701] ? fork_idle+0x1d0/0x1d0 [ 838.023447] ? __lock_is_held+0xb5/0x140 [ 838.027535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.033086] ? check_preemption_disabled+0x48/0x280 [ 838.038125] ? __sb_end_write+0xd9/0x110 [ 838.042212] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 838.047769] ? fput+0x130/0x1a0 [ 838.051068] ? do_syscall_64+0x9a/0x820 [ 838.055058] ? do_syscall_64+0x9a/0x820 [ 838.059045] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 838.063643] ? trace_hardirqs_on+0xbd/0x310 [ 838.067980] ? __ia32_sys_read+0xb0/0xb0 [ 838.072077] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.077462] ? trace_hardirqs_off_caller+0x300/0x300 [ 838.082589] __x64_sys_clone+0xbf/0x150 [ 838.086595] do_syscall_64+0x1b9/0x820 [ 838.090502] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 838.095877] ? syscall_return_slowpath+0x5e0/0x5e0 [ 838.100795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.105632] ? trace_hardirqs_on_caller+0x310/0x310 [ 838.110637] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 838.115642] ? prepare_exit_to_usermode+0x291/0x3b0 [ 838.120656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.125496] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.130675] RIP: 0033:0x457569 [ 838.133870] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.152773] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 838.160481] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 838.167740] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 838.175011] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 08:44:21 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfIno', 0x3d, r0}}) 08:44:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 838.182283] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 838.189543] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 838.230644] binder: 32014:32016 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 838.246226] 9pnet: Insufficient options for proto=fd [ 838.259387] 9pnet: Insufficient options for proto=fd [ 838.262875] binder: 32014:32016 got reply transaction with no transaction stack [ 838.276120] binder: 32014:32016 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 838.284908] binder: 32014:32016 got reply transaction with no transaction stack 08:44:24 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) wait4(r0, &(0x7f00000000c0), 0x1000000, &(0x7f0000000240)) tkill(r0, 0x1004000000016) 08:44:24 executing program 3: r0 = timerfd_create(0x0, 0x0) getrlimit(0xf, &(0x7f0000000040)) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$alg(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="50e4881f9be381a3619d7580d5571c532bb84acd59f6cd6ec6ca8686992c5731b7de965c0c77bccf9797426cf582be75a42b39866b62cd3b81111ccf8b5f74d3adf55a833633bc0ed3c34ac5757c3eb273fb35ab8d25756aab11d9cbd0f1c7e8ee35827f9e05e3e28050c3fc51bf966eff145c1a29db8e8bc71c96563ff366d8d9bc70dff540761d1e16a2173b67233eda7e835ef4989bb304cd6932d9597704be4017d3dab727f7f7bcf62e05243396a02fbf4c376121312158edd5c6fed765e555b500d1218064659c94fdec325cdbe9eeef5292690cfa0d7d985437c462734613136c53640e4c319e033f660f6d85d8f48476dbbb4345cac553e9543c", 0xfe}], 0x1, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x3}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @iv={0x100, 0x117, 0x2, 0xe6, "f13b5ee337a42b1c21fcbe9ab9bafb88f22b2345dee79e960b3cfd163ff26f8bffea9a2e4dc28e7bbca288f036225d028a213902705c44a7acadbb1bdd7a21c341ac12f54becd9c7f4ca73d829ca2541065aa65bc168e9290ec96f0044d26bd6b42c83e2a954b5b377c2ba9df00908c6d2a4c41b3163f24c12361c903ec0711174f9d0ac2c9ff84be1c929cdba85a1e2244f5d5bce6568ebf6f79d2e2f77039aa913238ae292c46539990907857179d65d03d95c7a8e870f2847c844705ab10d75a97be93058bc9cd9e77d40ed71819f25c087c482d97a3f15cc28e8bb2d063cb401d58f2594"}, @assoc={0x18}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x7}], 0x190, 0x44000}, 0x8800) 08:44:24 executing program 5 (fault-call:1 fault-nth:45): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:24 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfuno', 0x3d, r0}}) 08:44:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:24 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x1020}}) [ 840.512495] FAULT_INJECTION: forcing a failure. [ 840.512495] name failslab, interval 1, probability 0, space 0, times 0 [ 840.518945] binder: 32026:32030 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 840.527975] 9pnet: Insufficient options for proto=fd [ 840.541683] CPU: 1 PID: 32029 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 840.550213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.559575] Call Trace: [ 840.562189] dump_stack+0x244/0x39d [ 840.562632] binder: 32026:32030 got reply transaction with no transaction stack [ 840.565843] ? dump_stack_print_info.cold.1+0x20/0x20 [ 840.565866] ? __kernel_text_address+0xd/0x40 [ 840.565895] should_fail.cold.4+0xa/0x17 [ 840.565920] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 840.565940] ? perf_trace_lock+0x7a0/0x7a0 [ 840.565968] ? save_stack+0xa9/0xd0 [ 840.577714] binder_transaction: 5 callbacks suppressed [ 840.577730] binder: 32026:32030 transaction failed 29201/-71, size 6-0 line 2741 [ 840.578603] ? kasan_kmalloc+0xc7/0xe0 [ 840.578618] ? kasan_slab_alloc+0x12/0x20 [ 840.578637] ? kmem_cache_alloc+0x12e/0x730 [ 840.589485] 9pnet: Insufficient options for proto=fd [ 840.592285] ? zap_class+0x640/0x640 [ 840.592302] ? _do_fork+0x1cb/0x11c0 [ 840.592320] ? do_syscall_64+0x1b9/0x820 [ 840.592338] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.592358] ? percpu_ref_put_many+0x11c/0x260 [ 840.600559] binder_release_work: 5 callbacks suppressed [ 840.600567] binder: undelivered TRANSACTION_ERROR: 29201 [ 840.605483] ? lock_downgrade+0x900/0x900 [ 840.605506] ? __lock_is_held+0xb5/0x140 [ 840.605528] ? lock_acquire+0x1ed/0x520 [ 840.605545] ? anon_vma_clone+0x1a9/0x710 [ 840.605568] ? lock_release+0xa10/0xa10 [ 840.682900] ? perf_trace_sched_process_exec+0x860/0x860 [ 840.688369] ? __lock_is_held+0xb5/0x140 [ 840.692453] __should_failslab+0x124/0x180 [ 840.696704] should_failslab+0x9/0x14 [ 840.700516] kmem_cache_alloc+0x47/0x730 [ 840.704582] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 840.710045] anon_vma_clone+0x140/0x710 [ 840.714034] ? unlink_anon_vmas+0xa60/0xa60 [ 840.718366] ? dup_userfaultfd+0x6d8/0x890 [ 840.722620] anon_vma_fork+0xf4/0x820 [ 840.726435] ? anon_vma_clone+0x710/0x710 [ 840.730589] ? vm_area_dup+0x1a8/0x230 [ 840.734479] ? vm_area_alloc+0x1d0/0x1d0 [ 840.738562] copy_process+0x47cc/0x8770 [ 840.742576] ? __cleanup_sighand+0x70/0x70 [ 840.746825] ? perf_trace_lock_acquire+0x15b/0x800 [ 840.751767] ? print_usage_bug+0xc0/0xc0 [ 840.755842] ? ima_match_policy+0x848/0x1560 [ 840.760258] ? check_preemption_disabled+0x48/0x280 [ 840.765283] ? print_usage_bug+0xc0/0xc0 [ 840.769352] ? kasan_check_read+0x11/0x20 [ 840.773507] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 840.778794] ? __lock_acquire+0x62f/0x4c20 [ 840.783054] ? mark_held_locks+0x130/0x130 [ 840.787307] ? mark_held_locks+0x130/0x130 [ 840.791555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.797097] ? check_preemption_disabled+0x48/0x280 [ 840.802127] ? debug_smp_processor_id+0x1c/0x20 [ 840.806802] ? print_usage_bug+0xc0/0xc0 [ 840.810864] ? check_preemption_disabled+0x48/0x280 [ 840.815888] ? print_usage_bug+0xc0/0xc0 [ 840.819967] ? perf_trace_lock_acquire+0x15b/0x800 [ 840.824905] ? zap_class+0x640/0x640 [ 840.829133] ? __lock_acquire+0x62f/0x4c20 [ 840.833390] ? mark_held_locks+0x130/0x130 [ 840.837651] ? __lock_acquire+0x62f/0x4c20 [ 840.841890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.847438] ? check_preemption_disabled+0x48/0x280 [ 840.852464] ? dput.part.25+0x241/0x860 [ 840.856443] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.861986] ? check_preemption_disabled+0x48/0x280 [ 840.867013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.872562] ? mark_held_locks+0x130/0x130 [ 840.876821] ? zap_class+0x640/0x640 [ 840.880539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.886081] ? check_preemption_disabled+0x48/0x280 [ 840.891107] ? debug_smp_processor_id+0x1c/0x20 [ 840.895780] ? perf_trace_lock_acquire+0x15b/0x800 [ 840.900730] ? perf_trace_lock+0x7a0/0x7a0 [ 840.904971] ? find_held_lock+0x36/0x1c0 [ 840.909038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.914581] ? _parse_integer+0x134/0x180 [ 840.918743] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 840.924288] ? _kstrtoull+0x188/0x250 [ 840.928138] ? _parse_integer+0x180/0x180 [ 840.932294] ? zap_class+0x640/0x640 [ 840.936017] ? lock_release+0xa10/0xa10 [ 840.940003] ? find_held_lock+0x36/0x1c0 [ 840.944069] ? zap_class+0x640/0x640 [ 840.947793] ? get_pid_task+0xd6/0x1a0 [ 840.951689] ? lock_downgrade+0x900/0x900 [ 840.955843] ? check_preemption_disabled+0x48/0x280 [ 840.960874] ? find_held_lock+0x36/0x1c0 [ 840.964948] ? __f_unlock_pos+0x19/0x20 [ 840.968934] ? lock_downgrade+0x900/0x900 [ 840.973089] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 840.978631] ? proc_fail_nth_write+0x9e/0x210 [ 840.983134] ? proc_cwd_link+0x1d0/0x1d0 [ 840.987222] ? find_held_lock+0x36/0x1c0 [ 840.991294] _do_fork+0x1cb/0x11c0 [ 840.994848] ? fork_idle+0x1d0/0x1d0 [ 840.998574] ? __lock_is_held+0xb5/0x140 [ 841.002666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.008211] ? check_preemption_disabled+0x48/0x280 [ 841.013240] ? __sb_end_write+0xd9/0x110 [ 841.017310] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.022856] ? fput+0x130/0x1a0 [ 841.026146] ? do_syscall_64+0x9a/0x820 [ 841.030130] ? do_syscall_64+0x9a/0x820 [ 841.034108] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 841.038701] ? trace_hardirqs_on+0xbd/0x310 [ 841.043024] ? __ia32_sys_read+0xb0/0xb0 [ 841.047092] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.052463] ? trace_hardirqs_off_caller+0x300/0x300 [ 841.057582] __x64_sys_clone+0xbf/0x150 [ 841.061569] do_syscall_64+0x1b9/0x820 [ 841.065464] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 841.070838] ? syscall_return_slowpath+0x5e0/0x5e0 [ 841.075772] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.080624] ? trace_hardirqs_on_caller+0x310/0x310 [ 841.085650] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 841.090673] ? prepare_exit_to_usermode+0x291/0x3b0 [ 841.095699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.100557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.105747] RIP: 0033:0x457569 [ 841.108945] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.127862] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 841.135577] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 841.142850] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 841.150123] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 841.157406] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:44:24 executing program 3: r0 = socket$vsock_dgram(0x28, 0x2, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000140), &(0x7f0000000180)=0x8) r1 = timerfd_create(0x0, 0x0) r2 = dup(r1) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000040)=0xa, 0x4) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000100)) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f00000000c0)=0x4, 0x4) 08:44:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:24 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfwno', 0x3d, r0}}) [ 841.164685] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:24 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) r3 = geteuid() getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000200)={{{@in=@multicast2, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000000340)=0xe8) mount$9p_rdma(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x400, &(0x7f0000000380)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x3}}], [{@euid_lt={'euid<', r2}}, {@dont_hash='dont_hash'}, {@fowner_gt={'fowner>', r3}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@euid_lt={'euid<', r4}}, {@dont_appraise='dont_appraise'}]}}) 08:44:24 executing program 5 (fault-call:1 fault-nth:46): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 841.262980] binder: 32043:32045 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 841.271266] 9pnet: Insufficient options for proto=fd [ 841.279324] 9pnet: Insufficient options for proto=fd [ 841.293932] binder: 32043:32045 got reply transaction with no transaction stack 08:44:25 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000000c0)={0x53, 0xfffffffffffffffe, 0x80000000, {0x81, 0x4}, {0xfff, 0x100000001}, @const={0x80000000, {0x1000, 0x8, 0x7, 0x3}}}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 841.305559] binder: 32043:32045 transaction failed 29201/-71, size -554050781184-0 line 2741 08:44:25 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfqno', 0x3d, r0}}) 08:44:25 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x900000000000000}}) 08:44:25 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000040)={0x7}) [ 841.350299] binder: undelivered TRANSACTION_ERROR: 29201 [ 841.376468] FAULT_INJECTION: forcing a failure. [ 841.376468] name failslab, interval 1, probability 0, space 0, times 0 [ 841.403835] CPU: 0 PID: 32053 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 841.412343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.421703] Call Trace: [ 841.424317] dump_stack+0x244/0x39d [ 841.427972] ? dump_stack_print_info.cold.1+0x20/0x20 [ 841.433182] ? __kernel_text_address+0xd/0x40 [ 841.437699] ? unwind_get_return_address+0x61/0xa0 [ 841.442650] should_fail.cold.4+0xa/0x17 [ 841.446737] ? fault_create_debugfs_attr+0x1f0/0x1f0 08:44:25 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfSno', 0x3d, r0}}) [ 841.451857] ? save_stack+0xa9/0xd0 [ 841.454753] 9pnet: Insufficient options for proto=fd [ 841.455501] ? kasan_kmalloc+0xc7/0xe0 [ 841.455515] ? kasan_slab_alloc+0x12/0x20 [ 841.455531] ? kmem_cache_alloc+0x12e/0x730 [ 841.455546] ? anon_vma_clone+0x140/0x710 [ 841.455560] ? anon_vma_fork+0xf4/0x820 [ 841.455579] ? copy_process+0x47cc/0x8770 [ 841.462939] 9pnet: Insufficient options for proto=fd [ 841.464569] ? _do_fork+0x1cb/0x11c0 [ 841.464588] ? do_syscall_64+0x1b9/0x820 [ 841.464604] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.464625] ? percpu_ref_put_many+0x11c/0x260 [ 841.510112] ? lock_downgrade+0x900/0x900 [ 841.514273] ? check_preemption_disabled+0x48/0x280 [ 841.519313] ? kasan_check_read+0x11/0x20 [ 841.519391] 9pnet: Insufficient options for proto=fd [ 841.523474] ? zap_class+0x640/0x640 [ 841.523494] ? rcu_softirq_qs+0x20/0x20 [ 841.523516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.523532] ? check_preemption_disabled+0x48/0x280 [ 841.523557] ? __lock_is_held+0xb5/0x140 08:44:25 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2010000000000000}}) [ 841.532992] 9pnet: Insufficient options for proto=fd [ 841.536349] __should_failslab+0x124/0x180 [ 841.536373] should_failslab+0x9/0x14 [ 841.536389] kmem_cache_alloc+0x47/0x730 [ 841.536420] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 841.536446] anon_vma_clone+0x140/0x710 [ 841.577684] ? unlink_anon_vmas+0xa60/0xa60 [ 841.582034] ? dup_userfaultfd+0x6d8/0x890 [ 841.586292] anon_vma_fork+0xf4/0x820 [ 841.590116] ? anon_vma_clone+0x710/0x710 [ 841.594277] ? vm_area_dup+0x1a8/0x230 [ 841.598182] ? vm_area_alloc+0x1d0/0x1d0 [ 841.602273] copy_process+0x47cc/0x8770 [ 841.606300] ? __cleanup_sighand+0x70/0x70 [ 841.610563] ? perf_trace_lock_acquire+0x15b/0x800 [ 841.615521] ? print_usage_bug+0xc0/0xc0 [ 841.619603] ? ima_match_policy+0x848/0x1560 [ 841.624033] ? check_preemption_disabled+0x48/0x280 [ 841.629067] ? print_usage_bug+0xc0/0xc0 [ 841.633137] ? kasan_check_read+0x11/0x20 [ 841.637277] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 841.642547] ? __lock_acquire+0x62f/0x4c20 [ 841.646780] ? mark_held_locks+0x130/0x130 [ 841.651014] ? mark_held_locks+0x130/0x130 [ 841.655256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.660807] ? check_preemption_disabled+0x48/0x280 [ 841.665830] ? debug_smp_processor_id+0x1c/0x20 [ 841.670486] ? print_usage_bug+0xc0/0xc0 [ 841.674543] ? check_preemption_disabled+0x48/0x280 [ 841.679568] ? print_usage_bug+0xc0/0xc0 [ 841.683628] ? perf_trace_lock_acquire+0x15b/0x800 [ 841.688551] ? zap_class+0x640/0x640 [ 841.692267] ? __lock_acquire+0x62f/0x4c20 [ 841.696519] ? mark_held_locks+0x130/0x130 [ 841.700747] ? __lock_acquire+0x62f/0x4c20 [ 841.704985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.710549] ? check_preemption_disabled+0x48/0x280 [ 841.715571] ? dput.part.25+0x241/0x860 [ 841.719553] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.725078] ? check_preemption_disabled+0x48/0x280 [ 841.730101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.735663] ? mark_held_locks+0x130/0x130 [ 841.739939] ? zap_class+0x640/0x640 [ 841.743662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.749210] ? check_preemption_disabled+0x48/0x280 [ 841.754219] ? debug_smp_processor_id+0x1c/0x20 [ 841.758878] ? perf_trace_lock_acquire+0x15b/0x800 [ 841.763803] ? perf_trace_lock+0x7a0/0x7a0 [ 841.768023] ? find_held_lock+0x36/0x1c0 [ 841.772083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.777622] ? _parse_integer+0x134/0x180 [ 841.781776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.787311] ? _kstrtoull+0x188/0x250 [ 841.791108] ? _parse_integer+0x180/0x180 [ 841.795264] ? zap_class+0x640/0x640 [ 841.798967] ? lock_release+0xa10/0xa10 [ 841.802946] ? find_held_lock+0x36/0x1c0 [ 841.807028] ? zap_class+0x640/0x640 [ 841.810760] ? get_pid_task+0xd6/0x1a0 [ 841.814645] ? lock_downgrade+0x900/0x900 [ 841.818784] ? check_preemption_disabled+0x48/0x280 [ 841.823817] ? find_held_lock+0x36/0x1c0 [ 841.827888] ? __f_unlock_pos+0x19/0x20 [ 841.831864] ? lock_downgrade+0x900/0x900 [ 841.836035] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.841581] ? proc_fail_nth_write+0x9e/0x210 [ 841.846065] ? proc_cwd_link+0x1d0/0x1d0 [ 841.850123] ? find_held_lock+0x36/0x1c0 [ 841.854181] _do_fork+0x1cb/0x11c0 [ 841.857716] ? fork_idle+0x1d0/0x1d0 [ 841.861464] ? __lock_is_held+0xb5/0x140 [ 841.865532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.871058] ? check_preemption_disabled+0x48/0x280 [ 841.876085] ? __sb_end_write+0xd9/0x110 [ 841.880151] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.885686] ? fput+0x130/0x1a0 [ 841.888960] ? do_syscall_64+0x9a/0x820 [ 841.892932] ? do_syscall_64+0x9a/0x820 [ 841.896927] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 841.901502] ? trace_hardirqs_on+0xbd/0x310 [ 841.905814] ? __ia32_sys_read+0xb0/0xb0 [ 841.909870] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.915223] ? trace_hardirqs_off_caller+0x300/0x300 [ 841.920317] __x64_sys_clone+0xbf/0x150 [ 841.924284] do_syscall_64+0x1b9/0x820 [ 841.928159] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 841.933516] ? syscall_return_slowpath+0x5e0/0x5e0 [ 841.938435] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.943290] ? trace_hardirqs_on_caller+0x310/0x310 [ 841.948311] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 841.953326] ? prepare_exit_to_usermode+0x291/0x3b0 [ 841.958347] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.963185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.968363] RIP: 0033:0x457569 [ 841.971547] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.990445] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 841.998160] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 08:44:25 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x4883, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000340)={{0x1f000, 0x4, 0xc, 0x0, 0x9a6, 0x7fffffff, 0x9, 0x6, 0xffffffffffff3f9a, 0xffffffffffffffc1, 0xfffffffffffff000, 0x80000001}, {0x4000, 0x2000, 0x4, 0x6, 0xfffffffffffffffa, 0x0, 0x4, 0x1000, 0x4, 0x6, 0x6, 0x7ff}, {0x5000, 0x2000, 0xd, 0x81, 0x0, 0x9, 0x8001, 0x3, 0x8, 0x100000000, 0x200, 0x9}, {0x10000, 0x5000, 0x8, 0x9, 0x6, 0x539, 0x530, 0x6e, 0x2, 0x9, 0x3, 0x9}, {0xf002, 0x1002, 0x0, 0x0, 0x24, 0x5, 0x9, 0x1ff, 0x8000, 0x7fff, 0x9}, {0x100004, 0xd000, 0x9, 0x355, 0x9, 0x1, 0x8, 0x4, 0xbe4, 0x80000000, 0x8a87, 0x80000001}, {0x0, 0x2, 0x9, 0x2, 0x6, 0x6, 0x1, 0x1, 0x5, 0x1, 0xffffffffffffff05, 0x8}, {0x2000, 0x111000, 0xc, 0x922f, 0x10001, 0xffffffffffffffff, 0xf2a, 0x8, 0x80000000, 0x6, 0xd, 0x7ff}, {0x10000, 0x1f000}, {0x11002, 0x10f000}, 0x10, 0x0, 0x10002, 0x10008, 0x4, 0x4900, 0x1, [0x1, 0x7, 0xb21, 0x10001]}) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 842.005428] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 842.012690] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 842.019948] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 842.027204] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:25 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x100, 0x0) r1 = gettid() perf_event_open(&(0x7f00000001c0)={0x7, 0x70, 0x8000, 0x9, 0x8001, 0xffffffffffffffc6, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, 0x1, 0xfffffffffffffffd, 0x4, 0x3f, 0x7, 0x0, 0x4b29ca72, 0x100, 0x6, 0x50, 0x100000001, 0x7fff, 0x100000000, 0x7, 0x80000000, 0x9c44, 0x3, 0x401, 0x3, 0x3, 0x9, 0x0, 0x5, 0xffffffff, 0xca5, 0x120a, 0x0, 0x500000, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0x600, 0x9, 0x10001, 0x3, 0x800, 0x9, 0x3ff}, r1, 0x2, r0, 0x3) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[], 0x1, 0x3cb, 0x7fff, 0x8, 0x5, r1}) r2 = timerfd_create(0x0, 0x0) r3 = add_key(&(0x7f00000005c0)='syzkaller\x00', &(0x7f0000000600)={'syz', 0x0}, &(0x7f0000000640)="906f531cae7b345cd55cb95eab8067a5f45870c6ea81de9b3a684300e710886310242d67538c14b75d6e94dd0bffc906fa80b32b845357ef64100c2b1116233c6297a8242d85c588dc9c8f616d991fa10f4cc4d497df043607fb532e8add357a3d400c4fa489daff129fc49b6eb31c9bc81375fcbae0941ef7afaf986ea90b4262cdf5", 0x83, 0xfffffffffffffffd) add_key$user(&(0x7f0000000440)='user\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f00000004c0)="2c6cd3bd9d98649ae26a836de0edc4da87f2a05cb094e0b4af0ff68673221ea111cec69d2e7d7bb26acd8dcd56ca16b7e0a8c10077d5151fb1cadb7795e443eb3e7b2d5dd41f4974249681f7e265f06004bf720b73e44b7efe3deb9ca7eb59f4fb3af141bb6fbf5de40a6bf254607336ff42d67500cb6d9f8247d15c2b0c0a402d13788e800f779f328c78818fa410edbf974dac51b83433d565a1f64e820e089a2fabf4621d1389356b77f0b109ad0f0f7c397dc2785000d52786361b0e8cd97d5ec8d329019d35ce24159f46a6c2b2bcf3795b924ffc0b8b20d5f07449503748c54b17d926df84417e3df3ff468770d783b572beb2d3087be91014", 0xfc, r3) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20300000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0xbc, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd5f}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x32d2d9fb8c1422ea}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80000000}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80000000}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20004050}, 0x4040040) r5 = dup(r2) fcntl$setsig(r2, 0xa, 0x38) timerfd_settime(r5, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r5, 0x40085400, &(0x7f0000000240)={0x7, 0x800000000000000, 0x6, 0x0, 0xe, 0x3}) write$FUSE_LSEEK(r5, &(0x7f0000000040)={0x18, 0x0, 0x6, {0x100000001}}, 0x18) 08:44:25 executing program 5 (fault-call:1 fault-nth:47): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 842.074049] binder: 32075:32078 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 842.082699] binder: 32075:32078 got reply transaction with no transaction stack [ 842.091194] binder: 32075:32078 transaction failed 29201/-71, size 72057594037927936-0 line 2741 [ 842.112902] binder: undelivered TRANSACTION_ERROR: 29201 08:44:25 executing program 3: r0 = timerfd_create(0xffffffffffffffff, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 842.185944] binder: 32084:32086 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 842.194071] binder: 32084:32086 got reply transaction with no transaction stack [ 842.215091] FAULT_INJECTION: forcing a failure. [ 842.215091] name failslab, interval 1, probability 0, space 0, times 0 [ 842.226764] CPU: 1 PID: 32089 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 842.235265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.244622] Call Trace: [ 842.246139] binder: 32084:32086 transaction failed 29201/-71, size 1610612736-0 line 2741 [ 842.247232] dump_stack+0x244/0x39d [ 842.259160] ? dump_stack_print_info.cold.1+0x20/0x20 [ 842.264395] should_fail.cold.4+0xa/0x17 [ 842.268487] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 842.273610] ? find_held_lock+0x36/0x1c0 [ 842.277695] ? zap_class+0x640/0x640 [ 842.281437] ? lock_downgrade+0x900/0x900 08:44:25 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000008e40)="550f48a523cd11c4fd19c7e332c351af19735fb3bdccecd18c49b3914c7b71902c47f9baa6d62a7a4c806e65d6b0be38528fcb025abb9373ae74617cc646a5672af916c60fa31590f142046764ab787115aabc7b414272909822a1862e7238f79fa294aec8590ac334417b7297200c0054579a7777fd0ca9928444e04219e73f7a842381f7fea3af0b2335c13310347ccf257f7053c7932a17232a93466fa380b0b0307e923d2b54f4e4fdd65a3de27264c0e570763e3edcd9ae1db800e9c0234ffb9b5a7268c0753f683b754e9b5587d99e8f2b8fb9dcc20e0ca738f7d3307b69e789e30e1cc54213ed4759317e8c47d9679d65dbc0e63a71cd998512b78fad926c9c233481e945567830cae6b879c3425a8ccaa4f25c1b36decf48d2dd4fa7414d9dd54efa327a76409548a279d4e4abf27878db523b1ed46fce221a3297253fb612451d82f99c428a12177e4329f6fefc1468edc48b00f5b2696124d2b09cf33d3805cc4fab39b3ba1c004a436b231bfd8e0b2ec13ee53d41a765464e95ff90ee6e5622db221dfaea1d23321d2f29f7d2ffe98b8927dfb8f2d4b5b551cdefd43a5997d1cd3b7a6907a8789eb849bd38c2e8281cbb51ccc01ab74a4b7b8d0406e0e5b5f3439b48e37ae3e7fbb68a4634312eff8f6e5748e2ed264eeeead65c0f9942bd5010c5bd89d55c6a1e9491f1286de73465d850c7547ae5a826834b74dcc64f693758e4b782e354d401e19417439cee804f907206a2516d688fe69ce1c4cbaf0a21ca472341b64b5e462051ae25d41ffd1a0e4c384dc2b7939aa61e89e914b4b6831cd4918677e3541f93d996676cfa1902b6e72aa557ed20a603757e0547a23835ff88891abd969c257681c90f52f0f6d1b9213783664c687bbcd4976a14b734e1583c8a66aca77e160587e88f5bf0c912b64fd0925b67e46ad7855a230d980f8da01a1821bc5939602ec3e39a90b59bda445ed49d0a8ed7ead7afe85fcc71b181267f860d3b8d4e6b577be15ca1575cb3ffec2dcc275a2600e2f504cb58b326fd331d636c17ae5a5e2366a5818f099684e43bdde0b368a3dac11541a259ec7971902c44ac52503fe609f6af34c237c5a77535bd65a09c54bdc205e312dff761e80f06b16eddc6bb04e56e758054f63fc3fd8d562fe8ee4232779bba96afb82d19e0515f25941be81126eef8f1867a8f766a57455f20fcf50baf416b0303902f9aecfc3ea2d621d4d91fc7b8d89111462a921bbf67e9056979751dc317ad273ff10433987718afeee250a07f89e38d93871d7610f934cfc1b0ad2ac79fa2a10d4c0b53915aa473e52793cd8357387686d318a10fcb8b1e7d0b11cab620d39582ea857e118eb90ad81a55facbe5edd79f73bf0cbcc8b5a1d49d00570bcfcbf77a38d61de718e94b8d44300cecd7ca423eaf2512d65540cc64ac2c133ae0db26db64c05fa4e4892b075b237f4d048b810835c35ded5f639c9cba740dfc901a772a0842be18374987970b47083a1541de87cf4058e89e952cb5a5db417d0fc212474f88bb162b8c530dd7c469c4287ee31d0669a8a6d90b3d416c5d9bcabf40f0b1e85a21d928b3f4fed79fc68408f183dfc00df29f900f3fb0bb75008c83889b331171b55c75b3484c89cb24439836aa424e3d3d805a2eac4a9500da8a943d9911af5baefd88dc88ee558944913399bca3c43435f8e848c419e99d11d3caf970ab865ca2bbcc622744f48ddada0910ca673b0cbc0178da228695eeed64df9d22b9f8af4a72686f34b7d925e8e766bf95093087a6af427fcdb564c98b2ffa6fd9cfdfc93e3493af7a2d926f10aeca95760020c294fcaf726016df0b0cde1a753c032eb4496a29edb208f436556a9de7772a2af5708a40926f887a004cd393c868dcbaeda4c4004df08bd80b81c30c1859972c8b659bca942f2dcfed050b1e14f754ae33ae54f82a4b244a620dcf8cf60698271d188779c408b2c0dd83d963ff536ceec6be617d57cb449629eb80e17ac75f319ec7e54564f67bc32585baf25064c4229f9d62157617bd7083f9cb100ecd0f7b06a10e1d84d2949d96f54795c3c95790c072d7cf091c9d38b155ea65dc409a3ea11b09a5d2cba1b91150f2883150bb6c6ea4341a27c904d7356d77486d30aad66fc044a73731e46504ec878907cde11484180154b565f548324de26870f6ade881d909bfb22c853e5d263081601761869ed323b5ba4b7b6cd9d6f1ccf115afc33b711120cac250084c4125369561af0047dc89748b1fb4b886ec249ed6071801cdc3fa05ccb19cb8eb45619f33f3bd588b304925f69c8b504e3b0996a01c2d170b200eb795c70698585f9de904200fdbe53650d1015c13fac818981b428622ad47ae5df6a90c711fd8a6fa43f3c117e7ecb5f2729872cd3f2ce9ad38d66e6a2eca46776d53b8841b0b4eb80c01c0b56a9de0c9c11282aa33631bfd3918a28964825f03e70ebad713393ed8730110520bf4fe91bcee1e546cdd54e92833739ef8a9effe63c6715e05b2bf01b5e17ee005856c48213026876ea996202146ab9215497d014a18ce4f925a0618dcd81c7c098a3ca66ce7f6211319382f414bc8536d439f4cfed740e0695a3eb68fefab0d5e0daed98154829c75f133a8e4cb9f9237a7f71f084241847d44b6e79377a5e6e23f0257a980fa440cc89910f616341380ec87dfbc850d7b965d2d557fd2a34be2617649fb6a9dbc3ceec3fd84602f4b054b7077e34189d613469bab60831f4110510cafaae635e57da09bb3139d8aeda24d887f87a2c541bb453808c1302b1d9ddd1e3ea2b97703e728dbdaae1299e7d383245a8ecac44288b63d7ffd8c85914f23e4dc5ab3535101ffba1f533a6042f0d3da43f5b269e17af29847398cf7953e950c04757b84e2e2fe7dd01082f0fae6a79389ccf3c4c31d64f12be4ea9d3b5288214c0b67b60700e8456cf51c725a1e2594e2783789b032630bc060910634c11277b973c7dc1815d7d18624bf99817d1f515511b239e7a06279bdb0b2acb3164fa94bd46e388ab7cb261e588a258e67bb49c109d60538a132f91b710e78bab154103c99070079556d4ef9479482678653729714bdbaa6087d13f992e6103093e1d5e40203f5425d006a3981679b200fd34c117b5c83edd1c3013be6075be379d296ad76232d1690f64ecea8de5d4328beebd6d469bf105c46c6c5dfcf2174cd0ad3f55bebddbe0ba04f58c184af32d9fe81db8667247229a7fafe121452482fa6c64cdb6780a90e64a0d11da8f7265f840c7a572dff9fee30b68ad1d0375b97c770549c4f9ef82739622a44877401beb28b095bc53fca413ec1b86d066e7e4f1cb650d1978cf58e874d34f3d430ffdeb111db7fe526e1cad5d98668a39f9f07e96772863739a89036829b035b44c1fd9451f464a3bdcae4bee402f674062e18a462b5a9fff71952d9623a663961e6fd51a00e14dae76ad49424dde8f2a2e174352df3eb965a2f983c25f8c5327947d88a01de274487738613e8feb1274e7e60112af59176a08fb56ad3f8511a1adbd000b25233839fc473bd4bcea14b2940a49f08e7407126fbfe1f444b260e1a26c03d81b736e5c2f105a74bafdce0c5bf84e5ad2cc2bb4ca113c45b0d9c9d02f595b7264deea1a93bee466c610149c595037ec2af33cf30e7c8ca0b659d6bb70bdebc21ff1f609226af64b85fb7c919c425a28fe5bcae1640c9fc5d14f3ce485f522960ac033a7906e826ce87c1eb696e95eab5865604c809df48a6e909589d86469a7334664afa570c81626786a19797491fe05c5b1aabbdb32a2ad91f69cf2454ad87dbed32b02a7c5d9ac3cc6d6e23f8750a14d6f0f3fd41a61a489d81741f00c68a3ea6257efa9211fad5aa71e5909782d6d54c5fce3f3ead314088d7b6b53aaad333cc97af42c2ae864507c9d5cc2fe03d4c5934fdf432c2b7936323b2b09317361ca5fb182e781219d631373ead08952284ba2c271ff16fe1cd177801d593d0f7298845a91d6415ff4214f7817bc82b649c701cb83a323d1514405f8cee53ee559718f2e08d2d8e90ea34bedf8415b2b17debfc1e9dc6febd7ae466fcf2c3a67d154de1213fe8c3fb70294516770518753c1383e4876a88f7ec2fb911c9f2a2640db456a3b73996d278ba41b4344eb7ef0f83054322906faca6eefaa35649d4283c229be4edfc74e297df8de81e410afd587279283eb1ca928e97fc6d4dd409508afafdd1bdd31a2d82eb3d217b0967391175e0cd0e3115acfe31ef33e324e8763a79092ab3fd23af28b58f06cf5a9c607c33c4b1011c24e9ed7e68afd21ed0ef5227419ed18856a09f86050427e5c00b22b3ff2bb06b9e0adf08ab7e1738097349c8419fae33da6e92f565f662e6bec689a029d55e88380e515d2fd2517c7a7e98200fe12bf87e0bb660699f318e5bd595083eeddfad71d9b7f84fe5a0c29669e862aded244412ae995aaa2580d771d23fd19a82350443d0970e2b3bab2e2b6664debdbfd3ced7eaf935f54e1448b55198dde53d6c8144fb70e3714c92f070b70e6f152cf38749cf637007bfc8f9d9bae4ea39dbaeea5a89d66528ec3a47a2b60193eb7f10657f515379006a02378a8fa78ec206b106790436db88c367167c9ba05b7038da90947c339fc9867c020544d25525c7dddd27fdce9284b45a7ce1774daee3ee2d5fb6e7b65aed8ca84729e4c5421a3ee078a39e3d21fa2504ed70ffb24731f9bdc16574b550ee3c16990edfc0a89681de5b651af76aab1a300dbaf292214f6c970d0e7d151a32fc0231b9c7d8cc1d0413eeaf116ed913193348c4787a91216d66f1c7480bee37fdee35e41a23158acddf9425e0c5115c7fb950cf9b5b857bb8e74a0486e58e8fa703d793c8d68196f8f110e3eb2a58c2e3a2039d4c698abd726bfa112f302ec3f66244a2eda20a8eb3f3f144c3b3ca6dfa826f77ef08c50c78c471e5cbb21c7b9ff253bddeca857773ea985d6c800c8bca5ca49c9843fe32794047d9f2be778fbd111e058b1fa59f93c9493d3b6b2d4320d0512b41666d3a12c452bfbedd5c7aa3f6657939eac6d7229ff8f1447fb3c73a61b198b4dec314d811fba5268a7a42762f6b2781759215402bd26e64a6a483d260fe0f4959c9d2497e010b8dcf86707a74cd6d362557d25088bcf7fbfc7eca041ad3200bee196aef8d6a8e4f9774dd3afef354e72b79bcd1d805fca651b76d4e36f8a92de265b43800b902b8d62a07bf667717583b855ada40205955e31461e0247d552ce8e662c2f0701c994c93f8f371fed93355a8789c1fddd4c827801463b9f8ae8b504ff8b2f705a0dd1e5df0edd2f342b7c0a248417d08427cd9de5727ce1eb922bd88444a41c18257a2755ba01211f53475283c9efb844349d530c422ae82d513fb34d1921a1218a1ab72ed0b19a90c0f2ca048e8fc1edb96240549b5eb981b7bccd546e7881f4945be7f1dc972eb414042a1c9c5de8bffdb02123eaa8cab07c7dde6caefd1bf4ea104702b00d56643e19f7e91b026a5fed91f543acaf65644bbe5094500b03fa3ad56ea0b724c43b7e64e08574b673009cc71929ae2286ff3062f5d7379933e79b1f640f383e845d869d579e6939366d4fa22814538cc2069aa7a8af1f1e74f9e6e7015116412dd452ef806eb76b0a0818b735fad2b3c367653c47616de8de625e0b75f7d03999d13d2a0da1dd8471de665ef7adca93ea18e9d3c3b5a308c818e280a69855afe62e690a35380365b24acacaf6459fda3b05e5fbe329ba7990db37378") r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x40, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008ac0)=[{{&(0x7f00000000c0)=@generic, 0x80, &(0x7f0000001340)=[{&(0x7f0000000140)=""/185, 0xb9}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000000200)=""/50, 0x32}, {&(0x7f0000000240)=""/136, 0x88}], 0x4, &(0x7f0000001380)=""/188, 0xbc, 0x641c2764}, 0x5}, {{&(0x7f0000001440)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f00000047c0)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/49, 0x31}, {&(0x7f0000002500)=""/236, 0xec}, {&(0x7f0000002600)=""/246, 0xf6}, {&(0x7f0000002700)=""/44, 0x2c}, {&(0x7f0000002740)=""/71, 0x47}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/4096, 0x1000}], 0x8, &(0x7f0000004840)=""/129, 0x81, 0x54c6c17c}, 0x81}, {{&(0x7f0000004900)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000006e80)=[{&(0x7f0000004980)=""/180, 0xb4}, {&(0x7f0000004a40)=""/4096, 0x1000}, {&(0x7f0000005a40)=""/114, 0x72}, {&(0x7f0000005ac0)=""/49, 0x31}, {&(0x7f0000005b00)=""/172, 0xac}, {&(0x7f0000005bc0)=""/89, 0x59}, {&(0x7f0000005c40)=""/179, 0xb3}, {&(0x7f0000005d00)=""/231, 0xe7}, {&(0x7f0000005e00)=""/99, 0x63}, {&(0x7f0000005e80)=""/4096, 0x1000}], 0xa, &(0x7f0000006f40)=""/206, 0xce, 0x97f}, 0x20}, {{&(0x7f0000007040)=@ax25, 0x80, &(0x7f0000007100)=[{&(0x7f00000070c0)=""/39, 0x27}], 0x1, 0x0, 0x0, 0x7ff}, 0x9}, {{0x0, 0x0, &(0x7f00000074c0)=[{&(0x7f0000007140)=""/236, 0xec}, {&(0x7f0000007240)=""/249, 0xf9}, {&(0x7f0000007340)=""/122, 0x7a}, {&(0x7f00000073c0)=""/233, 0xe9}], 0x4, &(0x7f0000007500)=""/243, 0xf3, 0x1ff}, 0xffff}, {{&(0x7f0000007600)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000008a00)=[{&(0x7f0000007680)=""/9, 0x9}, {&(0x7f00000076c0)=""/59, 0x3b}, {&(0x7f0000007700)=""/177, 0xb1}, {&(0x7f00000077c0)=""/29, 0x1d}, {&(0x7f0000007800)=""/87, 0x57}, {&(0x7f0000007880)=""/23, 0x17}, {&(0x7f00000078c0)=""/4096, 0x1000}, {&(0x7f00000088c0)=""/239, 0xef}, {&(0x7f00000089c0)=""/11, 0xb}], 0x9, 0x0, 0x0, 0x2}, 0x4}], 0x6, 0x2, &(0x7f0000008c40)) sendmsg$can_bcm(r2, &(0x7f0000008d80)={&(0x7f0000008c80)={0x1d, r3}, 0x10, &(0x7f0000008d40)={&(0x7f0000008cc0)=ANY=[@ANYBLOB="01000000800000000500000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x7530, @ANYBLOB="0200002001000000000000e002010100000000000000f11d"], 0x48}, 0x1, 0x0, 0x0, 0x44040}, 0x4004) r4 = dup(r0) timerfd_settime(r4, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$ION_IOC_HEAP_QUERY(r4, 0xc0184908, &(0x7f0000008e00)={0x34, 0x0, &(0x7f0000008dc0)}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:26 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r1, 0x0, 0x1, &(0x7f0000000140)='\x00', 0xffffffffffffffff}, 0x30) perf_event_open(&(0x7f00000000c0)={0x3, 0x70, 0x3, 0xf5e, 0xa5c, 0x0, 0x0, 0x1, 0x1, 0x8, 0x100, 0xfffffffffffffffc, 0x1f, 0x431, 0x100000000, 0x5, 0x0, 0x8, 0xb0, 0x8, 0x7, 0xb36, 0xd04a, 0x8, 0xa15, 0x5, 0x1000000000000, 0x100, 0x7, 0xf9, 0xfffffffffffffff8, 0x2, 0x0, 0xa44, 0x8, 0x7f, 0x8000, 0x2, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000040), 0x4}, 0x42, 0xff, 0x4, 0x7, 0x7ff, 0xb786}, r2, 0x5, 0xffffffffffffff9c, 0xb) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f00000001c0)={0xffffffffffff8000, 0x3f, 0x8, 0x4, 0x7, 0xffff}) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 842.285601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.291150] ? check_preemption_disabled+0x48/0x280 [ 842.296197] ? find_held_lock+0x36/0x1c0 [ 842.299267] binder: 32084:32086 transaction failed 29201/-71, size 1610612736-0 line 2741 [ 842.300274] ? __lock_is_held+0xb5/0x140 [ 842.312662] ? perf_trace_sched_process_exec+0x860/0x860 [ 842.318148] __should_failslab+0x124/0x180 [ 842.320644] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.322414] should_failslab+0x9/0x14 [ 842.331657] kmem_cache_alloc+0x2be/0x730 [ 842.335503] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.335819] ? dup_userfaultfd+0x6d8/0x890 [ 842.345492] anon_vma_fork+0x196/0x820 [ 842.349407] ? anon_vma_clone+0x710/0x710 [ 842.353568] ? vm_area_dup+0x1a8/0x230 [ 842.357473] ? vm_area_alloc+0x1d0/0x1d0 [ 842.361567] copy_process+0x47cc/0x8770 [ 842.365623] ? __cleanup_sighand+0x70/0x70 [ 842.369881] ? perf_trace_lock_acquire+0x15b/0x800 [ 842.374833] ? print_usage_bug+0xc0/0xc0 [ 842.378927] ? ima_match_policy+0x848/0x1560 [ 842.383360] ? check_preemption_disabled+0x48/0x280 [ 842.388395] ? print_usage_bug+0xc0/0xc0 [ 842.392454] ? kasan_check_read+0x11/0x20 [ 842.396594] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 842.401878] ? __lock_acquire+0x62f/0x4c20 [ 842.406112] ? mark_held_locks+0x130/0x130 [ 842.410346] ? mark_held_locks+0x130/0x130 [ 842.414569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.420095] ? check_preemption_disabled+0x48/0x280 [ 842.425113] ? debug_smp_processor_id+0x1c/0x20 [ 842.429788] ? print_usage_bug+0xc0/0xc0 [ 842.433835] ? check_preemption_disabled+0x48/0x280 [ 842.438838] ? print_usage_bug+0xc0/0xc0 [ 842.442912] ? perf_trace_lock_acquire+0x15b/0x800 [ 842.447828] ? zap_class+0x640/0x640 [ 842.451540] ? __lock_acquire+0x62f/0x4c20 [ 842.455768] ? mark_held_locks+0x130/0x130 [ 842.459995] ? __lock_acquire+0x62f/0x4c20 [ 842.464215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.469740] ? check_preemption_disabled+0x48/0x280 [ 842.474767] ? dput.part.25+0x241/0x860 [ 842.478732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.484273] ? check_preemption_disabled+0x48/0x280 [ 842.489279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.494808] ? mark_held_locks+0x130/0x130 [ 842.499038] ? zap_class+0x640/0x640 [ 842.502741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.508266] ? check_preemption_disabled+0x48/0x280 [ 842.513273] ? debug_smp_processor_id+0x1c/0x20 [ 842.517930] ? perf_trace_lock_acquire+0x15b/0x800 [ 842.522868] ? perf_trace_lock+0x7a0/0x7a0 [ 842.527091] ? find_held_lock+0x36/0x1c0 [ 842.531142] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.536675] ? _parse_integer+0x134/0x180 [ 842.540820] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 842.546362] ? _kstrtoull+0x188/0x250 [ 842.550154] ? _parse_integer+0x180/0x180 [ 842.554294] ? zap_class+0x640/0x640 [ 842.557996] ? lock_release+0xa10/0xa10 [ 842.561960] ? find_held_lock+0x36/0x1c0 [ 842.566012] ? zap_class+0x640/0x640 [ 842.569734] ? get_pid_task+0xd6/0x1a0 [ 842.573609] ? lock_downgrade+0x900/0x900 [ 842.577743] ? check_preemption_disabled+0x48/0x280 [ 842.582767] ? find_held_lock+0x36/0x1c0 [ 842.586837] ? __f_unlock_pos+0x19/0x20 [ 842.590803] ? lock_downgrade+0x900/0x900 [ 842.594944] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 842.600470] ? proc_fail_nth_write+0x9e/0x210 [ 842.604949] ? proc_cwd_link+0x1d0/0x1d0 [ 842.609000] ? find_held_lock+0x36/0x1c0 [ 842.613056] _do_fork+0x1cb/0x11c0 [ 842.616604] ? fork_idle+0x1d0/0x1d0 [ 842.620309] ? __lock_is_held+0xb5/0x140 [ 842.624374] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.629903] ? check_preemption_disabled+0x48/0x280 [ 842.634912] ? __sb_end_write+0xd9/0x110 [ 842.638966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 842.644488] ? fput+0x130/0x1a0 [ 842.647757] ? do_syscall_64+0x9a/0x820 [ 842.651718] ? do_syscall_64+0x9a/0x820 [ 842.655684] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 842.660255] ? trace_hardirqs_on+0xbd/0x310 [ 842.664561] ? __ia32_sys_read+0xb0/0xb0 [ 842.668610] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.673963] ? trace_hardirqs_off_caller+0x300/0x300 [ 842.679059] __x64_sys_clone+0xbf/0x150 [ 842.683024] do_syscall_64+0x1b9/0x820 [ 842.686896] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 842.692246] ? syscall_return_slowpath+0x5e0/0x5e0 [ 842.697190] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 842.702023] ? trace_hardirqs_on_caller+0x310/0x310 [ 842.707030] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 842.712035] ? prepare_exit_to_usermode+0x291/0x3b0 [ 842.717043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 842.721891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.727067] RIP: 0033:0x457569 [ 842.730246] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 842.749132] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 842.756824] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 842.764080] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 842.771337] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 842.778594] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:44:26 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x10000000}}) 08:44:26 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) setsockopt$llc_int(r1, 0x10c, 0x3, &(0x7f0000000280)=0x5, 0x4) sysfs$1(0x1, &(0x7f0000000040)='queue0\x00') ioctl(r2, 0xeba0000000, &(0x7f0000000340)="957d32e77c9ae5ef83fcb18a2c6e060444e0f15b8495114e0618a3c5692df164c5d640526e87ee7ceaaf9eafed9299aa8d0deac2022b4922ac2442c47aeb163f1ace4216c4bc430394f27c1e1abf9a2cce3a3d74e60c63a41d705d6b2f2986ba588b4131eca04df8239b910b398cedf956a6daea64af537d367872053cea76d62628ac7c844bc7f76d7c595473ed207c") r3 = getpgid(0xffffffffffffffff) move_pages(r3, 0x9, &(0x7f0000000180)=[&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil], &(0x7f0000000200)=[0x1, 0x20], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f00000000c0)={0x4, 0x7, 0x101, 'queue0\x00', 0x3ff}) 08:44:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 842.785865] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:26 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x1020}}) 08:44:26 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x40000, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x96, "b5c60d43435c79d5d9337fed25363a2a11caad6889e6fcacd0cd246dd6c86dd463549a6f3fb8cade2050b5196259e753ee2d5f4d52bf19f1f37f06853dbee32ea3617e5509e2be8134b2c390576b12f17bd4931f28a62a1b8788f465e7cc1df008834d3d28e9107c363f30ad07a58e3f8af69bd5f2f24b6cf82711a45f5752b429489fb25890d75e2dcd472a834e41c727fdd4b87acb"}, &(0x7f0000000100)=0x9e) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000001c0)={r4, 0x401, 0x3, [0x2, 0x5, 0x2]}, &(0x7f0000000340)=0xe) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:26 executing program 5 (fault-call:1 fault-nth:48): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 842.848143] binder_thread_write: 1 callbacks suppressed [ 842.848153] binder: 32102:32105 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 842.866423] binder_transaction: 1 callbacks suppressed [ 842.866434] binder: 32102:32105 got reply transaction with no transaction stack [ 842.880044] binder: 32102:32105 transaction failed 29201/-71, size 4261281791-0 line 2741 [ 842.936681] FAULT_INJECTION: forcing a failure. [ 842.936681] name failslab, interval 1, probability 0, space 0, times 0 [ 842.949877] CPU: 0 PID: 32112 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 842.955783] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.958385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.958394] Call Trace: [ 842.958432] dump_stack+0x244/0x39d [ 842.958461] ? dump_stack_print_info.cold.1+0x20/0x20 [ 842.958499] should_fail.cold.4+0xa/0x17 [ 842.988737] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 842.993862] ? save_stack+0xa9/0xd0 [ 842.997513] ? kasan_kmalloc+0xc7/0xe0 [ 843.001419] ? kasan_slab_alloc+0x12/0x20 [ 843.005582] ? kmem_cache_alloc+0x12e/0x730 [ 843.009917] ? anon_vma_fork+0x196/0x820 [ 843.012765] binder: 32117:32118 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 843.013991] ? copy_process+0x47cc/0x8770 [ 843.014005] ? _do_fork+0x1cb/0x11c0 [ 843.014024] ? zap_class+0x640/0x640 [ 843.014053] ? find_held_lock+0x36/0x1c0 [ 843.014076] ? __lock_is_held+0xb5/0x140 [ 843.022804] binder: 32117:32118 got reply transaction with no transaction stack [ 843.026289] ? perf_trace_sched_process_exec+0x860/0x860 [ 843.026321] __should_failslab+0x124/0x180 [ 843.026343] should_failslab+0x9/0x14 [ 843.026359] kmem_cache_alloc+0x2be/0x730 [ 843.026388] ? dup_userfaultfd+0x6d8/0x890 [ 843.030334] binder: 32117:32118 transaction failed 29201/-71, size 27648-0 line 2741 [ 843.033813] ? anon_vma_fork+0x196/0x820 [ 843.033835] anon_vma_fork+0x2c9/0x820 [ 843.033858] ? anon_vma_clone+0x710/0x710 [ 843.033876] ? vm_area_dup+0x1a8/0x230 [ 843.033892] ? vm_area_alloc+0x1d0/0x1d0 [ 843.033919] copy_process+0x47cc/0x8770 [ 843.040791] binder: undelivered TRANSACTION_ERROR: 29201 [ 843.042053] ? __cleanup_sighand+0x70/0x70 [ 843.042081] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.042105] ? print_usage_bug+0xc0/0xc0 [ 843.042129] ? ima_match_policy+0x848/0x1560 [ 843.098028] binder: 32121:32122 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 843.099291] ? check_preemption_disabled+0x48/0x280 [ 843.099313] ? print_usage_bug+0xc0/0xc0 [ 843.099333] ? kasan_check_read+0x11/0x20 [ 843.099353] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 843.099375] ? __lock_acquire+0x62f/0x4c20 [ 843.103571] binder: 32121:32122 got reply transaction with no transaction stack [ 843.108820] ? mark_held_locks+0x130/0x130 [ 843.108854] ? mark_held_locks+0x130/0x130 [ 843.108875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.108890] ? check_preemption_disabled+0x48/0x280 [ 843.108913] ? debug_smp_processor_id+0x1c/0x20 [ 843.113373] binder: 32121:32122 transaction failed 29201/-71, size 5476377146882523136-0 line 2741 [ 843.118090] ? print_usage_bug+0xc0/0xc0 [ 843.118106] ? check_preemption_disabled+0x48/0x280 [ 843.118124] ? print_usage_bug+0xc0/0xc0 [ 843.118154] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.118171] ? zap_class+0x640/0x640 [ 843.118210] ? __lock_acquire+0x62f/0x4c20 [ 843.118239] ? mark_held_locks+0x130/0x130 [ 843.126194] binder: undelivered TRANSACTION_ERROR: 29201 [ 843.126698] ? __lock_acquire+0x62f/0x4c20 [ 843.126717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.126733] ? check_preemption_disabled+0x48/0x280 [ 843.126753] ? dput.part.25+0x241/0x860 [ 843.182857] binder: 32124:32125 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 843.183939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.183957] ? check_preemption_disabled+0x48/0x280 [ 843.183976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.184002] ? mark_held_locks+0x130/0x130 [ 843.184031] ? zap_class+0x640/0x640 [ 843.188969] binder: 32124:32125 got reply transaction with no transaction stack [ 843.197795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.197813] ? check_preemption_disabled+0x48/0x280 [ 843.197835] ? debug_smp_processor_id+0x1c/0x20 [ 843.197852] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.197880] ? perf_trace_lock+0x7a0/0x7a0 [ 843.197894] ? find_held_lock+0x36/0x1c0 [ 843.197911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.197931] ? _parse_integer+0x134/0x180 [ 843.202266] binder: 32124:32125 transaction failed 29201/-71, size 5-0 line 2741 08:44:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 843.207018] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 843.207036] ? _kstrtoull+0x188/0x250 [ 843.207056] ? _parse_integer+0x180/0x180 [ 843.207073] ? zap_class+0x640/0x640 [ 843.207090] ? lock_release+0xa10/0xa10 [ 843.207112] ? find_held_lock+0x36/0x1c0 [ 843.207131] ? zap_class+0x640/0x640 [ 843.214117] binder: undelivered TRANSACTION_ERROR: 29201 [ 843.216107] ? get_pid_task+0xd6/0x1a0 [ 843.216127] ? lock_downgrade+0x900/0x900 [ 843.216142] ? check_preemption_disabled+0x48/0x280 08:44:27 executing program 5 (fault-call:1 fault-nth:49): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 843.216169] ? find_held_lock+0x36/0x1c0 [ 843.216196] ? __f_unlock_pos+0x19/0x20 [ 843.216215] ? lock_downgrade+0x900/0x900 [ 843.216235] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 843.216257] ? proc_fail_nth_write+0x9e/0x210 [ 843.266561] binder: 32126:32127 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 843.271206] ? proc_cwd_link+0x1d0/0x1d0 [ 843.271234] ? find_held_lock+0x36/0x1c0 [ 843.271259] _do_fork+0x1cb/0x11c0 [ 843.271283] ? fork_idle+0x1d0/0x1d0 [ 843.271309] ? __lock_is_held+0xb5/0x140 [ 843.277124] binder: 32126:32127 got reply transaction with no transaction stack [ 843.281084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.281101] ? check_preemption_disabled+0x48/0x280 [ 843.281125] ? __sb_end_write+0xd9/0x110 [ 843.281148] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 843.281165] ? fput+0x130/0x1a0 [ 843.281182] ? do_syscall_64+0x9a/0x820 [ 843.281200] ? do_syscall_64+0x9a/0x820 [ 843.285219] binder: 32126:32127 transaction failed 29201/-71, size 96-0 line 2741 [ 843.292342] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 843.292363] ? trace_hardirqs_on+0xbd/0x310 [ 843.292379] ? __ia32_sys_read+0xb0/0xb0 [ 843.292407] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 843.292426] ? trace_hardirqs_off_caller+0x300/0x300 [ 843.292449] __x64_sys_clone+0xbf/0x150 [ 843.292471] do_syscall_64+0x1b9/0x820 [ 843.300963] binder: undelivered TRANSACTION_ERROR: 29201 [ 843.303011] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 843.303032] ? syscall_return_slowpath+0x5e0/0x5e0 [ 843.303049] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 843.303068] ? trace_hardirqs_on_caller+0x310/0x310 [ 843.303087] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 843.303107] ? prepare_exit_to_usermode+0x291/0x3b0 [ 843.303131] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 843.303154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 843.354618] binder: 32128:32129 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 843.355430] RIP: 0033:0x457569 [ 843.355449] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 843.355458] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 843.355475] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 843.355485] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 843.355495] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 843.355505] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 843.355515] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 843.423857] FAULT_INJECTION: forcing a failure. [ 843.423857] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 843.425547] binder: 32128:32129 got reply transaction with no transaction stack [ 843.429341] CPU: 0 PID: 32131 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 843.661166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 843.670521] Call Trace: [ 843.673105] dump_stack+0x244/0x39d [ 843.676723] ? dump_stack_print_info.cold.1+0x20/0x20 [ 843.681902] ? debug_smp_processor_id+0x1c/0x20 [ 843.686559] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.691493] ? lock_downgrade+0x900/0x900 [ 843.695655] should_fail.cold.4+0xa/0x17 [ 843.699714] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 843.704988] ? zap_class+0x640/0x640 [ 843.708693] ? print_usage_bug+0xc0/0xc0 [ 843.712743] ? zap_class+0x640/0x640 [ 843.716446] ? print_usage_bug+0xc0/0xc0 [ 843.720501] ? __lock_is_held+0xb5/0x140 [ 843.724608] ? filelayout_async_handle_error.isra.7+0x288/0x2e0 [ 843.730665] ? lock_release+0xa10/0xa10 [ 843.734635] ? perf_trace_sched_process_exec+0x860/0x860 [ 843.740073] ? mark_held_locks+0x130/0x130 [ 843.744318] ? __might_sleep+0x95/0x190 [ 843.748286] __alloc_pages_nodemask+0x34b/0xdd0 [ 843.752968] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 843.757976] ? debug_smp_processor_id+0x1c/0x20 [ 843.762644] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.767560] ? check_preemption_disabled+0x48/0x280 [ 843.772578] ? print_usage_bug+0xc0/0xc0 [ 843.776650] ? print_usage_bug+0xc0/0xc0 [ 843.780725] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 843.786254] alloc_pages_current+0x173/0x350 [ 843.790665] pte_alloc_one+0x1b/0x1a0 [ 843.794461] __pte_alloc+0x2a/0x350 [ 843.798092] copy_page_range+0x2017/0x2ee0 [ 843.802320] ? mark_held_locks+0x130/0x130 [ 843.806558] ? __pmd_alloc+0x450/0x450 [ 843.810456] ? rb_insert_color_cached+0x14b0/0x14b0 [ 843.815460] ? save_stack+0xa9/0xd0 [ 843.819087] ? zap_class+0x640/0x640 [ 843.822784] ? kasan_kmalloc+0xc7/0xe0 [ 843.826654] ? kasan_slab_alloc+0x12/0x20 [ 843.830793] ? kmem_cache_alloc+0x12e/0x730 [ 843.835113] ? zap_class+0x640/0x640 [ 843.838828] ? __x64_sys_clone+0xbf/0x150 [ 843.842964] ? do_syscall_64+0x1b9/0x820 [ 843.847043] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 843.852406] ? find_held_lock+0x36/0x1c0 [ 843.856463] ? anon_vma_fork+0x5ef/0x820 [ 843.860511] ? lock_downgrade+0x900/0x900 [ 843.864647] ? lock_release+0xa10/0xa10 [ 843.868610] ? perf_trace_sched_process_exec+0x860/0x860 [ 843.874049] ? __lock_is_held+0xb5/0x140 [ 843.878102] ? up_write+0x7b/0x220 [ 843.881629] ? down_write_nested+0x130/0x130 [ 843.886034] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 843.891473] ? anon_vma_fork+0x13c/0x820 [ 843.895526] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 843.900541] ? vma_compute_subtree_gap+0x160/0x240 [ 843.905460] ? validate_mm_rb+0xaa/0xc0 [ 843.909428] ? __vma_link_rb+0x26c/0x370 [ 843.913479] copy_process+0x4726/0x8770 [ 843.917477] ? __cleanup_sighand+0x70/0x70 [ 843.921708] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.926633] ? print_usage_bug+0xc0/0xc0 [ 843.930704] ? ima_match_policy+0x848/0x1560 [ 843.935113] ? check_preemption_disabled+0x48/0x280 [ 843.940143] ? print_usage_bug+0xc0/0xc0 [ 843.944192] ? kasan_check_read+0x11/0x20 [ 843.948328] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 843.953594] ? __lock_acquire+0x62f/0x4c20 [ 843.957826] ? mark_held_locks+0x130/0x130 [ 843.962054] ? mark_held_locks+0x130/0x130 [ 843.966276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.971800] ? check_preemption_disabled+0x48/0x280 [ 843.976803] ? debug_smp_processor_id+0x1c/0x20 [ 843.981475] ? print_usage_bug+0xc0/0xc0 [ 843.985541] ? check_preemption_disabled+0x48/0x280 [ 843.990547] ? print_usage_bug+0xc0/0xc0 [ 843.994600] ? perf_trace_lock_acquire+0x15b/0x800 [ 843.999520] ? zap_class+0x640/0x640 [ 844.003229] ? __lock_acquire+0x62f/0x4c20 [ 844.007456] ? mark_held_locks+0x130/0x130 [ 844.011683] ? __lock_acquire+0x62f/0x4c20 [ 844.015909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.021431] ? check_preemption_disabled+0x48/0x280 [ 844.026436] ? dput.part.25+0x241/0x860 [ 844.030404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.035928] ? check_preemption_disabled+0x48/0x280 [ 844.040933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.046476] ? mark_held_locks+0x130/0x130 [ 844.050711] ? zap_class+0x640/0x640 [ 844.054418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.059943] ? check_preemption_disabled+0x48/0x280 [ 844.064948] ? debug_smp_processor_id+0x1c/0x20 [ 844.069605] ? perf_trace_lock_acquire+0x15b/0x800 [ 844.074535] ? perf_trace_lock+0x7a0/0x7a0 [ 844.078756] ? find_held_lock+0x36/0x1c0 [ 844.082803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.088329] ? _parse_integer+0x134/0x180 [ 844.092467] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 844.098008] ? _kstrtoull+0x188/0x250 [ 844.101797] ? _parse_integer+0x180/0x180 [ 844.105934] ? zap_class+0x640/0x640 [ 844.109634] ? lock_release+0xa10/0xa10 [ 844.113596] ? find_held_lock+0x36/0x1c0 [ 844.117646] ? zap_class+0x640/0x640 [ 844.121352] ? get_pid_task+0xd6/0x1a0 [ 844.125241] ? lock_downgrade+0x900/0x900 [ 844.129378] ? check_preemption_disabled+0x48/0x280 [ 844.134391] ? find_held_lock+0x36/0x1c0 [ 844.138452] ? __f_unlock_pos+0x19/0x20 [ 844.142431] ? lock_downgrade+0x900/0x900 [ 844.146568] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 844.152093] ? proc_fail_nth_write+0x9e/0x210 [ 844.156574] ? proc_cwd_link+0x1d0/0x1d0 [ 844.160627] ? find_held_lock+0x36/0x1c0 [ 844.164680] _do_fork+0x1cb/0x11c0 [ 844.168212] ? fork_idle+0x1d0/0x1d0 [ 844.171917] ? __lock_is_held+0xb5/0x140 [ 844.175972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.181493] ? check_preemption_disabled+0x48/0x280 [ 844.186515] ? __sb_end_write+0xd9/0x110 [ 844.190585] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 844.196109] ? fput+0x130/0x1a0 [ 844.199647] ? do_syscall_64+0x9a/0x820 [ 844.203625] ? do_syscall_64+0x9a/0x820 [ 844.207587] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 844.212174] ? trace_hardirqs_on+0xbd/0x310 [ 844.216499] ? __ia32_sys_read+0xb0/0xb0 [ 844.220548] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 844.225896] ? trace_hardirqs_off_caller+0x300/0x300 [ 844.230990] __x64_sys_clone+0xbf/0x150 [ 844.234957] do_syscall_64+0x1b9/0x820 [ 844.238848] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 844.244203] ? syscall_return_slowpath+0x5e0/0x5e0 [ 844.249120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 844.253951] ? trace_hardirqs_on_caller+0x310/0x310 [ 844.258954] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 844.263959] ? prepare_exit_to_usermode+0x291/0x3b0 [ 844.268980] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 844.273827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 844.279023] RIP: 0033:0x457569 [ 844.282208] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 844.301097] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 844.308790] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 844.316046] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 844.323299] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 844.330572] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 844.337826] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000100)=0x1000, 0x4) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:28 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vhost-vsock\x00', 0x2, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x214c00, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r3, 0x40044900, 0x1000) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r4 = shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x6000) shmdt(r4) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r5, &(0x7f0000000000), 0xffffffb9) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) removexattr(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)=@known='system.sockprotoname\x00') clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {r6, r7+10000000}}, &(0x7f00000002c0)) tkill(r0, 0x1004000000016) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000240), &(0x7f0000000280)=0x4) 08:44:28 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xfffffffe}}) 08:44:28 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x6000000}}) 08:44:28 executing program 5 (fault-call:1 fault-nth:50): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000040)={0x30, 0x5, 0x0, {0x0, 0x3, 0x5, 0x2}}, 0x30) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 844.418667] binder: 32139:32141 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 844.433994] binder: 32139:32141 got reply transaction with no transaction stack 08:44:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 844.492909] FAULT_INJECTION: forcing a failure. [ 844.492909] name failslab, interval 1, probability 0, space 0, times 0 [ 844.521166] CPU: 1 PID: 32146 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 844.529696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 844.539060] Call Trace: 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000140)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 844.541669] dump_stack+0x244/0x39d [ 844.545320] ? dump_stack_print_info.cold.1+0x20/0x20 [ 844.550538] should_fail.cold.4+0xa/0x17 [ 844.554617] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 844.559780] ? __lock_is_held+0xb5/0x140 [ 844.563865] ? zap_class+0x640/0x640 [ 844.567612] ? find_held_lock+0x36/0x1c0 [ 844.571702] ? __lock_is_held+0xb5/0x140 [ 844.576015] ? ieee80211_tdls_build_mgmt_packet_data+0x2828/0x4420 [ 844.582376] ? perf_trace_sched_process_exec+0x860/0x860 [ 844.587868] __should_failslab+0x124/0x180 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x7, &(0x7f00000000c0)={{}, {0x0, 0x1c9c380}}, &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 844.592128] should_failslab+0x9/0x14 [ 844.595954] kmem_cache_alloc+0x2be/0x730 [ 844.600121] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 844.605687] ptlock_alloc+0x20/0x80 [ 844.609335] pte_alloc_one+0x6b/0x1a0 [ 844.613150] __pte_alloc+0x2a/0x350 [ 844.616801] copy_page_range+0x2017/0x2ee0 [ 844.621071] ? mark_held_locks+0x130/0x130 [ 844.625353] ? __pmd_alloc+0x450/0x450 [ 844.629268] ? rb_insert_color_cached+0x14b0/0x14b0 [ 844.634302] ? save_stack+0xa9/0xd0 [ 844.637948] ? zap_class+0x640/0x640 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r0, 0x3, &(0x7f0000000040), &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 844.641675] ? kasan_kmalloc+0xc7/0xe0 [ 844.645579] ? kasan_slab_alloc+0x12/0x20 [ 844.649743] ? kmem_cache_alloc+0x12e/0x730 [ 844.654079] ? zap_class+0x640/0x640 [ 844.657809] ? __x64_sys_clone+0xbf/0x150 [ 844.661975] ? do_syscall_64+0x1b9/0x820 [ 844.666048] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 844.671444] ? find_held_lock+0x36/0x1c0 [ 844.675534] ? anon_vma_fork+0x5ef/0x820 [ 844.679654] ? lock_downgrade+0x900/0x900 [ 844.683828] ? lock_release+0xa10/0xa10 [ 844.687819] ? perf_trace_sched_process_exec+0x860/0x860 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) setsockopt$inet6_dccp_int(r0, 0x21, 0x1f, &(0x7f00000002c0)=0x40, 0x4) r1 = creat(&(0x7f0000000480)='./file0\x00', 0x18) ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f00000004c0)) fcntl$setstatus(r0, 0x4, 0x42400) r2 = dup(r0) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@ipv4={[], [], @dev}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000240)=0xe8) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000440)) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'vcan0\x00', r3}) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r2, r2, 0xa, 0x61abf0df37f2b1af}, 0x10) dup(r2) ioctl$TIOCEXCL(r0, 0x540c) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f00000000c0)={0x7, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x3ff}) [ 844.693286] ? __lock_is_held+0xb5/0x140 [ 844.697375] ? up_write+0x7b/0x220 [ 844.700938] ? down_write_nested+0x130/0x130 [ 844.705362] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 844.710847] ? anon_vma_fork+0x13c/0x820 [ 844.714934] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 844.719968] ? vma_compute_subtree_gap+0x160/0x240 [ 844.724914] ? validate_mm_rb+0xaa/0xc0 [ 844.728908] ? __vma_link_rb+0x26c/0x370 [ 844.732993] copy_process+0x4726/0x8770 [ 844.737021] ? __cleanup_sighand+0x70/0x70 08:44:28 executing program 3: getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001340)={{{@in=@multicast1, @in6=@remote}}, {{@in6=@dev}}}, &(0x7f0000001440)=0xe8) syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xaaaaaaaaaaaad01, &(0x7f0000000240)=[{&(0x7f0000001600)="8eae1a8688d4c652e4910458717cecfee102708e4e4af4b00a94b9c3ecdb939a1bc6ef4e19de47c01a5d0e045ea1de421d63e841eca57c22d6e8565ef7093d9dca39c017c4924d0f056600e79620d55010b5fa556f4190439ab19a748553ae25918933889933f3652f8f4799fa5d8fbef8c0fdeaff7f6a3af46c759341f8afef7a7553e989fd589bb89e00524f7d6e46ab738f9583c56579a20136c8c07fecffb2c068280ad6b3aea34d810fa6656432c8c2369600f5d655e98187f066cb9b104023db85cf1880b93bc9af6595ab66d6b1065069738d6921e2765ba6862e79c138f4493cd2744c39444f2355bdb935f94ac74e4af1ee5e7f8799a0a595", 0xfd, 0x8}, {&(0x7f0000000200)="c664dbd03464363a9beed27df420", 0xe, 0x9c8}, {&(0x7f0000000340)="f8e5a98b886c02fb9801f2e86eefba6f933e94a87e8926bd86f4ec9a86f4cce2c9161ca3100e7cb613d0fc71b56da96fcca223e6f083dd34864fedbad16ab9b4147ac180cf3435e5e18e5a6042632c7180ed27f3b59ab424a6f9b1759230174e89c84f3737f8d09738c7224de33e75ef8cf6a8dafd0c15c544f95a37c3f03aa60a8870cbe9dbe940edeeda0df39b487fc5bd0048a881e4c52854e670775c1b0ad5e35147528cf9553d182206275d7fe31efc6e64f0a926bae943b2a6103f38d070dc89987bd77b06d6982a6063f44359e4842ea15e834dbc91c56e83daa65073b29c4f385cbb9b4fd23646513fe54cf8c77f8281b7390bd2b59b88366c2049612cfe5f1ee39310a0c4beaf51eae2d72e754f89fcf30fc62c93167683ff968c7e3b105e14ecda68763891ae6d808d20093656297823485c4555c99f50dd7a6b371ee728acbbb7d5c2c58ba85e37bd689ab685080fcbc3e5407a9a52473cd6fe48376f3b40d1fc5acf81b4fd0f17707334b172093cdcb41aa6808f26195621db40284c0d6c6c4b1c1a2c45e0f05799414a5b05dee00c7a1e83f188625f61a1c0d909f9469a7c9ce7135570eee1cd061b14cad3ce50c6bcc6eec2b3ab64ffd64cf95871e5f8614844df58ea9601237f85e343ff720d5ee0501d070d61ebdf50f3f51a4cac39771132f00a13d415e93fd91835e9334f2d321184d05a27ad1cdaf58d1ba205519938f3479c64011de1d3f7fb687c67d3ab4cb4f2172065357f64a41023bf8b5c7040480a7cb66c333c358fd646895a4f024a59ef0fd93644a9e5b0f6f329ce2be8a55622aa319ad4b514b40625f1641dcc7f13130afe9af16e7ee3617f6010907ccdbf7e426c83c036f6459186cb18bacaf8bae0c36e4f8404e3533d4bcd151a4a586b2d777c00db860090a8e24c33feef4a7fa26a19ffb15b104d55c41d85ae15426000124ce8a4c38d1241c630ecfb3431c08d0d06e68012e555a5dc190a06489754ffb6e4008fa374c6d8ef004be304760e89d8b3215af25d26906cb4ca5be847203e0ce11a548628cfb9b21b9554ba5cd75a45f0834b720549affc873085dc27884f9df3614f0a9bbe138a8a06f5fbc0f3dc8a4f0a125d1aa368d8f214e3aa27538b8a4180c92ac2be89945161eadfbefcdacfeb3a46da8da9427396c1b70b9e9a2c26562a7629f6de777575aa8664f4780cbe326707f5fe75e005850f48b0dc20d8d1ba4f84d445ac59b0095c03a042fa5295b8f08357c37581a1e5e00494326ef37172dbd01224ed899374463862a69ec0f716cddd55f137af8f0bf8eeb5c50c452e1278376fc4ab03dacc2c5172fb83da9a6493247bc1d54ab10271bdf78e0042420b16fdf185190617e656e6ba633dd48eddfd57b07fb5ee25fd6cb82e21903aceb8a379f333a881954b95d7d607ca12c66e417bf54702d8b2f9b511f0a1702ccb34d151528d191382cbd8f742a2164a0248586026579516856f82683e3f9f4cc620512e91e2fee7674aff72c3fb455a99ec2d5f191eb7d8d5418ad9fb12ae06eea4002485b4a5de2ba6e5efe91d236b864e0347501e84fa1a7ac743bf573b1470c05049daedfade5d6d58bb9565cf37f837f0cee97956d0183c66cd43e94d760901ec2db8e699bc0afc35e24fee227ecca7b685b6c31be0b2629f2eddb9c949f291eb82f10af85da0f428c56ec8d81743c804e7b552252a64eb5ca91e3179c5471e25ca1ac0525c16cabc3bb5b26fc4b091901be044c265d42c00a03f2590b5518eb883574127973b58fb5c02aec4fa54ce6aff8940896c9e1bf9aa1a3607dd5eae1304090889c8089ef4e942b12f7d33b1b4e436a732f62d8cd1208e96a2cc2e02d8fbd5ec308517d05386de4cc877ffe77a438cb7736a9b32a6e7bae439513cb440b487e8d76af46b964535d26cf4f672ef732acf63a2665c2cc216716cc05ee79d0ee20e320e842170c204b234c5637bd2ad647e55d2d0715002e2e8f15a7978001a90a702ea217926458b3fc31c614448c7ba62280d52ccb34181e91a49d4f71edf7b943b91555de8042255c5887c5a99e18167eafde2b03cd9a28ea1aad1934cd92c61abd634c0eefdec19830e7e37a17c8d9042f441f6ce516e24a5e0368b61a23fcece56d91b656347dee688cc1e6c0e758ff1b7a33347b1210ff3f20dcd05d9c335446439cb6c6ba59d10a141f1d28ec6de533acb795cec7843f3718949aea56950ae4add83728c84cc6b30aa2b5a887b8adb5582848881a76f879730a3606d76343908b6300a7cef84f600bf7e2f36fc89c08963a97c87e7a6ff3828c8c3420143e2e56d3e536e642cbc6e09b747c3657825b77d0689ae02a3fefbe6b4a9648f6266bd1ccfe414fd27438a46a7d819384880d82cac5222573a45b2c16268cd7b604154b438bc9c5ea455a197d73e6efeff8e550b1ca1a75c5e6a3548cca474ce7b46476a3b6bd13e71c699e1c16135528331c4139a8e31e6398f8c106b655a63274c4df177d81e4090a27288ed1017665bae80b87949431d1027d919b7a15e186ded92abcbf8b57afa2737ba11b4ba2ce960a84f96758b9c1f6358c066bced4f193a690488b5129ee707a30219648fea2cb68376de24b2b11581bcbf62afb1caa22116ae7ee18b306b6adc659ba2eaaeffa1d823afdb24b3f66255aed282393f8552c9285792be38162432e9ddacfaea343a10713f5fe20507f9ea70e1b21db095fd3d88d18d68faca1bfde361f8351b02cd01efc2b79ef837797f3e865b60020fb27443c2f288f4c42f3c24b1d6929ddf03a7b1e0fad20eca65b38835e6217d310d13777bdfa55a9124ceb01a7908f2234e16b9ba3e4eb92fcb3f11e2dcf2dd546e533e3ae01971aa56f1d058321fbc8b349e19a4b85a085bda7769a6cd8caca1ec04dda17e6c99e299a333b29822c6036bd042e7a49a441ba5f8ca07eae11cd7bf94693d9361a4202ee18f61e3497e910d7c5fd3da233643c73e2f64bba45db8828f9edc426b90989d4ddb2c702541bb59c549f530039a245e77a96b74651ff364daa4901b81c2c498a3478160481792bf1e4385430b012c87ad7c9883164b987e1794e4cbe3ae7138a316cb692da78beb80c2105335d882624ca044cf6e6a550b8332fa3fa623ef3738fd6ebc57eac299161dbf4ada2ff4fd5805e8f3d7d67fc470e5054f5fffcb386e6ad0f94b9aa3e98b190129e149588c0a835a7e096b58e06be69dcf3c76fcba11e7eafb143a5d2c9a00905c3854b65c17543926ae80fde0e8d7d64116fe5dfc714ea815cc8c3af7f8217e49dbcb0318e16fd726669e0c4bd60baeb8e30c0ab487ba2c3d3c644e9cd32ff76f799b34ac3e4cf5bb4671cadefef338f21ab4d9b6502c407b22ff0c393a09e81f5f7cb771b6057c8a89932e4d059042abaafdc15b18895e26a04e7f9bb370191bb8a0251c580a036faf6151fbc4a7f997e2f209d08ac6e0286e42011cf5f6b8967df8302ef706c67c34d0c9a19affa49c83a1425ec8e7422e7d6e0b2d2e330d1ef29c8545e60b80a7fbdc3d8cc26db07e82f05326e735b2e3dd0b109036b044e75466f9b5a94f1deda9e197e1715da76a24ac64556f6b7b909a0c385ad02d9d3bc873ef7cf898424afe24edd16f5df31951fc83f380c92bcbc38d83a492c9d1a950e1631185a735ca93fd994e6e740024a36cefd2c9fbe8e0198aed23049149fc7212d74ac669961e1a91d2a2da0d0f11e023f1267d977f1478d2a569f8a3ab92fa758f501ff7f9cc27c3ec1016dc8855b841155ba5699d9f518cfefe90ec35ddefc5a2ba261f743f42780e1405f0037abfd8cf07abb9ed4ded416fce5a97811dce26ba47ffee82858626c591bad138242715957e092377ebbeef2a8eeb902fa737a7ffba08335ca84e70d3e6d1bf4e8ee1b634288c686bc9be8d9c5bcf47b1bb80af7801a27fb9c82e768a28241b7b2796c69e9dcc74b94b9534cd18a482b0dc42a60eb1f6b43beafaef17bc8cca6d445fb7ab287966549a34c0bd03ef2fa7cd4845f9dbf969bc02a14252f48a971830a91b1ad27c56a0806437e62567709de16dfbf8fa552479f24b726b5809a26085726ecce931b065ab5978bd6da26a6947659780097ab6bd2d9476b38e41cee4c2915871019fc80cc55862bae43195256320bb5af6cb7c90043e5dd7d40a3ea519e9f97a2a75525cb1a49014e143fc5f7d15f4850e54a07534beb81f6ec192899cd1a8dc0b733f6aa485925fff9ba3f097a1df874c8386ae007fec3d2f1e2e3bd9a4f80317436659fdf7ce0c8656ebda062f07d28d338fd71b2b10896002c8df94ae897f03c883a8270b30927f1edcb2f820c7f496a492f1ed1c5ed66717481e337d8405d79838e2b959061d46ef9ae95fe1e4fc9133fa0e5076714d80719fad2abe9b6ce111ab4c9a0eb2d389a4ce7f6d97a2d1c42199434962fc1857820fdac28dd2516866d1b414fe84cd3b86a7de28f962eac58174fa63cf474a2dca9684ba44e98b01d2a68280bb181b4557127734a3f569f7a8d4939fc3f2b0295832b9c8cf0f8d24f2b35caa8e2c81dc66543a172bc14440930c7077427733eeee530e40a1071a03a5d3b5ee06642218116c25841161f9fc026d0c926871a376dc23f8a8d9b73a2cb52126ff8d7eebce1c540c2a9e47b32937b7a69c7506e311765a659adfff0e7e4620dcc45d9adee3f884e6aeba68d17ff14a082e4ed0c14d505701d90db545fdba1b7eafdd46ecc2f747ef55db7d3f0d0af5e031292cecef053e28ca16160c89f99fc3cdde13cd1dc7235b2dd9369d0f60ca747b1098daf7a41ff6163336409d39dae5d97e2f15bcda33eb1d699c83471ca1bcaf0315405a06f3eb3de0a48a642cd60e2f248d4b395c7163cc003ec4846a8fa824c30e0ca5dc7043214fbec7e54d4855f7d6aa18189af61326c4c809e3486ca5a81dfa858a7ec6d9ad85f8ab76f1f9b7caefffe4d559589a74d7211195b963014a64b9f363e7f52eb6dc836299c50e3364f52256d50c0186196434ae05a94625655d6553f50cc16df5241971297b94684b2d8ae7260ed6d77b8e640d631fbc549b7d7c09a0768220b756977345bf5cef8ec1aed05cf041efa2b89502c884691cfe9c1b760bf03220944ede94827464f2d80036b243dadf4458d2e8a34018d1bbeede6774cfe6a7b709b75939659209f280aba318f9d4571716dd27cce4302ac8013755962d05f86669a26e731c7fff5a15b5215b30f4f053cd21dc36be5e3a2784a0710dbcd9099b21686c1fd52fb629b7d69697b0735cdddac32182e97f9192b7f4ef029b2874b9a1f915316fb5fc80a32cea350b325deed30f70be2ceaec5c8711392dae6cdd12de5d6222e43b3ce3bd627ffe4a755f2ad2ac467a0a6d58aef757a64caf07c5ca5529f258a0b906f0b491df42b94a47d899b769590535ec0cabc26078d6791c167883a867b336d5ab5bff9f951a0c9b0632194f9375b2cbef57006424ac7fe9eac859f3c2b8e9aa69aa7c88e9925ffd5dbfdc0207cc3a1b0167dee348299d407a2357e067ea60f5961889bd4b6c54cc55727288d82bb09b3741506cf06951d53025cc23258700afdaa54723178d74f44e42e6e17c7e1160318442a210606e1cba69e32e662f5d220806986d8ed4e034377558057b80a0a4313a50b18d3cd06972111004bebbc3656a10e609acdcce1391223e7c5d4d1171ab84b96c443cff1e9ace779ad4ea03f81b81145c73891fcfaa131c21e78d73e460a7cb6f24dbbbb8807a90732cc753c35085a16fbfe6a5", 0x1000, 0x1}], 0x10000, &(0x7f0000001480)={[{@suiddir='suiddir'}, {@errors_withdraw='errors=withdraw'}]}) r0 = timerfd_create(0x0, 0xfffffffffffffffd) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 844.741285] ? perf_trace_lock_acquire+0x15b/0x800 [ 844.746234] ? print_usage_bug+0xc0/0xc0 [ 844.750318] ? ima_match_policy+0x848/0x1560 [ 844.754741] ? check_preemption_disabled+0x48/0x280 [ 844.759777] ? print_usage_bug+0xc0/0xc0 [ 844.763856] ? kasan_check_read+0x11/0x20 [ 844.768024] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 844.773327] ? __lock_acquire+0x62f/0x4c20 [ 844.777597] ? mark_held_locks+0x130/0x130 [ 844.781859] ? mark_held_locks+0x130/0x130 [ 844.786118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.791673] ? check_preemption_disabled+0x48/0x280 [ 844.796714] ? debug_smp_processor_id+0x1c/0x20 [ 844.801413] ? print_usage_bug+0xc0/0xc0 [ 844.805488] ? check_preemption_disabled+0x48/0x280 [ 844.810522] ? print_usage_bug+0xc0/0xc0 [ 844.814608] ? perf_trace_lock_acquire+0x15b/0x800 [ 844.819553] ? zap_class+0x640/0x640 [ 844.823309] ? __lock_acquire+0x62f/0x4c20 [ 844.827580] ? mark_held_locks+0x130/0x130 [ 844.832353] ? __lock_acquire+0x62f/0x4c20 [ 844.836609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.842162] ? check_preemption_disabled+0x48/0x280 [ 844.847204] ? dput.part.25+0x241/0x860 [ 844.851207] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.856761] ? check_preemption_disabled+0x48/0x280 [ 844.861795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.867361] ? mark_held_locks+0x130/0x130 [ 844.871643] ? zap_class+0x640/0x640 [ 844.875378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.880941] ? check_preemption_disabled+0x48/0x280 [ 844.885976] ? debug_smp_processor_id+0x1c/0x20 08:44:28 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r1, 0xc080aebe, &(0x7f0000000340)={0x0, 0x0, 0x2080}) r2 = dup(r0) fchdir(r1) mount$9p_fd(0x0, &(0x7f0000000240)='\x00', &(0x7f0000000280)='9p\x00', 0x4000, &(0x7f00000023c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_L='version=9p2000.L'}], [{@subj_type={'subj_type', 0x3d, 'sed\x00'}}, {@obj_user={'obj_user', 0x3d, ':nodev&('}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'sed\x00'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+^systemeth1keyringvboxnet1'}}, {@obj_role={'obj_role', 0x3d, 'sed\x00'}}]}}) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000002480)={[{0x3, 0x4, 0x40, 0x10000, 0x2, 0x7bd, 0x81, 0xb61, 0x9, 0x4, 0x5, 0x3f}, {0x7, 0x1, 0x3f, 0x1, 0x3f, 0x0, 0x1ff, 0x2, 0x4e27, 0x300000000000000, 0x6ed, 0x8000, 0x3897}, {0x1, 0x100000000, 0x80000000, 0xa79f, 0x2, 0x10001, 0x45b, 0x8, 0xcb, 0x200, 0x0, 0xb049, 0x100000000}], 0x100000001}) setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f0000000140)={{0x3b, @loopback, 0x4e22, 0x1, 'sed\x00', 0x2, 0x9, 0x16}, {@empty, 0x4e20, 0x12007, 0x0, 0x4, 0x100000001}}, 0x44) bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e22, @broadcast}, 0xffffffffffffff5e) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) setsockopt$llc_int(r1, 0x10c, 0x7, &(0x7f00000000c0)=0x4, 0x4) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) tkill(r3, 0x2c) [ 844.890658] ? perf_trace_lock_acquire+0x15b/0x800 [ 844.895614] ? perf_trace_lock+0x7a0/0x7a0 [ 844.899747] binder: 32154:32155 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 844.899890] ? find_held_lock+0x36/0x1c0 [ 844.912003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.915649] binder: 32154:32155 got reply transaction with no transaction stack [ 844.917558] ? _parse_integer+0x134/0x180 [ 844.917584] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 844.917601] ? _kstrtoull+0x188/0x250 [ 844.917619] ? _parse_integer+0x180/0x180 [ 844.917640] ? zap_class+0x640/0x640 [ 844.946420] ? lock_release+0xa10/0xa10 [ 844.950427] ? find_held_lock+0x36/0x1c0 [ 844.954536] ? zap_class+0x640/0x640 [ 844.958273] ? get_pid_task+0xd6/0x1a0 [ 844.962187] ? lock_downgrade+0x900/0x900 [ 844.966375] ? check_preemption_disabled+0x48/0x280 [ 844.971440] ? find_held_lock+0x36/0x1c0 [ 844.975533] ? __f_unlock_pos+0x19/0x20 [ 844.979527] ? lock_downgrade+0x900/0x900 [ 844.983690] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 844.989244] ? proc_fail_nth_write+0x9e/0x210 [ 844.993752] ? proc_cwd_link+0x1d0/0x1d0 [ 844.997838] ? find_held_lock+0x36/0x1c0 [ 845.001948] _do_fork+0x1cb/0x11c0 [ 845.005503] ? fork_idle+0x1d0/0x1d0 [ 845.009208] ? __lock_is_held+0xb5/0x140 [ 845.013262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 845.018797] ? check_preemption_disabled+0x48/0x280 [ 845.023804] ? __sb_end_write+0xd9/0x110 [ 845.027858] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 845.033386] ? fput+0x130/0x1a0 [ 845.036665] ? do_syscall_64+0x9a/0x820 [ 845.040638] ? do_syscall_64+0x9a/0x820 [ 845.044618] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 845.049194] ? trace_hardirqs_on+0xbd/0x310 [ 845.053526] ? __ia32_sys_read+0xb0/0xb0 [ 845.057585] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 845.062961] ? trace_hardirqs_off_caller+0x300/0x300 [ 845.068058] __x64_sys_clone+0xbf/0x150 [ 845.072028] do_syscall_64+0x1b9/0x820 [ 845.075917] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 845.081272] ? syscall_return_slowpath+0x5e0/0x5e0 [ 845.086195] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 845.091028] ? trace_hardirqs_on_caller+0x310/0x310 [ 845.096033] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 845.101060] ? prepare_exit_to_usermode+0x291/0x3b0 [ 845.106070] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 845.110922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 845.116108] RIP: 0033:0x457569 [ 845.119290] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 845.138201] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 845.145898] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 845.153157] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 845.160423] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 845.167696] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 845.174971] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:31 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000000c0)={0x87, @remote, 0x4e23, 0x0, 'sh\x00', 0x0, 0x1, 0x1f}, 0x2c) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:31 executing program 5 (fault-call:1 fault-nth:51): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:31 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x300}}) 08:44:31 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x100000000000000}}) [ 847.436867] binder: 32183:32186 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 847.451477] FAULT_INJECTION: forcing a failure. [ 847.451477] name failslab, interval 1, probability 0, space 0, times 0 [ 847.472304] IPVS: set_ctl: invalid protocol: 135 172.20.20.187:20003 08:44:31 executing program 3: r0 = timerfd_create(0x0, 0x80800) r1 = dup(r0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000040)={0x0, 0x17, "8505aac52e007b6707c57c1397463f45bad3b9c39614ae"}, &(0x7f00000000c0)=0x1f) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={r2, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @broadcast}]}, &(0x7f0000000180)=0x10) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 847.480626] binder: 32183:32186 got reply transaction with no transaction stack [ 847.483427] CPU: 1 PID: 32187 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 847.496587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 847.498521] binder_transaction: 3 callbacks suppressed [ 847.498539] binder: 32183:32186 transaction failed 29201/-71, size 768-0 line 2741 [ 847.505939] Call Trace: [ 847.505964] dump_stack+0x244/0x39d [ 847.505988] ? dump_stack_print_info.cold.1+0x20/0x20 [ 847.506018] should_fail.cold.4+0xa/0x17 08:44:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 847.506038] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 847.506057] ? __x64_sys_clone+0xbf/0x150 [ 847.518752] binder_release_work: 3 callbacks suppressed [ 847.518760] binder: undelivered TRANSACTION_ERROR: 29201 [ 847.519031] ? do_syscall_64+0x1b9/0x820 [ 847.558548] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 847.563940] ? zap_class+0x640/0x640 [ 847.567674] ? find_held_lock+0x36/0x1c0 [ 847.571763] ? find_held_lock+0x36/0x1c0 [ 847.575845] ? __lock_is_held+0xb5/0x140 [ 847.579942] ? perf_trace_sched_process_exec+0x860/0x860 08:44:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) acct(&(0x7f0000000040)='./file0\x00') ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 847.585444] ? up_write+0x7b/0x220 [ 847.589007] __should_failslab+0x124/0x180 [ 847.593260] should_failslab+0x9/0x14 [ 847.595091] binder: 32197:32198 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 847.597083] kmem_cache_alloc+0x2be/0x730 [ 847.607052] binder: 32197:32198 got reply transaction with no transaction stack [ 847.609277] ? anon_vma_fork+0x13c/0x820 [ 847.609300] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 847.609321] vm_area_dup+0x7a/0x230 [ 847.609340] ? vm_area_alloc+0x1d0/0x1d0 [ 847.633516] ? __vma_link_rb+0x26c/0x370 [ 847.634409] binder: 32197:32198 transaction failed 29201/-71, size 360287970189639680-0 line 2741 [ 847.637616] copy_process+0x42a5/0x8770 [ 847.637672] ? __cleanup_sighand+0x70/0x70 [ 847.637698] ? perf_trace_lock_acquire+0x15b/0x800 [ 847.637723] ? print_usage_bug+0xc0/0xc0 [ 847.637746] ? ima_match_policy+0x848/0x1560 [ 847.667950] binder: undelivered TRANSACTION_ERROR: 29201 [ 847.668316] ? check_preemption_disabled+0x48/0x280 [ 847.678771] ? print_usage_bug+0xc0/0xc0 [ 847.682851] ? kasan_check_read+0x11/0x20 08:44:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) r2 = gettid() syz_open_procfs$namespace(r2, &(0x7f0000000100)='ns/uts\x00') accept$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f00000000c0)=0x10) 08:44:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 847.687013] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 847.692302] ? __lock_acquire+0x62f/0x4c20 [ 847.696722] ? mark_held_locks+0x130/0x130 [ 847.700987] ? mark_held_locks+0x130/0x130 [ 847.705243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.710796] ? check_preemption_disabled+0x48/0x280 [ 847.715839] ? debug_smp_processor_id+0x1c/0x20 [ 847.720532] ? print_usage_bug+0xc0/0xc0 [ 847.724612] ? check_preemption_disabled+0x48/0x280 [ 847.729646] ? print_usage_bug+0xc0/0xc0 08:44:31 executing program 3: timerfd_create(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0x40085400, &(0x7f0000000000)={0x7}) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x125080, 0x0) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0xc0, 0xfffffffffffffff5, 0x4, [{0x2, 0x28b8, 0x4, 0x9, "ac656d30"}, {0x4, 0x3, 0x11, 0x80000000, '/{trustedselinux{'}, {0x4, 0xb39, 0x45, 0x8, "73656c66776c616e307d236370757365742d3a776c616e3073797374656d2b6c6f76626f786e6574306b657972696e673a5dfd70726f63707070315b73656c666264657627"}]}, 0xc0) [ 847.733733] ? perf_trace_lock_acquire+0x15b/0x800 [ 847.738682] ? zap_class+0x640/0x640 [ 847.742448] ? __lock_acquire+0x62f/0x4c20 [ 847.746765] ? mark_held_locks+0x130/0x130 [ 847.751019] ? __lock_acquire+0x62f/0x4c20 [ 847.755271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.760831] ? check_preemption_disabled+0x48/0x280 [ 847.765861] ? dput.part.25+0x241/0x860 [ 847.769855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.775415] ? check_preemption_disabled+0x48/0x280 [ 847.780448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.786016] ? mark_held_locks+0x130/0x130 [ 847.790284] ? zap_class+0x640/0x640 [ 847.794011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.799561] ? check_preemption_disabled+0x48/0x280 [ 847.804595] ? debug_smp_processor_id+0x1c/0x20 [ 847.809277] ? perf_trace_lock_acquire+0x15b/0x800 [ 847.812706] binder: 32203:32209 transaction failed 29201/-71, size -144678142324244480-0 line 2741 [ 847.814228] ? perf_trace_lock+0x7a0/0x7a0 [ 847.814244] ? find_held_lock+0x36/0x1c0 [ 847.814262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.814284] ? _parse_integer+0x134/0x180 [ 847.834596] binder: undelivered TRANSACTION_ERROR: 29201 [ 847.837212] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 847.837230] ? _kstrtoull+0x188/0x250 [ 847.837249] ? _parse_integer+0x180/0x180 [ 847.837266] ? zap_class+0x640/0x640 [ 847.837282] ? lock_release+0xa10/0xa10 [ 847.837305] ? find_held_lock+0x36/0x1c0 [ 847.837324] ? zap_class+0x640/0x640 [ 847.837345] ? get_pid_task+0xd6/0x1a0 [ 847.879695] ? lock_downgrade+0x900/0x900 [ 847.883833] ? check_preemption_disabled+0x48/0x280 [ 847.888850] ? find_held_lock+0x36/0x1c0 [ 847.892917] ? __f_unlock_pos+0x19/0x20 [ 847.896892] ? lock_downgrade+0x900/0x900 [ 847.901034] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 847.906560] ? proc_fail_nth_write+0x9e/0x210 [ 847.911066] ? proc_cwd_link+0x1d0/0x1d0 [ 847.915140] ? find_held_lock+0x36/0x1c0 [ 847.919215] _do_fork+0x1cb/0x11c0 [ 847.922747] ? fork_idle+0x1d0/0x1d0 [ 847.926460] ? __lock_is_held+0xb5/0x140 [ 847.930517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.936043] ? check_preemption_disabled+0x48/0x280 [ 847.941055] ? __sb_end_write+0xd9/0x110 [ 847.945124] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 847.950664] ? fput+0x130/0x1a0 [ 847.953943] ? do_syscall_64+0x9a/0x820 [ 847.957906] ? do_syscall_64+0x9a/0x820 [ 847.961871] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 847.966454] ? trace_hardirqs_on+0xbd/0x310 [ 847.970777] ? __ia32_sys_read+0xb0/0xb0 [ 847.974830] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 847.980189] ? trace_hardirqs_off_caller+0x300/0x300 [ 847.985288] __x64_sys_clone+0xbf/0x150 [ 847.989255] do_syscall_64+0x1b9/0x820 [ 847.993144] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 847.998722] ? syscall_return_slowpath+0x5e0/0x5e0 [ 848.003655] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 848.008502] ? trace_hardirqs_on_caller+0x310/0x310 [ 848.013513] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 848.018532] ? prepare_exit_to_usermode+0x291/0x3b0 [ 848.023557] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 848.028407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 848.033588] RIP: 0033:0x457569 [ 848.036810] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 848.055708] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 848.063434] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 848.070697] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 848.077958] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 848.085218] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 848.092477] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:31 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) fanotify_init(0x52, 0xffe) tkill(r0, 0x1004000000016) 08:44:31 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) tee(r0, r0, 0x3, 0x0) setxattr$security_ima(0x0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000000c0)=@md5={0x1, "9797e2c8c5280575ff02b8589afa3842"}, 0x11, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x20, 0x4, 0x690, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000340], 0x0, &(0x7f0000000100), &(0x7f0000000340)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0xf, 0x33, 0x0, 'team_slave_0\x00', 'bond_slave_1\x00', 'syzkaller0\x00', 'bcsf0\x00', @empty, [0xff, 0xff, 0x0, 0x0, 0xff], @random="2df68c132cae", [0xff, 0x0, 0x0, 0x0, 0xff, 0xff], 0xa8, 0xa8, 0xf0, [@mac={'mac\x00', 0x10, {{@local, 0x1}}}]}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x3c0cf4b0, 0xfff, 0x90000000}}}}, {{{0x19, 0x10, 0x8100, 'veth0_to_bridge\x00', 'gre0\x00', 'irlan0\x00', 'syzkaller0\x00', @link_local, [0xff, 0xff, 0x0, 0xff], @local, [0x0, 0x0, 0x0, 0xff, 0xff], 0xf8, 0xf8, 0x170, [@mark_m={'mark_m\x00', 0x18, {{0x4, 0x0, 0x2, 0x2}}}, @limit={'limit\x00', 0x20, {{0x1ff, 0x10001, 0x5, 0x10000, 0x2, 0x4}}}]}}, @common=@nflog={'nflog\x00', 0x50, {{0x1f, 0x4, 0x10000, 0x0, 0x0, "72a8381db8af1ef057941ab90c9810feb195a93fc9b888da7994a48d75a14812ca37795f8807d84ccbea57153b70d9f6dad1ca1ee819f5379c8c7811d41920f7"}}}}]}, {0x0, '\x00', 0x2}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x2, [{{{0x5, 0x0, 0x6005, 'team0\x00', 'vcan0\x00', 'bpq0\x00', 'team_slave_1\x00', @empty, [0xff, 0x0, 0x0, 0xff, 0xff], @broadcast, [0xff], 0x118, 0x150, 0x1c8, [@state={'state\x00', 0x8, {{0x20}}}, @ip6={'ip6\x00', 0x50, {{@empty, @loopback, [0xff000000, 0xff000000, 0xffffffff, 0xff], [0xff0000ff, 0xff000000, 0xffffffff, 0xffffff00], 0x2, 0x3f, 0x12, 0x4, 0x4e20, 0x4e22, 0x4e21, 0x4e24}}}]}, [@common=@dnat={'dnat\x00', 0x10, {{@local, 0xffffffffffffffff}}}]}, @common=@NFLOG={'NFLOG\x00', 0x50, {{0x8, 0x211f, 0x4, 0x0, 0x0, "482c8b088fe08e5078975ce50f9c815566a9ac0520a48a52cb3ff49863003eeebfa03661cd35deae7bb1a1ecbd4b996f6d7f4dbe9cd0abb9e470347cec1b70fa"}}}}, {{{0x5, 0x8, 0x88f7, 'ip6gretap0\x00', 'bridge0\x00', 'ifb0\x00', 'veth0_to_bond\x00', @local, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff], @local, [0xff, 0xff, 0xff, 0xff, 0xff], 0x118, 0x160, 0x1d8, [@rateest={'rateest\x00', 0x48, {{'veth1\x00', 'veth1_to_team\x00', 0x9, 0x3, 0x40, 0x6, 0x6, 0x0, 0x6, 0x9}}}, @realm={'realm\x00', 0x10, {{0xfe30, 0x7f, 0x1}}}]}, [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0x0, 0x101, 0x1}}}]}, @common=@NFLOG={'NFLOG\x00', 0x50, {{0xedf8, 0x7, 0x9, 0x0, 0x0, "40f41f106d8e98703ec715b9129d7f1515b225eafefc10118f2aa6ca09cc52936d8a01ac0558135e4d43bd4c72bd42a88a38fddd8c283fd39e7dcd8deacc06a4"}}}}]}]}, 0x708) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000003d00)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000003b00)={{{@in=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6}}, &(0x7f0000003c00)=0xe8) syz_mount_image$f2fs(&(0x7f0000000140)='f2fs\x00', &(0x7f0000000180)='./file0\x00', 0x1, 0x6, &(0x7f0000003a40)=[{&(0x7f0000000a00)="661f3ce4a6e3a447db28e73db009f6bb44dade8d7569d1b4ed8399a0b2f3e9ecef4dd3ff5f3d561f1c8108526edccd74431d49f6f8c8d8e4ab1b799539700360796fec3edf88347d705026eb8273476a4463254d95b212f47cc813e83b80936901711cdd792e2ad0cdf692d6653bf870d457f52d56b7e210b18f04051204172cd005c677a84ada38456d079ec7de1a9736efd81acb8d05bca4317454401bbc714e8706e0b4b4d239eef3d43967724ee04d75ae6672970793e62b7ab574c2dee6c25f150055ea4bbe47be915b380fc581416716c305759c62b40567d46b5915322feadb58a6966731784e6e9076ffbe950c8f94e3698e43126dd0457071379eb3200645b3806cf6b105ea73e701ef45b54d25bb0d8f5fc8147c571402aeabac777ad4465392ed45ba07991b2755981ed424f63c7fe8805efd1e75d30d938d635cd9eea42869e4b4b866f2a3682721376374d1c5fabfa056b83a073bbed4de21b180faf0a28b32459e38df543c937537f93122b49973769e1dd62e15247c5c7d10ca6c78871b4d6b1875e3d738bd8ad597c02d00d6fbad54b7c3ae7f7fceef6b766f9cf182ed90ee753fbc7aa01ee48a79485d3091816fc6d3f280407c6e9f0a0bbce27d7fd53149389367e4a97363743cd3517fc618c39de6d6e86b3ed5a834900804aec1e1a96a8af07d724f4200fe55264ffb48e63f07a5f98e08802ef615d448327992e079a0d33d139a4e3cc3ca0b3d22b24a0c93cb43f4c236e5a44497d0ee4a024835cf3367924ae4fecfb44f8ec3f1ec8d412c09ae18fb8ec68041f8a84962d578f7bbf995df8ea71ceca57809d5579063a26948b26d025a223f5d219e82b1b56bde63e831e02144ebc7ca9a658b5e88660c5ce73222d28006307c612646042214d6ca95ba9fde8083004ad1c02e1462704ff3311634ee7811a9c1ea4f07ad6bdf5e302ac507ea9902f3165ab0da94ea873500846a3d52a4b620b24e8beb643ba9bfab3f93ca8457a5b7670fdf62b210d336b842fac7976df6ad8a8f444199c92810f3fbe254de86331df03f6a80e01f794fe7660fbb65d1b26bfe714ddd2d30affcb978f598cdc86ff27cd66249f798ec2ae70d86feb7c90e111baa8c6b5322083557511301851d6ef469c5d937040e07bdd131e86cf91f5058e5e67f799e499224a95d81fc868c05c63fd70537dd453f073bce666525fe19538b58980f1a0b10d0981a4d9ce1e95c1185136fc33ebe45cba7786589f424f29774421439d2b11a535117eecc3ef9d59f4e51851c83840b9535c8b42f72eb141164a7aaafd33ccc5503ac9809d7569f33e1245e20cca82a80b5e965cc42a86de014c7daaaca3675ba7b9ebd4a918f382b57ac7faea0fdaf205ec915c2dfa9d4023577da4bdb3a2b20a1d1b7dd9fd02b80832250714170c5d665aabf90d35d55238967af0772630d093e5ca5cb3605f097f578b9aa0dbeb21ec28d6b76d94a360efc889345c6766e1e741fa0eee3603c7186577dddeb193bcbd23d28fb6dc4f31628facedde6c6efb1285c2265df496150563a0dcf74e630d22b4e560f0407bafcdb131f37b17025b9a80e0b7900733bdd1d9796bac26517a49bdc0f10d2c68ea0a95501b9c686f315fe0e0aaf6ef3f3a6e7020506265ff3465cff30ea5b057a1698f79ae8f2fc7bc78ecba842d78ed8b9896d7c024036df359db61a9a64fa96fd547fa70fd638868e68e7ca87102e70387a7a5339323142d2a1aec18fca98bfb58c7ef284d1b4d47ab61868f34362aa1ed4f6a6eeae4c891f52b805a656b07aec6ad229fddd21cff6012ab2a92ad5506c7d394143f1f9990d8ea89af870ec26a3e581631ee6b77e5d5e5657f0ce7e019d1edbea465699ad26606ee7385bda0ec601ca9917a6132a2ec7b4910782a1e1e456937aaffd6016d7173717883791b460c2a3183aff24e3ea4b20e724d774f937d23e5c16cf9e9b0dc62e0dc2430e855687aa03e9ddcb9b6ff5aede942e41bbf866828d06c7cd44c546e77a04cebe4bd98c667ca450b8839ca4defbb77661cbb9ee9d2e782d3204b695f431cd40f1e26312227d970e51067850ea52fb84c00b1c10c443e5ce1c032d07ce70bfab03c5e47a8fb326ea4d8494e98f7a00899f380e07129a7508dd4a0a426a48dadf57740ec57ea6792a7aa18dcbeac2dcfdf6e35b11c9f3f6a507a184df66f6f45198b6653457e30c7a66b314ac4bf22c87a9177e4f6530031c95d7dc2773183799a2813615f827c68081ba4ff7184c8709865a92e8513cdb876be98fd986456565d8c46b4b059aec120a6a5434bd034d8d2729aad87c4e25f9b143a578b697c06e0e83f6bf6683238c3dbc0f2d671cf0237f7f0bad0587ee0319976dac1eaa4c592157e4f3346073ccb77f6c22694c594d300fa1149a36f18b808bafeafbee00be305da6cd0dd5dfe953ebacc5a16e31417cce00fba8dd3ffd26f5a2555ffb24c11260b571117d096cc231023b117ddfb29fa9ace78095d986de93e1931a79d60503b6d005a2fa8d7284a4d8d6eaac2069b710fd7c4281e6af09b03e43e58526d694f338dbb8d9c92e2c960a6ba9ed0723c2d031df8790163dbd3954c26ddabdc4475ea4fc41e901b8f1108ef58f675b9a43c1552cbbe6d51209a10c08fcbfa3378372c564124f1afc5661eaba8b2f703bb64441a48d498be6ac17f8fdceb57439b4ca0f2b3c9a34dc780fa1fbd0a7653f6faba1d2aaacd9bd39641c7e15a078ca314681d6461c2d012d485e223e252ded3b06ae776de35dd4e38f97a439f184eb0290d2442cd435156e6bd6d0d21fc674b76830e42a23a57d8561b2dad263b240c6d255aafe92bb0b9895eb5133f429657d0bc638ff1745d7b08778e9b6164c9dfd7836136324e592097a38bf8fd1f037d0bda46e341a28bf763b3acd07b7ed114c1b221ff9d98f37b681002995e009e7e2b004fc1e9ea7e5325a9dd8dc69980ae8a64ac093ae7b63c25123e43d6e645dfc5665b697b7f1de02fb52f83e6a47b20e5287d4d2341050b4976cf7cad9bc9a1bdf848f5808f5229edb4151b1808008f11b78998899c4f29ac0c343f0fa3d1d51321a745b40b7cab455361514074108c1a6c199f9702c5b78885c35cb9ca9fe25c42fd31322a499ebbc21e468a38b05b1a651b3125af6683e37c355a8877fac15ac694e9351cde75813e38c67928ed4f8ae2796684db0e33a948e19f7c28632c0d1805a31ec95d4a2054209fb804d4bbd61fefb9872e4fd571ca9e13610647cad9f8cd04954af661eb96533ad8f8f2194778ab24414047caa2200db3c39f86adf4c16cbfc39d6b52d58d65f25baa21c479822167a280a69163596af56bb1b38b3958dcb566d3459f7a3e53d5e13736713cd5c07b1242a7683dbd13da55ed4fec30bcec955b9e41a00f2da517cf1b0518e54ba3c68213721b8a947eb3eb8a343d823fa00299ed7812cef83311eadbf857cf52e5b5e5df9a8da424ac67c6fa185c916d27c80cf8336fc849059f46ed42d71eb2942232d1efbfad676ad13d8df4149f34adefd9e41a27f3735920a1cc1347725d7a6e9c82e46f7f90fb334cdd2fe809980d143420bea475613a3ba6f8db87941a8c7775feec21d0027802f296d89516bd96cdff647c78deec1e3d3bbfc660d7fe4b8a47f6a1ed2f489385373044789c55cb4d6e99289dd5dfdd23eef79bf3c35f6145db7446e4b18a90a544e201f280ed0212dc0ffbaf18f1f4cc6a25919b0eaa9f1ef3b003ed42f62740f4e4b4425b83b9022d9e3a0b1bda9d9f593702019e62bc7a3e4f09a9c001c703286d893019251d8db10076a7b56822354d7c38ce923e38daea50299d34fd3c0a0820abcdbe1abc513503cfba42d3b8930c422afd750eba4b1911f37cd697c5b32b108f00cf67a814b184fbdd63b27282d94e0d15cc28cd278c191db63437a258d483a1266919a33e6a092e39b2e0f23bb75d593a441337a426f9e8373a38bde40636eb27ca914bbe91cf8d97f3fe48f24ba2e1f2fa31febc6d55e85ff5143696b5367121277cd770a7267c232b581f1cbe147fcf5b05bc50286cccc1e6b77f495c5213991bd8f2800f28ce6748d22a58ba199de81260a689412be56d79b70565d2a1f06b83cbaf3459fa11ef73a6310049f6fdfbbaf6a80a527558ec2b298e613eefd4f6c30b12801799a1ef27360412bd4a3202b23a8cc00e57a1d9f1105d8df6f0f762277ee39fae3fff93db88d32d413ea1e8938e95dea3dc6bfd7766ae1e704c2e5bba61a405d95ab1f2aa8bbf84de3029644c632e3a2833a08671e2766e0d1d7b9f457c2b5715042bdcae67599d34ccdb60895edf891df486d26e6f48b935cfa9faa76beb349c5a69b0704fd804c1491e09ea5eb37e90817f3aff6ecf86803fb78137a821c890878debc34e34e852d87de37ea1db73f38b95fbc4169b5be9ddfc89676829f070d711423310f3164237e9a7b39840787efb5a9e69c0e51cef92aeb4a5a92e95edbd94b45987f441159902d869cf55f73afbd74128072b68309e6f8a41864406937b132ebc085d7d58cad3a8563440fdf45e8e5379b7db4904cf4cb2ffb45d68c00a06badbf5ecb7b3888bf61cb68de75fb21d329a02d9c801f5810d7c5c90c36cede787d814f5f745724dccce66ebd254e2f47204618ed7f25760429969f0df3a9edb65ee9417b3da35dc1ddd8e5715b73e9160c9ea7151cde09a998b35b0048cedbec9b616f254fb50cd2f0951b6f4468fd7304845f2f3155049ed61827365039c6ee2fd71e1a8c49d4583b9f4cfade1ae3dc21375a7097c040ed6fd11e0457d21b548dcb65252b93308409caf0c50fa690e4b8af104f94d2d6fa4390f56e2380c834e8cb2c330cfd185a8e6a4559bfbd60d99c8902eb97786ba3a45313ffd2da72ef2a93713e98cb06dca900dd66c73504cf9e63b41b9cf6c63ef7158b45026c2b5c72594109562a2a76f13963d9e84b5778071d15bcf69b3f41fc1cbfae7d1719190e8db0323bf0ff14bf42456e338c5ca12b1568634d72a7910d7e0f6f37bf6d22ba808844c22246a127d162a0f36dc78dc864c221ea4d1a8038cb11e0545a6d27ce99d07c2907fd93e28110453e0f8eb36205425629129bc7780ad67904f087271cc07cad1333ec496509fcc9b98a412d0c563dfeec6402c9b0fe55be4b20d7aec397d12dbd657648835cc9afe4a03f413a8157f8812633dafbc77e398bb54298e8b52f5c6326b374a02ec8de773b74782ad5c3943708762cd41086cf61379b1d0e80d788181f56a38ec20b52378b392f31934930db77939d532ca0e57338492701ad94193e1a9141777c1c1334b71612f881ab0f02811575d08422c2b4c1969d118762261687c8c5ddf17b325e3a8b2b998143343b22e9a42c2483afa6e4bf4861b0ec3df0fbad2df5518deeb41fa5a4be38351890b7ed759c6ca7efa093d9744c26303e5a730d7b4ba1a987db752e96c7fc36519b8117d458ab8e47131c870b35b265b7ae4eef67aee7c8fbc83437a76d35adfcd3893715df0416ef73a740a0174ed17aa24925e0a1966fb0313437e44d6baded0bc70f0efcde5d127dbf8ddba3a9a6a7ae8ef823701636c3a18829461c48e560b268c48a8dc86518173d29a35049f050dd0c60b1cb210b64e94514bd5568f16e48590cc574acc6622453e0c7fa96b875c40cfb9d6743f2af8c031d02d611fd28ec1415d4d26ceb3f94fdecffde24b4b70c1bdba4df16dee180159a33261372fa9e822a6d19f0f04e0dd12ab5bf0bbfdb0042ff92a50a8a4be4aa", 0x1000, 0x1}, {&(0x7f0000000240)="b639a4428197905be07c18fdff418b42ba2ddfae00468f3af80ce19262e326da99b409980b50279ef48e3c23772e71419a96d717", 0x34, 0x7}, {&(0x7f0000001a00)="219d15b32a56e0fce5bd56ffbb3657f228f679701e192a5fe642a50a5d3b350904da6fbcc8bcc95eabb376c30a9e5b067e1ee7d7f5085af1900d249c210b73efe1e600d0b94a56712e46903bb329af450799f5f8949eb1299389911fa3596a36fa8d47dcb4e0d511af20df5685c1f4d7552696aed4bfa190223e5caa0364951a48518f3a9bf7e7f764e57d7e64ce9b06b7066e604f9f89b6039a4b627a087617d4a1b9ebbf8347afb566e540191b33a9b3fe9b8b19f525b82f244328da47005b49093c9b5394df52bf45effe832ed2b50c3f2f0aa4c5f8b1215e95cc4771f37599a80e440c582ffd64d1c3fa51d1951d68f588f9ada25f92fb133dae622a2028be67ab6a942a3fc2fb9a4dc0a694b91f630eda05aed783d54e73ac0b1f61da152b5d0f09270c8ec7cc8e31459e37af82303518c930d5381500553a523938352302b47082590cddb39c1e5538b9a917a8a2469daf1fa9b10459f6425970ebd11d7ab495c881ccb4912eaa7905c6e4f98285cb08ea26dac076a71ed1108bbca541420214a176e3ce9d6e7f51da6a903f38c4eff93dc8941a570d9ba81f068e15b84e9c6620c91429167e68b2629fa4abc660c5f196f7203412d1c1cbce852dd88811a46ce3e426ba9a65f687687bba0efaf2027e00a74f314796b2f47c01a130a8c609681b1fb999ca1e0c9e29ca3470d19a4e5f1b5fe7fd0f1342b34310ec05bb30daef277bd80f7883ec624b808cdfe0347d42acad93bde4cc85e5326a5af265352f970ebce87cc657e50308eb9c79d8146ce951c455eb3dc7121d6c3eaa1942e4135cf263e5ded020507dd947c875589a3126b11defe3f451b6e029a9775c3845b8fac806ffa597c2aff6fe8fc7ddfa14f325b3e2ac2b9ad3d3b4d740fbedfe5cf488d0a7f0386c291ee2dbafe7c2246029d909aad0d45eaa931b73e6de80201ec5c0b3871e06489e9ed75c48b6d31c514494fbbf7a3dbd9f108755bb0adba554a8a1a677cc31e333b01850907a052daea75340a285b6ddd9c1a18acd11d5574c813d1af78e46962c1430584a9da7e8ae3569b8bba8709d65696e1931414b457254391f9ea697b275f882cc5f4395b8b9cb65081ca0913f9dc7143d9280e829ea711996408de67d29bc8369613c0ffea564393bd4b5999d24ecb24b79de12138123b1f5aaf4524f0e8b0d6e3ed3c781376d0c0a95c278dae45effdf0368f133c0469cbadc5db1de8e9f7786be6296c04620bea99f8ad5f40b6fba155f6add095723fd4cbf7074f8280519520ef07d1d3375beb9a5df0638c264711c14e40ac5d8d0ac32158883717dffcbd41dfd862267bc74df5c39235f3fe0f848471ad44ed1e60c16c7730b6c6718164e39b58c60715c92c8803843d90204c1a30d35bb4730c249c9247023255c2a9c0b1b0d499a4745bf06ae12e65432d53337e65f56f584155532cce5beee0517cc0ebedd07ac0a64eb313fd3b9697340c707fa38cba65d26ae492fd73bf735242f90f8a07ada2b6971c0e571d47c2f1d38850a92e5d6070e8059f56e80b8aac3157d7fe9b0ac61e13f10dda7036691c2ce1d5a438ff75c269488e2a53afbc647a97f6ce34926b103f2494d99417e6474d1e2e0b0c8cbefde2f7a911b502cd90f77a6b2d842f2764175c2a2abae3c0b467157fc273262308f68219e84b027893f3db9e5893da5f6ff82ca21f97cd4285d29744b7a35ccda62857bde02d1e60f35de87102514e842f69aefc3f30edf3f1cef564a26b3e955fa2c39b8b8a46df8e5e0718bd05a1c700acbf49af8cfceb8789d82ea9b2d685f07f84725b45a84f209317cedba7ba73a191115ad0aa25eff8d6d881899835b54ac0a62fe70b6ed198b915782ff657a4eb16751cfe5b414b8d6affca1cdf8c75c6883684e2c08019060768323b27a940b71c63b01650be52218dc47becb2f22009a00ddb7755a785f148f2d61f0fc49c2c22fb12874e5d8c2da843bff540c3397ca9932d633176a3be7dd321ef0af6d302919032f2bb975188c5af185c4ecc41527361fb6f5fabdc718b5b02bc4a969cf3d99fde3165e9585891f4121d7bdfdeb93b95e27d3d70b739fe4e7d7e13a7cec980b2405b4f6dd55ca4b3ef2ed2e6c0b3f43596037eb37e4596ffe46c844e65f13b3d219bef167d16902f455959632ec1d3ce17c1d694dce834cbb7f71bd9525d4e6558148149965eb517996c2084d8e4730d888b9760a7715dba73da5faf5b8e6748a9a414ab9f1db2f9f8d3d47963c977b8bc2f20a113e54e2ca09eb683f0c1b6e317a35803ad7c4975de279a8feaa61a49221c05410fcee269b24c6773987ebcb3fb071deceb9271c89652d965970710c5e88636b1afcf26b7cdc7a2e389c098a7fa4abb04788746de8c404c6b77bb0820e71afe363382e09dadb35704da5543714c7ba5b8c7f963610f3bbbb059063c57ca31e1224dd2f088b256afe6e01dedc07f868513c804581c4989fad2a5a1c139c4055e0d0eccd70fd1735dfa4ad8102e5040e74f77d56b16c26782a7476c7355256cae57ba70f22e87e933a8d326fe75edaf9f291aaf7f89835b53d98f7aa4fc557532f23cf4473619eabab4b432836f3cc9798b626666b25cef08e4fefe5202d433fae429fd24cba70e75ab8a0088b158491c0c289dcd6cd653754c746056393e6d5b97343084085175e20e218bb76529cc31f539e6a763f34a722cbe5914ec9b0675ef85a4a7e9e89cba7e40bd8c3db443d7723f1acef0d4ad5418aa02071d9acacac41a7fef7909a3f98d22942ec84737d94057c1575c8a60a5871e8a632ee8a2233bba10ec49800f0057ec7bf14edf088f6d4ff616b08df319e95399b11b33b0fd38d235d78a0b5480ddd53731f43c8f9caf95c46bef6c103f9f5cbe4a1b8daffcc3b0f3206dc30cfe2f9b110c51869b55f6b04c65144bf3b912620ebcd0f31b20566308fdfcf7a6f312a3103cf55794d3085ed1a82654fcd18b78b8681962bb8ce7c0f9665b2ed12d7ed63a3b739eb34a780aca2c7a250061a47d5ddea0732edde8e46d697563e23cd799c2d5be4dcfa6f1f5e9581d74820abae294894ff0b13ce96687912b3e42f9cdab25a1be90bfa2150d389e90cdcd062e47c866485ce4e4eb678d477f9f8b2144ea60f52ec0f2ce783053f5cda09423d4333cdd50d45c78e91f4a2b0998e1d43df5db3e5e36068f0ece3bd982ac5974a75f0d31e9d515ba3f3c66bde48830e693b9ec41ab55eeb565c0191463ca47bff898ed68291f2ac5c03276621992b32509f4a03f86873368c4bd24642fa98ebd5725d768c68377bda3c9a0d5276afbdaa9204fdf3c57883ee85abb153786e279a8b4645a00faa591e1c525e17999a2e71c5388d6c86a59faf4bd2c1028c2b17874db598f60e03d1b04e90ce8a45358b934cb6bd3bc400247f89863e6ecd0b7cbcc524ebf2b2370b1e3e63d1f62082f36befd75f3b6096a3c9f5fdd49ee0a4737e8cbfd2875e28ba3cc122204459f4368802ed079be8178e11d8934fa1dd304c7a5b5409a338c2c8a02a8c45c473382a2456feaa2072d1641b2cfc6ae2e441b0e92970ac7d964bbe614a37625b21f66d7c554eb3af62dac97f94a0b678291dc5990a5b109dc6620a2cfe5af821e07b3d4e28cb7b5bf60e87b2d8189d2ec7a484a438457df2828ba6f22d5a96de42ea9d6a9d3172647df12e50d99e051632a84d53e32d15b02ed54b1012e2235208c07c05edff6688680875537b621154d99d93243da9d946478671dbbf7dd99e325b0d11385e7ab160c3633cb415e1134a81c6b2b43883cc6d77068baf18650de83d3ca7eec8f3406c0068910b59e63746ed9baaf77558f66718641fd98b62878cf37b61e230760c7393cf3ae863e9c295600e7e5de0d70fced6f61d57ae2ba6df00fec61689afee7f3332e7ffbf0e1c0c94e4d94e9e92aa2b85a0fa84a50e1ec614de8a9c848c9589906c0e35d4206e38f25852f8dcb2397db02980f86817af70db32143f1aadfdadf3498e313db6d22b22b98082f6a089a0be9c19a67bc836bde4e86301ec2a6052eb7b93d5eaf2c0a4d934135a705010b6d8942117457d4d99401289f2a748cb0e1a2ca712a32860f684c00594c482f87b1465787ae184ab800bed326f40a242b97d12bcad05c0d3361e317f6fafebe3e9dc9da0d7c26757c2082b58b6b12c4944f1668b36616cde7c10d7c8ee336803ebc51e84e469717fd1755f60e384e2df9b07c7b0f29b8deeb2a47ac9167b27841044431ecbb7ee2ff721f45b341a1b9b10f3557fa4951df8b15bbdc3eb027c62268b51714bd1b62e9f0000d3b0addaf240ce4f95f75944efc23a936b496f0bebbe43cd2d3155197a626e7a5b3f00779b500cc201134709f4dfbd558d6948bde6c07594741a77022a0b5547107f2c17125b04d9c916115dad786dce11d4ae6ac0ab104dc6ca374614b612558a620e1fb2eb7f5729c1cdbda66b5ed91ce503450e2e19472a020ac509dc34d3e8d01020790703c73d9118104b4f04af2677ec3225cd5f703f1743e402bed488ceb1e21468d4172c773fddd89a00105c0e86cc615b1f9002786e5ab4759ef816c5c854bcd10b611999e7f5bd4a1d65999d0abcca29650ce2862dcb39bf4abfb6b327912c87487381f833accb38b0bed3a894b8e78913167e05980aa30535ee03ab8cde42e8638e1c5cca3108fc1c3aabf74909a4420aa5ee29205ae0d0e23d9b759bc07b7e7f8e7eb6911b18afdb71ecd83b16104671472a19af3feee9f5de846b1719373c19f25d933429940fbfef2f95ae12d74298fbff5e6e243023c156f86a966043f351181f829beba57e060f644e6615489d6314005092d87c2e819d7319379201f20277a87968b9ddf02c95b555df7199c037a41d6eb9594ecd303768b113a24d851049f3452a090489dcf3e8e33e01f2ca40693844bcbc2a71db129a4eb6ce9870754b38141c96baaaf95efdab894b4d37e670da947b6ba13e550b9708ddacff83a777c98f8cee9f6fde7b3f256212741563e51458ba9b048d41db178959c0022b7a79a1b46705e81f160cb7f1dff4e22ead821200c63bb1d9727c9b8e7c2be93f49d255e1c4ad4892745c07b1f0c2458cc3c2ac496d7f4a10d0cfcc21f357b22039c7c7ceafcc379f45b2a26f6d937b5dc86b64a864eb57340fc0c3e04389041711e790f6b7b213f25e54c142daa14c02371e4651d7b56608ed816aa34edeb099a9251513989bcd5cebd72bdc62f478c16896ebc2f16be4e84673a63482f683f4c5116d337f1607c73bfe493c607d63f8955d10bd7c701eba9b327e4af25eb4dd499892fa12796296d0b52f7f51fbddc689bd763b1fe2a096decd47cebba9c4543aadae6bac8cb6f14205310ff510d1cce317b7e0d370f05e44664af008767b492d905d53359335049e9dea9d56bb1b21bc7cf20f0e1b7a87182dd280469bc5ed8fc71bf9f68486ce3f0b19a54b46554e4b2b5883adfd6d93522a0f2e421d4a8d0044bbe0f638b8fbcea37760dadae0c537b7cd5fd852d26d8e485e2e4eb07bdfebe5c72eda6de8746fbbb80ce9e7cb0fbc0010b0509783f630f9ca5d025620cb90b6d4d76cf0644179da59a6b95e2422e0d33fc5538685c23b704342f5993192b4c52920eb857aa4d87609544659391cefc46fdb58af3ac81d3369df9da371b411b5e0aba822ef24c9ff80e4603afb17f24ae824d38ea8e43343ce661153eddf3e3137dff4fdd3cc2c9422273f546afcf8571b67c5fb59e629abb745b24295e216d65ce1ead7facd522c4a88f2", 0x1000, 0x4}, {&(0x7f0000002a00)="0f6004111738eba06cee2b916cf4910fa6c9c674e515d85bcb93d3ab5e6a5b976598c2dbd9d614f7524acafcc614bae4714d6d4b0f91507241b732ad73149c767bfbc6f9d6e52dd120dc065b3fd86c3464c172e97a46393e2330df2961fde58e6a8b465af00a493437d32614e212e1d55e992af85237abba2048e2e38e3d004256b700341045fc4dfd6c7f5eeaa7a1ee928a26ca75dddfb1d571f6f9fd186e8e0b43b98a649b564cde4b714a037fbb278e6ca2981ddf754381e9a6a9d35706b8610f2bdca634a2cfc310d3a53d075d80c0a0eb94bc5e1f305a8a14567629f4284ad9e5193fd2c8a41ec3482f0d658b9b7eccc295e572e717c2163b2b402694d952089195ffd0773ce7a6d88a544660e69372f6d5c646b73d9b49b4b54fe32fb0f1465fa5412de393058fe80e590dd507231b8905e10be609082417ae137df58d5562abb2b2598158e9bc015f3dd067d109b1006596c183838c3cfdc3d831e87b4fdf488a164cc680dae91e6ff07cf7dc12f05985650ab0947b8c2172403a958ed2cb2d7c236266eed86ad5e227491df67b0eb2ced788a6d628de32b615b7077a4165f8b412d40c2e625150e1dec54748fbf3b828451da74033aa5b2e4a14300cbf1262d291e73d779aa2b4365fa82e73a8c550a4b7ffda5c2de733b3787ccdb00745622604ffa115ca8b1dc91c9f4ae0aec57ebe9048270ffe57df38f47d41e34bb895e0c84e5285bb34cb4ce120d23dfc412d5b9580b5d777e3becad43d6b33753c57291894acc9918929f2e786c224adc4138b39635423e7708be16675749a027d02b2b09950994c9d072d84705fdf644f2ffedefde274532a78b4c512ea77320ec2179d8261ef72b8cd6ab769408f4415532d9feea89113ad957cd94b145c74d4cc335c7a0102df4589e887fb1f06db40173c0d74d5a8a50a1849f6c4bf99f1420889b40459c7b22e39718f82eb6c3bb34e73fa4c122f5f417ab1dfc453b1d4424da9338f51df135abe3d402cea8ea5e90ab50a3ca25dc07c8542735fea852aa8f960eab34cd8c9ad451e5b1a6a603b2d10d804e4b17686c0851ae18a2e55246850e35ae695055b6fa2e3b7afa4d04fed51b2bf3d92d36e61dd9ea3e7d9334c271ed390374f78e84a89fbd232be2bd361d0138838c50754a5df9f1cdcaf0dfe93de525e010872e630a09946f110f367c412e72598b013af87c94753194ab1e7f6e52fce563aca1b2cb5ccfa25f87ee928e3895e55c0fd39276e1c4ee71931d6a4bb945a8381ae21fcbbee8aaf533777fedaae3f43840926f6f39c657c88756887f2ca968fccbe64a66a551a5e96c94bf2a79e4a3788e603b0f111a278fe3b4b833d65c0c1ccec187db06b2ed6a165a22dc8b3b3e323cc6c35ccff78d5babd5ad3652d17712a7ac8965fad8c91566694dd77d1e8918975b6fb635bd56295abc534e122ac101313c8d6a263df28d32948dc9195000127c8afb69dedf7e8bb64e2b2c0e39afdb52c7623983d46d25a81f89cccd5d26b947d601cfe0277a0e3c5713588d412294e8f93716efb3f67bc5dd27c516e9b851007cac568941788d45bacfca5db35771e6c487ad3ab68255647f314527ab0842eb1add9f78a0a65586ebb4052fc1d0b1e5186631a55a3100cc7f5e92ff4f8afa6691eaddd2163fe4955b579b08b478fdcd0a72d23780dc55bedc49885d1c7780320e8dd5a306805d6c8d70e094521ac27fa9fd01ba97be20742519fb1dd536953e099adfa8ab64232163a6e61252db5e60312f61d54fa98db96fd720f73a2ec19d085e0df55724c2a48a89c662bd642583ca3f06cf2dec1ced05e14a7dc6fbe3f72554287812832daa76c9685c42552e13a236ef4dd19e276614ded67cb203d5b75a9fc660b9d3157852af2fdb7891f435d2aa63a5a1ce2001ff2810d8cb9c3a0d450188b50866dbce1c5225fac55308b6c766ca91f43bc592449fdae6518c84b8cce261976924258a36f12e7e3b2fffc16fc37d5c9bdc8912ccf8b54da35e31272f766023631521e0a5ad43c8df501228c99bf47241274f2b11ac761d623f8a38c5771757792587743e4aac8542801421f4d9daa55566184bff0ba97679ae1a961210ded69919414dde60c330b60d51775dc559c84390a7aaa14141da068b1bf0cf9069283d0830d441ef03ca5026eab7e77f036fab40815753a4f3bb1635e285bec95020e6adcfc1a539c79689e3caa58ef05aeb558c9987cd5354939a8491f4e6ff06d6db3d49fd134b21b7e3c4bb7230c08a9f39cf397eb62a1c3e5481294fa598e020fbdb18ec554d4a4ba9cccd768aaf27c6b785a9705bd56b85fad7cf93a22145aa008ff203bd60ae04962cef5c1b066636049edc3513f3be8ba4e477d5d33fb394d69a08d0262576066038373a6e46562429eeeaff087ac42d8130609ed5201535eace7d09eadbfa2974d4164eb062a1cde9de89f6a58372578d956b2f0f84428b4baafcf3f0042b6b572b93330c43b6290799d5c0ac716002cbb073e3622ba760083835f2f24c59f642f4581663a1d7ea0482c71d2dda4c1031e068f945bd2219eff8ad0ec8443945c5d8b58c72c073f7df1721f4eb90479cdd1f11c4406e99065f88bdfd2eb365a77ee8e4c31448d4468058f6a9c434425bd6b561b3d04eb5e1c3fc73c3f88c8cc9a27a04e38ebc580e0d18b82eddafcb11478dc3e2cab3274a59e5302049b431bddb28fb61ca917f273837e616d293dd60086bd449ebd17720091a073ed433cf371da92a5a8036d5556306ac07f8470e4192aa457c3be6fb5e9b05acf7513e65897099e72805afb21971a060c199b5c25bb5f99ce32111fa1af20f68c0e7d401ad778d66daf27ce0de57c4bdb9fca541dec99852c2a96c77294e398a8b7de04a4f62ede93d8f569de897475347af6859bc35cd3d1d8d8b09410f8bf70557ca5f9e9046025dc32062777ff834ac1a71bab2f3e07ec79d41a70d0120550065bed10d9a3e866f999a36ec96f7235f4e708d6c329ad9a4537d71014eb12d3898c7fea282c17d4922e3be51224553d768fc37a30f850fc3aceedd4ebbccea6d68953644f5023342d3259e7cc6e36d0d839e57cc327d1de260d1784a5472250952044bc134c3ee150a6670a0ef4288cd58f07223b846f8dfe36057d1207be2f1553292a80e5020c01b63bda2e4348608dcccc46061302d99594b49c29963a42e3247ca68789545a7f99757fea9de447cb4965fb681ef633a0aa601b7786094e3df72abb216f0c2b1090f909108393882f6421dcb8fd37cbe6d949c78b714413e23a991de905c1bfd803f48e32f9972ac88da11dd23fb7511e215abae227cfc34b035ed11ee97237b1b537abea6d6e0f171c5b1acce0e21f89b410a3f14ccea15ab9866d0608aa14d563b67858415ce4b02d4e83082ebcab30654fdae59df542c1ba2320d7bb501729420e6bc55ddc1c5fdb032135416d683b17c2bee0574e09bc0e935c6b51730222b4517f8934b2be94da46022869677ce53c048449d63068149e5ba14adcd2a878c3b7e64e9e8aac0a11043da25d232eb7342ae07982464cfbd0e7aaf896ca1f82ac86271fa8f8a76b20fa7d2c45cef318960b75118b10d18b083cd7d5fbc49e370d00b64be14789d3addb44e6c5c6cfea8046e2b96b52089c16bdb8e5566fb825e2fbe0e2917d5eaf3e5f547c82d4f4d1f8a5a4af2885a5a708a77996a8ad6678ec2f3f372d026e8ea0214a6aa3159dce7827cc8e821525ee1cc15249aa74ba15f3929a1767814998e0554acadada83ec85f8c77018b1b26155263887695399dd368cc7d969e8b6e9dd65535fdfa8caec43b3de7dcbaee2774decdcc41ea86702de868b2d528d42f0c4e5578518ecb93afac4656a9c073b4b13c56e2e3f3efaaa202217a89e14a6f7d8188b9a9ad90d776697a2a21c4560355d76548ec6925161111cf64faf521e85e14caad1ca74f12c9a302c6f41f98dc8b0dd0dc96b261f9980a01a6a3a17e561932a785b4588c2d43c8b13be0a115cddfdd75c29e9d1c885255b752601cbe0d5695dc3cce82f054cd97f24771cd361822be4e6ded1dd538d46788f41936f51ef0d0310988cdb4d11d807a6c5417c3f66b85c42b976ce262dc782384f210b45890ff8794f80755b945eba1d0b5c7a638331fd3e4f8b99b287e1142ac10842793f0373f8783eba71ba37f16eeea92c33ba47af833cd116598024ee9d4cecdbc6ffd367b8bda63e311b128177d8fcf4e8fc7732ec5f302cc11cf1721da7c780b8689996ce9ceaea6f5ffafa07b59de0d6611bf9f047ebb2025085d15d007e39a43b387fac95fb2ecd6923d0fc4e9db90e2d193eb7fc44cc97a57d1aba6021008d680eb2057730e70c5b9e04eaf09aa22c84bc3574552eed00868b22dab149b61b6ee13b7ab94d1789fcaf05d4f76c4ec6b0bc13565a9707b2b2d3009fcd6fc43f817da8112cadc5f6ea98bc891b5165fb592ce5d90b5c2a135b118f53880cca50ed41fc43078046b8a673aa3ca3a22aa85b47c7ddd0bf399a3d8f3f9daf89ba2aa2e3867ac124806aab2c85c35246aeea82e67c09a125a5335de977289cf118bbd4db921927526ee5d2a7f07d206212c9e2c026b06232615324adad99df59468cc852c1fcc73ab4194714b8e3365879e20e8fd11e37f083c7a5ecc2d4719d53cab4c66f58cfefb69f4503644f28ae61b1f1271543ca3d6230abf0affe4edce0a9d31370c3d0e8fe07926ae38556685c4ca02d7ce044b52b922c7db6ad8904419a059c48cf0f2e3c64671d2ec5f7f6a9ec79e435c9404b9f799b18a65584498bd4a8fd67e520cf88344de2ff6fe0c6fd8cef5f8b717d52cc5f778bb226c33336c68e84a5401e931efe4fe6244e5d9a69a74dc49d262cd848cbde02e9d03d6e820011b80b94c600c48573bdb4b6b983ea3d5586c9654c9e770eb023bcc657c2989ef886f614957d72b60c658f3d6919317e73301d4b90f5789cac55df3f9e2ca79cd8da3a7531d88df5b2dfcbb8f55abcc9bec691118860ed3bfa5b3e7aeb78d1b8e58188495df2623dff975bb07e9ed00e12634aab2ae64936c334a1b03b0374608459e0d3ea096e7d432d6888fa43c4dd210500d0f4fdaa1af804888a4cd720c5e537fb19cb2f248b8d27856b4a6adaa2b5fe8d8fbac1308cea387b2e44309be525f890cbc46e18099c6b14f5f33d58b8ede6b5642aec672eb2679d6091e153659aa16402a2645e27fd7b75a3c0665fba83c3f9fa6f0c94a48a72c1d69713b6d789883f56744462457be4d6e03d8c3532bc250e652bceb37659745c81267dc26cbbfe98f512119562a66cacd717bcbdf2cbdd5f0271bf90cdc79bb8184a34691ec0707324cbd6ae1f10569183e1c9d403e3a0b80b356a73cb84f17c7a42b0845eac4441523509cb98677f1f91c19a63549f628b296e0225c02776bff7a29659a5e9a47d71fd99cb1cdeb3b1c1134ecd5721aa0943054b5c932bf0c747e141cf8d2fe302c70aa816f22eb1e8bee3c5b92f55b756330a4ff7ca784ffcf7089e348e6824575d7f7060768f4e88a4dda6e28d0d3a3c5b08279ec4f94c6963d1d3e72bcc5ea9854c28f4f99896ecf3c8ee2df4931782a9b8cef78ba5b329ffa802006557cb920828ab71fbc2b838b8cd40ff2fbcbf527fa213bdfd5d22395a2ac860dd2f240a2f34b302005959e43d48240ab1cb46701548de700ced5993700a4e834b77701d7e958fbee0b4ece915b2b3dbb7e35d979ffd14a28c21f927cff163c9e5bbee347e0bfaf0e78838a836fd2deddae5", 0x1000}, {&(0x7f0000000280)="bb2446765359385bda967620a6e1b93125b7b32910d315cdd507f00d6776367871bdf350eebaeaa5315c203a1b93400e73f6a9bca19e0a8d53c0f48b27f8e4114e6d2bd437b57e9fb0dd01b3256c8df661d3007b95d9ac47f2b3d08144c8a624aa30ffc4a8520666e6ed0e266477a4e1f261d464a695b10831cc2f", 0x7b}, {&(0x7f0000003a00)="cbe9b4132c8e304ed9dd5a84b32b1f746983a4b663e55b4dca59375b343ee67de9682625284c8a17eebb1c5a6972172c9882814ec3e58834", 0x38, 0xd6}], 0x100000, &(0x7f0000003c40)={[{@extent_cache='extent_cache'}, {@background_gc_sync='background_gc=sync'}, {@acl='acl'}, {@fsync_mode_strict='fsync_mode=strict'}, {@fsync_mode_strict='fsync_mode=strict'}], [{@smackfsdef={'smackfsdef', 0x3d, 'state\x00'}}, {@euid_gt={'euid>', r2}}, {@pcr={'pcr', 0x3d, 0x3a}}, {@smackfshat={'smackfshat', 0x3d, '\x00'}}]}) 08:44:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:31 executing program 5 (fault-call:1 fault-nth:52): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 848.159944] IPVS: set_ctl: invalid protocol: 135 172.20.20.187:20003 [ 848.203252] FAULT_INJECTION: forcing a failure. [ 848.203252] name failslab, interval 1, probability 0, space 0, times 0 [ 848.214690] CPU: 1 PID: 32217 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 848.223201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.232569] Call Trace: [ 848.235195] dump_stack+0x244/0x39d [ 848.238840] ? dump_stack_print_info.cold.1+0x20/0x20 [ 848.244031] should_fail.cold.4+0xa/0x17 [ 848.248103] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 848.249641] binder_thread_write: 1 callbacks suppressed [ 848.249651] binder: 32214:32218 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 848.253222] ? debug_smp_processor_id+0x1c/0x20 [ 848.253241] ? perf_trace_lock_acquire+0x15b/0x800 [ 848.253261] ? kasan_kmalloc+0xc7/0xe0 [ 848.275655] binder_transaction: 1 callbacks suppressed [ 848.275668] binder: 32214:32218 got reply transaction with no transaction stack [ 848.276278] ? kasan_slab_alloc+0x12/0x20 [ 848.289053] binder: 32214:32218 transaction failed 29201/-71, size 1811939328-0 line 2741 [ 848.292893] ? zap_class+0x640/0x640 [ 848.292923] ? find_held_lock+0x36/0x1c0 [ 848.292944] ? __lock_is_held+0xb5/0x140 [ 848.310207] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.313203] ? perf_trace_sched_process_exec+0x860/0x860 [ 848.313222] ? copy_process+0x4550/0x8770 [ 848.313242] ? lock_downgrade+0x900/0x900 [ 848.336527] __should_failslab+0x124/0x180 [ 848.340783] should_failslab+0x9/0x14 [ 848.344598] kmem_cache_alloc+0x2be/0x730 [ 848.348772] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 848.353811] vm_area_dup+0x7a/0x230 [ 848.357452] ? vm_area_alloc+0x1d0/0x1d0 [ 848.361527] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 848.367078] ? vma_resv_map+0x139/0x1e0 [ 848.371101] copy_process+0x42a5/0x8770 [ 848.375121] ? __cleanup_sighand+0x70/0x70 [ 848.379380] ? perf_trace_lock_acquire+0x15b/0x800 [ 848.379414] ? print_usage_bug+0xc0/0xc0 [ 848.379444] ? ima_match_policy+0x848/0x1560 [ 848.392855] ? check_preemption_disabled+0x48/0x280 [ 848.397893] ? print_usage_bug+0xc0/0xc0 08:44:32 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xffffff8c}}) 08:44:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0xffffffffffffffff}) write$P9_RSTATFS(r1, &(0x7f00000000c0)={0x43, 0x9, 0x2, {0xfffffffffffffffb, 0x0, 0x2, 0x2745, 0x8, 0x2, 0x6, 0x3f}}, 0x43) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000040)=0x3) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={0x0, 0x7, 0x1, [0x0]}, &(0x7f0000000180)=0xa) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={r2, 0x5}, 0x8) 08:44:32 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x600}}) 08:44:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 848.401967] ? kasan_check_read+0x11/0x20 [ 848.406133] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 848.411445] ? __lock_acquire+0x62f/0x4c20 [ 848.415711] ? mark_held_locks+0x130/0x130 [ 848.419978] ? mark_held_locks+0x130/0x130 [ 848.424235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.429792] ? check_preemption_disabled+0x48/0x280 [ 848.434826] ? debug_smp_processor_id+0x1c/0x20 [ 848.439511] ? print_usage_bug+0xc0/0xc0 [ 848.443590] ? check_preemption_disabled+0x48/0x280 [ 848.448634] ? print_usage_bug+0xc0/0xc0 [ 848.452729] ? perf_trace_lock_acquire+0x15b/0x800 [ 848.457676] ? zap_class+0x640/0x640 [ 848.461442] ? __lock_acquire+0x62f/0x4c20 [ 848.465706] ? mark_held_locks+0x130/0x130 [ 848.469973] ? __lock_acquire+0x62f/0x4c20 [ 848.474239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.479800] ? check_preemption_disabled+0x48/0x280 [ 848.484837] ? dput.part.25+0x241/0x860 [ 848.488835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.494395] ? check_preemption_disabled+0x48/0x280 08:44:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) clock_gettime(0x0, &(0x7f0000000040)) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 848.499446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.505008] ? mark_held_locks+0x130/0x130 [ 848.509272] ? zap_class+0x640/0x640 [ 848.513010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.518568] ? check_preemption_disabled+0x48/0x280 [ 848.523604] ? debug_smp_processor_id+0x1c/0x20 [ 848.528293] ? perf_trace_lock_acquire+0x15b/0x800 [ 848.533249] ? perf_trace_lock+0x7a0/0x7a0 [ 848.537500] ? find_held_lock+0x36/0x1c0 [ 848.541582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.547139] ? _parse_integer+0x134/0x180 08:44:32 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) timerfd_settime(r0, 0x5, &(0x7f0000000080), &(0x7f0000000300)) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2001, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x5}, &(0x7f0000000100)=0x8) r4 = getpgrp(0x0) ptrace$setregset(0x4205, r4, 0x202, &(0x7f0000000280)={&(0x7f00000001c0)="03c6ab15f988134fbecba2402203f3be7165ef4994b49b0e93fd187cd905acb65cc37456b92e789f16636db6f482b13932d433d5e929d086a2b73ff6d13238e4a879bb796872509576e7fda8266e195affe22e7c2204d8ab6e4c70d7e45246a7f6e4b3785cad526f7c536b214adb7527bc549ddc7d8c4451885642cbace0cdfc1adb83322a4da6b2d07ec67b754a54b00476a1e0bfba312bab37dfc9ba16b97c24c9e6cc36e7a72bc709a5d32bb901bfe504c0ab3c87a4644f7af7", 0xbb}) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) clock_nanosleep(0x2, 0x1, &(0x7f0000000340)={r5, r6+10000000}, &(0x7f0000000380)) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000140)={r3, 0x0, 0x9, 0xa9}, &(0x7f0000000180)=0x10) [ 848.551321] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 848.556873] ? _kstrtoull+0x188/0x250 [ 848.560692] ? _parse_integer+0x180/0x180 [ 848.564860] ? zap_class+0x640/0x640 [ 848.568595] ? lock_release+0xa10/0xa10 [ 848.572594] ? find_held_lock+0x36/0x1c0 [ 848.576674] ? zap_class+0x640/0x640 [ 848.580419] ? get_pid_task+0xd6/0x1a0 [ 848.584326] ? lock_downgrade+0x900/0x900 [ 848.588490] ? check_preemption_disabled+0x48/0x280 [ 848.593532] ? find_held_lock+0x36/0x1c0 [ 848.597626] ? __f_unlock_pos+0x19/0x20 [ 848.601619] ? lock_downgrade+0x900/0x900 [ 848.605789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 848.611340] ? proc_fail_nth_write+0x9e/0x210 [ 848.615851] ? proc_cwd_link+0x1d0/0x1d0 [ 848.619941] ? find_held_lock+0x36/0x1c0 [ 848.624024] _do_fork+0x1cb/0x11c0 [ 848.627586] ? fork_idle+0x1d0/0x1d0 [ 848.631322] ? __lock_is_held+0xb5/0x140 [ 848.634495] binder: 32235:32247 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 848.635414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.635434] ? check_preemption_disabled+0x48/0x280 [ 848.635458] ? __sb_end_write+0xd9/0x110 [ 848.635480] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 848.635497] ? fput+0x130/0x1a0 [ 848.635515] ? do_syscall_64+0x9a/0x820 [ 848.635531] ? do_syscall_64+0x9a/0x820 [ 848.635551] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 848.643785] binder: 32235:32247 got reply transaction with no transaction stack [ 848.649161] ? trace_hardirqs_on+0xbd/0x310 [ 848.649185] ? __ia32_sys_read+0xb0/0xb0 [ 848.649204] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 848.649220] ? trace_hardirqs_off_caller+0x300/0x300 [ 848.649241] __x64_sys_clone+0xbf/0x150 [ 848.649263] do_syscall_64+0x1b9/0x820 [ 848.649277] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 848.649295] ? syscall_return_slowpath+0x5e0/0x5e0 [ 848.649315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 848.665499] binder: 32235:32247 transaction failed 29201/-71, size 29696-0 line 2741 [ 848.667201] ? trace_hardirqs_on_caller+0x310/0x310 [ 848.667223] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 848.667243] ? prepare_exit_to_usermode+0x291/0x3b0 08:44:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:32 executing program 5 (fault-call:1 fault-nth:53): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000000c0)={0xffffffff, 0x0, 0x10002, 0x24507222}) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000100)={r3, 0x7}) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @reserved}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) fcntl$getownex(r2, 0x10, &(0x7f00000001c0)) tkill(r0, 0x1004000000016) [ 848.667270] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 848.674178] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.675225] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 848.675240] RIP: 0033:0x457569 [ 848.675258] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 848.675268] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 848.675285] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 848.675295] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 848.675304] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 848.675314] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 848.675324] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 848.795814] binder: 32251:32254 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 848.802915] FAULT_INJECTION: forcing a failure. [ 848.802915] name failslab, interval 1, probability 0, space 0, times 0 [ 848.806279] binder: 32251:32254 got reply transaction with no transaction stack [ 848.812880] CPU: 0 PID: 32255 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 848.812897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.821325] binder: 32251:32254 transaction failed 29201/-71, size 26624-0 line 2741 [ 848.827431] Call Trace: [ 848.827456] dump_stack+0x244/0x39d [ 848.827481] ? dump_stack_print_info.cold.1+0x20/0x20 [ 848.827511] should_fail.cold.4+0xa/0x17 [ 848.827532] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 848.827551] ? debug_smp_processor_id+0x1c/0x20 [ 848.827569] ? perf_trace_lock_acquire+0x15b/0x800 [ 848.827587] ? kasan_kmalloc+0xc7/0xe0 [ 848.840145] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.843422] ? kasan_slab_alloc+0x12/0x20 [ 848.843446] ? zap_class+0x640/0x640 [ 848.843476] ? find_held_lock+0x36/0x1c0 [ 848.843499] ? __lock_is_held+0xb5/0x140 [ 848.843578] ? raid5_takeover+0x168/0x560 [ 848.843611] ? perf_trace_sched_process_exec+0x860/0x860 [ 848.908671] binder: 32258:32259 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 848.908734] ? copy_process+0x4550/0x8770 [ 848.913731] binder: 32258:32259 got reply transaction with no transaction stack [ 848.918329] ? lock_downgrade+0x900/0x900 [ 848.918355] __should_failslab+0x124/0x180 [ 848.918378] should_failslab+0x9/0x14 [ 848.918396] kmem_cache_alloc+0x2be/0x730 [ 848.918430] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 848.918449] vm_area_dup+0x7a/0x230 [ 848.918468] ? vm_area_alloc+0x1d0/0x1d0 [ 848.923232] binder: 32258:32259 transaction failed 29201/-71, size 432345564227567616-0 line 2741 [ 848.927812] copy_process+0x42a5/0x8770 [ 848.927869] ? __cleanup_sighand+0x70/0x70 [ 848.927897] ? perf_trace_lock_acquire+0x15b/0x800 [ 848.927921] ? print_usage_bug+0xc0/0xc0 [ 848.927949] ? ima_match_policy+0x848/0x1560 [ 848.936144] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.939866] ? check_preemption_disabled+0x48/0x280 [ 848.939887] ? print_usage_bug+0xc0/0xc0 [ 848.939907] ? kasan_check_read+0x11/0x20 [ 848.939927] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 848.939951] ? __lock_acquire+0x62f/0x4c20 [ 848.939986] ? mark_held_locks+0x130/0x130 [ 848.995217] binder: 32261:32262 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 848.998195] ? mark_held_locks+0x130/0x130 [ 848.998218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.998236] ? check_preemption_disabled+0x48/0x280 [ 848.998257] ? debug_smp_processor_id+0x1c/0x20 [ 848.998276] ? print_usage_bug+0xc0/0xc0 [ 849.002581] binder: 32261:32262 got reply transaction with no transaction stack [ 849.011358] ? check_preemption_disabled+0x48/0x280 [ 849.011376] ? print_usage_bug+0xc0/0xc0 [ 849.011418] ? perf_trace_lock_acquire+0x15b/0x800 [ 849.011435] ? zap_class+0x640/0x640 [ 849.011476] ? __lock_acquire+0x62f/0x4c20 [ 849.011508] ? mark_held_locks+0x130/0x130 [ 849.016393] binder: 32261:32262 transaction failed 29201/-71, size 67108864-0 line 2741 [ 849.019713] ? __lock_acquire+0x62f/0x4c20 [ 849.019732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.019748] ? check_preemption_disabled+0x48/0x280 08:44:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 849.019766] ? dput.part.25+0x241/0x860 [ 849.019783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.019799] ? check_preemption_disabled+0x48/0x280 [ 849.019818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.029460] binder: undelivered TRANSACTION_ERROR: 29201 [ 849.033205] ? mark_held_locks+0x130/0x130 [ 849.033243] ? zap_class+0x640/0x640 [ 849.033263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.033279] ? check_preemption_disabled+0x48/0x280 [ 849.033301] ? debug_smp_processor_id+0x1c/0x20 [ 849.033320] ? perf_trace_lock_acquire+0x15b/0x800 [ 849.099832] binder: 32264:32265 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 849.105022] ? perf_trace_lock+0x7a0/0x7a0 [ 849.105038] ? find_held_lock+0x36/0x1c0 [ 849.105058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.105077] ? _parse_integer+0x134/0x180 [ 849.105101] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 849.105118] ? _kstrtoull+0x188/0x250 [ 849.105136] ? _parse_integer+0x180/0x180 [ 849.105160] ? zap_class+0x640/0x640 [ 849.110503] binder: 32264:32265 got reply transaction with no transaction stack [ 849.114241] ? lock_release+0xa10/0xa10 [ 849.114265] ? find_held_lock+0x36/0x1c0 [ 849.114290] ? zap_class+0x640/0x640 [ 849.114313] ? get_pid_task+0xd6/0x1a0 [ 849.114331] ? lock_downgrade+0x900/0x900 [ 849.114350] ? check_preemption_disabled+0x48/0x280 [ 849.120373] binder: 32264:32265 transaction failed 29201/-71, size 108-0 line 2741 [ 849.122987] ? find_held_lock+0x36/0x1c0 [ 849.123017] ? __f_unlock_pos+0x19/0x20 [ 849.123036] ? lock_downgrade+0x900/0x900 [ 849.123057] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 849.123073] ? proc_fail_nth_write+0x9e/0x210 [ 849.123089] ? proc_cwd_link+0x1d0/0x1d0 [ 849.123112] ? find_held_lock+0x36/0x1c0 [ 849.131282] binder: undelivered TRANSACTION_ERROR: 29201 [ 849.131572] _do_fork+0x1cb/0x11c0 [ 849.330088] ? fork_idle+0x1d0/0x1d0 [ 849.333819] ? __lock_is_held+0xb5/0x140 [ 849.337905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.343471] ? check_preemption_disabled+0x48/0x280 [ 849.348518] ? __sb_end_write+0xd9/0x110 [ 849.352604] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 849.358154] ? fput+0x130/0x1a0 [ 849.361434] ? do_syscall_64+0x9a/0x820 [ 849.365417] ? do_syscall_64+0x9a/0x820 [ 849.369423] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 849.374017] ? trace_hardirqs_on+0xbd/0x310 [ 849.378336] ? __ia32_sys_read+0xb0/0xb0 [ 849.382426] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 849.387779] ? trace_hardirqs_off_caller+0x300/0x300 [ 849.392895] __x64_sys_clone+0xbf/0x150 [ 849.396877] do_syscall_64+0x1b9/0x820 [ 849.400758] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 849.406126] ? syscall_return_slowpath+0x5e0/0x5e0 [ 849.411073] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 849.415920] ? trace_hardirqs_on_caller+0x310/0x310 [ 849.420925] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 849.425931] ? prepare_exit_to_usermode+0x291/0x3b0 [ 849.430941] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 849.435796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 849.440990] RIP: 0033:0x457569 [ 849.444177] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 849.463090] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 849.470803] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 849.478060] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 849.485327] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 849.492604] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 849.499872] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x4}}) 08:44:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x0, 0x0) getsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000100)=0x1f, &(0x7f00000001c0)=0x2) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:33 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x900}}) 08:44:33 executing program 5 (fault-call:1 fault-nth:54): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:33 executing program 3: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x100, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f00000000c0)={0xfffffffffffeffff, 0xfffffffffffffe01}) r1 = timerfd_create(0x0, 0x0) r2 = dup(r1) timerfd_settime(r2, 0x4000000000003, &(0x7f0000000080), &(0x7f0000000140)) mount$overlay(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='overlay\x00', 0x6000, &(0x7f0000000580)={[{@nfs_export_on='nfs_export=on'}, {@workdir={'workdir', 0x3d, './file0'}}, {@xino_off='xino=off'}, {@xino_auto='xino=auto'}], [{@smackfsroot={'smackfsroot', 0x3d, 'sit0\x00'}}]}) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000100)={0x10000000, 0x8, 0x3d}) openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0x400, 0x0) bind$llc(r0, &(0x7f0000000480)={0x1a, 0x33a, 0xdab0, 0xc0000000, 0x2, 0x6, @broadcast}, 0x10) ioctl$sock_ifreq(r2, 0x8971, &(0x7f0000000380)={'sit0\x00', @ifru_data=&(0x7f0000000340)="ad6ebd36011618ac2ce2ee1cae243c43e71c9152a199013fd66b33fbb6341608"}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, 0x1}) accept(r0, &(0x7f00000003c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000440)=0x80) timer_create(0x7, &(0x7f0000000200)={0x0, 0x3, 0x3, @thr={&(0x7f0000000180)="176292ab2e1e4b603de300f149313b1fa75666fdfb9dc99862a2da98575883a0c7a38bc960c5eb88cfdc0577d06e3766e26f5168d7", &(0x7f00000001c0)="53adc2773ca5deb629b1c2"}}, &(0x7f0000000240)=0x0) timer_gettime(r3, &(0x7f0000000280)) setsockopt$inet_tcp_int(r2, 0x6, 0xa, &(0x7f00000002c0)=0x9, 0x4) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000300)={0x4, 0x200}) [ 849.596033] binder: 32272:32278 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 849.611712] FAULT_INJECTION: forcing a failure. [ 849.611712] name failslab, interval 1, probability 0, space 0, times 0 [ 849.625355] binder: 32272:32278 got reply transaction with no transaction stack [ 849.629138] Unknown ioctl 1074296581 [ 849.639776] Unknown ioctl -1072143302 [ 849.641247] binder: 32272:32278 transaction failed 29201/-71, size 104-0 line 2741 [ 849.644867] Unknown ioctl 1074835116 [ 849.654735] CPU: 1 PID: 32279 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 849.659915] Unknown ioctl 1074296581 [ 849.663942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.663950] Call Trace: [ 849.663982] dump_stack+0x244/0x39d [ 849.664012] ? dump_stack_print_info.cold.1+0x20/0x20 [ 849.669034] Unknown ioctl -1072143302 [ 849.677075] ? lock_downgrade+0x900/0x900 [ 849.677093] ? check_preemption_disabled+0x48/0x280 [ 849.677116] should_fail.cold.4+0xa/0x17 [ 849.677135] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 849.677149] ? unwind_dump+0x190/0x190 [ 849.677184] ? is_bpf_text_address+0xd3/0x170 [ 849.719215] ? kernel_text_address+0x79/0xf0 [ 849.723642] ? __kernel_text_address+0xd/0x40 [ 849.728159] ? unwind_get_return_address+0x61/0xa0 [ 849.733112] ? __save_stack_trace+0x8d/0xf0 [ 849.737472] ? save_stack+0xa9/0xd0 [ 849.741119] ? save_stack+0x43/0xd0 [ 849.744754] ? kasan_kmalloc+0xc7/0xe0 [ 849.748654] ? kasan_slab_alloc+0x12/0x20 [ 849.752820] ? kmem_cache_alloc+0x12e/0x730 [ 849.757155] ? vm_area_dup+0x7a/0x230 [ 849.760971] ? copy_process+0x42a5/0x8770 [ 849.765129] ? __x64_sys_clone+0xbf/0x150 [ 849.769291] ? do_syscall_64+0x1b9/0x820 [ 849.773371] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 849.778771] ? percpu_ref_put_many+0x11c/0x260 [ 849.783379] __should_failslab+0x124/0x180 [ 849.787644] should_failslab+0x9/0x14 [ 849.791464] kmem_cache_alloc+0x47/0x730 [ 849.795542] ? rcu_softirq_qs+0x20/0x20 [ 849.799541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.805130] anon_vma_clone+0x140/0x710 [ 849.809135] ? unlink_anon_vmas+0xa60/0xa60 [ 849.813483] ? dup_userfaultfd+0x6d8/0x890 [ 849.817740] anon_vma_fork+0xf4/0x820 [ 849.821565] ? anon_vma_clone+0x710/0x710 [ 849.825733] ? vm_area_dup+0x1a8/0x230 [ 849.830158] ? vm_area_alloc+0x1d0/0x1d0 [ 849.834250] copy_process+0x47cc/0x8770 [ 849.838278] ? __cleanup_sighand+0x70/0x70 [ 849.842545] ? perf_trace_lock_acquire+0x15b/0x800 08:44:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) fstatfs(r1, &(0x7f0000000340)=""/4096) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000040)={0xc, 0x8, 0xfa00, {&(0x7f00000000c0)}}, 0x10) 08:44:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000040)) 08:44:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000240)={0x9, 0x1, 0x3ff, 0x0, 0x0}, &(0x7f0000000280)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0x54, &(0x7f0000000340)=[@in6={0xa, 0x4e23, 0x3, @remote, 0x100000000}, @in6={0xa, 0x4e23, 0x6, @mcast1, 0xffffffff}, @in6={0xa, 0x4e24, 0x8, @mcast2, 0x1f}]}, &(0x7f00000003c0)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e21, @broadcast}}, 0xcb35, 0x1}, &(0x7f00000004c0)=0x90) sendmsg$inet_sctp(r1, &(0x7f00000005c0)={&(0x7f0000000040)=@in6={0xa, 0x4e23, 0x80000001, @mcast2}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)="28ae9f9479bca16a858cf8173355d167477e34eef064359129075f4d09f87654cfed4c91b59ec1b56af84f40c8142a10ac12bd382dab97a3c35714ca3e1caf494ecb8b03c91cd17fbd87f41215924005d547224e0bbc07644a34edec460cbf251a7c787327e0f28de52015715cbdfcf1628b98d6d9d1fe1db9e294441673ae29503c68af0d3b94eda336f12441491253bde209154edec9305be8fb64af2b7e05", 0xa0}, {&(0x7f0000000180)="3a4697a33fe1968b298900691bd284c4633c8f3742a90c80fa3218b2537d938e5740f1a9560ea816fe4994b3e38e994424b92df16ed533404895318cef43cd6974c45449a2928e7cd6c598fd9e", 0x4d}], 0x2, &(0x7f0000000500)=ANY=[@ANYBLOB="3000000000000000840000000100000001009d00098000000000000002000000010000003f00000001010000", @ANYRES32=r2, @ANYBLOB="300000000000000084000000010000000000090006820000090000000800000002000000080000000400ea00", @ANYRES32=r3, @ANYBLOB="20000000000000008400000008000000ff02000000000000000000000000000118000000000000008400000000000000030000003f008dbf20000000000000008400000002000000030008000900000005000000", @ANYRES32=r4], 0xb8, 0x20000000}, 0x4010) 08:44:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) recvfrom(r1, &(0x7f00000000c0)=""/75, 0x4b, 0x40010000, &(0x7f0000000140)=@pptp={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x14, 0x1a}}}, 0x80) [ 849.847501] ? print_usage_bug+0xc0/0xc0 [ 849.851584] ? ima_match_policy+0x848/0x1560 [ 849.856007] ? check_preemption_disabled+0x48/0x280 [ 849.861039] ? print_usage_bug+0xc0/0xc0 [ 849.865121] ? kasan_check_read+0x11/0x20 [ 849.869288] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 849.874596] ? __lock_acquire+0x62f/0x4c20 [ 849.878867] ? mark_held_locks+0x130/0x130 [ 849.883134] ? mark_held_locks+0x130/0x130 [ 849.887397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:44:33 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) fallocate(r0, 0x58, 0x3, 0x1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x3}) [ 849.892967] ? check_preemption_disabled+0x48/0x280 [ 849.898000] ? debug_smp_processor_id+0x1c/0x20 [ 849.902684] ? print_usage_bug+0xc0/0xc0 [ 849.906757] ? check_preemption_disabled+0x48/0x280 [ 849.911793] ? print_usage_bug+0xc0/0xc0 [ 849.915884] ? perf_trace_lock_acquire+0x15b/0x800 [ 849.920832] ? zap_class+0x640/0x640 [ 849.924593] ? __lock_acquire+0x62f/0x4c20 [ 849.928854] ? mark_held_locks+0x130/0x130 [ 849.933115] ? __lock_acquire+0x62f/0x4c20 [ 849.937371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.942928] ? check_preemption_disabled+0x48/0x280 08:44:33 executing program 3: timerfd_create(0x4, 0x800) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000080), &(0x7f0000000300)) socketpair(0x4, 0x2, 0x7, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000180)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000000c0)={0xfffffffffffffff9, 0x2, 'client1\x00', 0x1, "92a7c1fc7b6c9dc5", "3fdb313c2ec1ee547e24c1abe34d2d43ccb0690b70b775140cb862740971ac71", 0x6, 0x8}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0x40085400, &(0x7f0000000000)={0x7}) r2 = getpgid(0xffffffffffffffff) sched_getscheduler(r2) [ 849.947958] ? dput.part.25+0x241/0x860 [ 849.951947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.957502] ? check_preemption_disabled+0x48/0x280 [ 849.962539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.968099] ? mark_held_locks+0x130/0x130 [ 849.972361] ? zap_class+0x640/0x640 [ 849.976098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.981653] ? check_preemption_disabled+0x48/0x280 [ 849.986686] ? debug_smp_processor_id+0x1c/0x20 [ 849.991379] ? perf_trace_lock_acquire+0x15b/0x800 [ 849.996345] ? perf_trace_lock+0x7a0/0x7a0 [ 850.000594] ? find_held_lock+0x36/0x1c0 [ 850.004675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.010227] ? _parse_integer+0x134/0x180 [ 850.014394] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 850.019955] ? _kstrtoull+0x188/0x250 [ 850.023773] ? _parse_integer+0x180/0x180 [ 850.027928] ? zap_class+0x640/0x640 [ 850.031643] ? lock_release+0xa10/0xa10 [ 850.035615] ? find_held_lock+0x36/0x1c0 [ 850.039667] ? zap_class+0x640/0x640 [ 850.043417] ? get_pid_task+0xd6/0x1a0 [ 850.047309] ? lock_downgrade+0x900/0x900 [ 850.051461] ? check_preemption_disabled+0x48/0x280 [ 850.056475] ? find_held_lock+0x36/0x1c0 [ 850.060537] ? __f_unlock_pos+0x19/0x20 [ 850.064521] ? lock_downgrade+0x900/0x900 [ 850.068666] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 850.074207] ? proc_fail_nth_write+0x9e/0x210 [ 850.078694] ? proc_cwd_link+0x1d0/0x1d0 [ 850.082752] ? find_held_lock+0x36/0x1c0 [ 850.086823] _do_fork+0x1cb/0x11c0 [ 850.090406] ? fork_idle+0x1d0/0x1d0 [ 850.094115] ? __lock_is_held+0xb5/0x140 [ 850.098180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.103717] ? check_preemption_disabled+0x48/0x280 [ 850.108741] ? __sb_end_write+0xd9/0x110 [ 850.112799] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 850.118345] ? fput+0x130/0x1a0 [ 850.121630] ? do_syscall_64+0x9a/0x820 [ 850.125598] ? do_syscall_64+0x9a/0x820 [ 850.129562] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 850.134152] ? trace_hardirqs_on+0xbd/0x310 [ 850.138502] ? __ia32_sys_read+0xb0/0xb0 [ 850.142555] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 850.147913] ? trace_hardirqs_off_caller+0x300/0x300 [ 850.153011] __x64_sys_clone+0xbf/0x150 [ 850.156997] do_syscall_64+0x1b9/0x820 [ 850.160877] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 850.166231] ? syscall_return_slowpath+0x5e0/0x5e0 [ 850.171149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 850.176000] ? trace_hardirqs_on_caller+0x310/0x310 [ 850.181040] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 850.186049] ? prepare_exit_to_usermode+0x291/0x3b0 [ 850.191060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 850.195903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 850.201086] RIP: 0033:0x457569 [ 850.204273] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 850.223165] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 850.230883] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 850.238149] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 850.245428] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 850.252691] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 850.259964] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 850.270751] binder: undelivered TRANSACTION_ERROR: 29201 08:44:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xf6ffffff00000000}}) 08:44:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) lseek(r0, 0x0, 0x4) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000040)={0x2, 0x0, 0x1d, 0x7fff}, 0x8) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x86082, 0x0) bind$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x2710, @hyper}, 0x10) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:34 executing program 5 (fault-call:1 fault-nth:55): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:34 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xffffffff00000000}}) [ 850.521566] FAULT_INJECTION: forcing a failure. [ 850.521566] name failslab, interval 1, probability 0, space 0, times 0 [ 850.543731] binder: 32318:32326 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 850.543798] CPU: 1 PID: 32317 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 850.560308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 08:44:34 executing program 3: r0 = socket(0x7, 0x80800, 0x5) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)) r1 = timerfd_create(0x0, 0x0) r2 = dup(r1) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) setsockopt$inet6_int(r2, 0x29, 0x5f, &(0x7f00000000c0)=0x80, 0x4) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) [ 850.569432] binder: 32318:32326 got reply transaction with no transaction stack [ 850.569665] Call Trace: [ 850.569691] dump_stack+0x244/0x39d [ 850.569715] ? dump_stack_print_info.cold.1+0x20/0x20 [ 850.569742] should_fail.cold.4+0xa/0x17 [ 850.592646] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 850.597765] ? find_held_lock+0x36/0x1c0 [ 850.601854] ? zap_class+0x640/0x640 [ 850.602782] binder: 32318:32326 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 850.605582] ? lock_downgrade+0x900/0x900 [ 850.605610] ? find_held_lock+0x36/0x1c0 [ 850.605632] ? __lock_is_held+0xb5/0x140 [ 850.605667] ? perf_trace_sched_process_exec+0x860/0x860 [ 850.629261] binder: 32318:32326 got reply transaction with no transaction stack [ 850.631441] __should_failslab+0x124/0x180 [ 850.631463] should_failslab+0x9/0x14 [ 850.631483] kmem_cache_alloc+0x2be/0x730 [ 850.651115] ? dup_userfaultfd+0x6d8/0x890 [ 850.652759] 9pnet: Insufficient options for proto=fd [ 850.655437] anon_vma_fork+0x196/0x820 [ 850.655460] ? anon_vma_clone+0x710/0x710 08:44:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 850.655479] ? vm_area_dup+0x1a8/0x230 [ 850.655499] ? vm_area_alloc+0x1d0/0x1d0 [ 850.676572] copy_process+0x47cc/0x8770 [ 850.680598] ? __cleanup_sighand+0x70/0x70 [ 850.684852] ? perf_trace_lock_acquire+0x15b/0x800 [ 850.689805] ? print_usage_bug+0xc0/0xc0 [ 850.693890] ? ima_match_policy+0x848/0x1560 [ 850.698317] ? check_preemption_disabled+0x48/0x280 [ 850.703351] ? print_usage_bug+0xc0/0xc0 [ 850.707440] ? kasan_check_read+0x11/0x20 [ 850.711609] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 850.716910] ? __lock_acquire+0x62f/0x4c20 08:44:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@mcast2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000040)=0xe8) sendmsg$can_raw(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)=@canfd={{0x5, 0xf14, 0x7, 0xfffffffffffffffe}, 0x34, 0x1, 0x0, 0x0, "52387ee9a1a95a2b97372a7db2380ba12236fc2c3e120146c77aed30f8f931e388481df59af5cd874abc22a4e5954c3de159562aafc53b8d0d8805ae3fd4d60c"}, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x20000000) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 850.721185] ? mark_held_locks+0x130/0x130 [ 850.725464] ? mark_held_locks+0x130/0x130 [ 850.729721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.735275] ? check_preemption_disabled+0x48/0x280 [ 850.740313] ? debug_smp_processor_id+0x1c/0x20 [ 850.744874] binder: 32339:32340 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 850.744999] ? print_usage_bug+0xc0/0xc0 [ 850.757105] ? check_preemption_disabled+0x48/0x280 [ 850.762140] ? print_usage_bug+0xc0/0xc0 [ 850.766231] ? perf_trace_lock_acquire+0x15b/0x800 08:44:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50, 0xfffffffffffffffe, 0x5, {0x7, 0x1b, 0x0, 0xe1c1c0b5b1a6830b, 0x8, 0x100000000, 0xffff, 0xddd}}, 0x50) [ 850.768226] binder: 32339:32340 got reply transaction with no transaction stack [ 850.771177] ? zap_class+0x640/0x640 [ 850.771221] ? __lock_acquire+0x62f/0x4c20 [ 850.771250] ? mark_held_locks+0x130/0x130 [ 850.790877] ? __lock_acquire+0x62f/0x4c20 [ 850.795124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.800676] ? check_preemption_disabled+0x48/0x280 [ 850.805711] ? dput.part.25+0x241/0x860 [ 850.809703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.815260] ? check_preemption_disabled+0x48/0x280 08:44:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 850.820295] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.825858] ? mark_held_locks+0x130/0x130 [ 850.830607] ? zap_class+0x640/0x640 [ 850.834340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.839896] ? check_preemption_disabled+0x48/0x280 [ 850.844934] ? debug_smp_processor_id+0x1c/0x20 [ 850.849625] ? perf_trace_lock_acquire+0x15b/0x800 [ 850.854590] ? perf_trace_lock+0x7a0/0x7a0 [ 850.858835] ? find_held_lock+0x36/0x1c0 [ 850.862918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.868475] ? _parse_integer+0x134/0x180 08:44:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0x50, &(0x7f00000000c0)={0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)=r2, 0x4) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 850.872646] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 850.878206] ? _kstrtoull+0x188/0x250 [ 850.882026] ? _parse_integer+0x180/0x180 [ 850.886198] ? zap_class+0x640/0x640 [ 850.889931] ? lock_release+0xa10/0xa10 [ 850.893927] ? find_held_lock+0x36/0x1c0 [ 850.898004] ? zap_class+0x640/0x640 [ 850.901735] ? get_pid_task+0xd6/0x1a0 [ 850.905643] ? lock_downgrade+0x900/0x900 [ 850.909806] ? check_preemption_disabled+0x48/0x280 [ 850.914847] ? find_held_lock+0x36/0x1c0 [ 850.918935] ? __f_unlock_pos+0x19/0x20 [ 850.922930] ? lock_downgrade+0x900/0x900 [ 850.927097] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 850.932653] ? proc_fail_nth_write+0x9e/0x210 [ 850.937165] ? proc_cwd_link+0x1d0/0x1d0 [ 850.941256] ? find_held_lock+0x36/0x1c0 [ 850.945343] _do_fork+0x1cb/0x11c0 [ 850.948900] ? fork_idle+0x1d0/0x1d0 [ 850.952628] ? __lock_is_held+0xb5/0x140 [ 850.956710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.962269] ? check_preemption_disabled+0x48/0x280 [ 850.967311] ? __sb_end_write+0xd9/0x110 [ 850.971393] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 850.976959] ? fput+0x130/0x1a0 [ 850.980257] ? do_syscall_64+0x9a/0x820 [ 850.984247] ? do_syscall_64+0x9a/0x820 [ 850.988242] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 850.992849] ? trace_hardirqs_on+0xbd/0x310 [ 850.997187] ? __ia32_sys_read+0xb0/0xb0 [ 851.001264] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 851.006646] ? trace_hardirqs_off_caller+0x300/0x300 [ 851.011767] __x64_sys_clone+0xbf/0x150 [ 851.015763] do_syscall_64+0x1b9/0x820 [ 851.019662] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 851.025042] ? syscall_return_slowpath+0x5e0/0x5e0 [ 851.029977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 851.034811] ? trace_hardirqs_on_caller+0x310/0x310 [ 851.039836] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 851.044841] ? prepare_exit_to_usermode+0x291/0x3b0 [ 851.049847] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 851.054686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 851.059866] RIP: 0033:0x457569 [ 851.063047] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 851.081935] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 851.089630] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 851.096898] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 851.104167] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 851.111432] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 08:44:34 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x1000000000000000}}) 08:44:34 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) clock_gettime(0x0, &(0x7f0000000040)) clock_gettime(0x0, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000140)) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f00000002c0)={{}, {r2, r3+30000000}}, &(0x7f0000000240)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:34 executing program 5 (fault-call:1 fault-nth:56): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) gettid() bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f00000000c0)={@host}) tkill(r0, 0x1004000000016) [ 851.118688] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 [ 851.228346] FAULT_INJECTION: forcing a failure. [ 851.228346] name failslab, interval 1, probability 0, space 0, times 0 [ 851.240154] CPU: 0 PID: 32362 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 851.248667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 851.258037] Call Trace: [ 851.260632] dump_stack+0x244/0x39d [ 851.264282] ? dump_stack_print_info.cold.1+0x20/0x20 [ 851.269469] should_fail.cold.4+0xa/0x17 [ 851.273526] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 851.278625] ? save_stack+0xa9/0xd0 [ 851.282287] ? kasan_kmalloc+0xc7/0xe0 [ 851.286212] ? kasan_slab_alloc+0x12/0x20 [ 851.290367] ? kmem_cache_alloc+0x12e/0x730 [ 851.294695] ? anon_vma_fork+0x196/0x820 [ 851.298746] ? copy_process+0x47cc/0x8770 [ 851.302891] ? _do_fork+0x1cb/0x11c0 [ 851.306600] ? zap_class+0x640/0x640 [ 851.310331] ? find_held_lock+0x36/0x1c0 [ 851.314410] ? __lock_is_held+0xb5/0x140 [ 851.318518] ? tipc_nl_node_get_monitor+0x548/0x940 [ 851.323556] ? perf_trace_sched_process_exec+0x860/0x860 [ 851.329020] __should_failslab+0x124/0x180 [ 851.333261] should_failslab+0x9/0x14 [ 851.337068] kmem_cache_alloc+0x2be/0x730 [ 851.341215] ? dup_userfaultfd+0x6d8/0x890 [ 851.345448] ? anon_vma_fork+0x196/0x820 [ 851.349514] anon_vma_fork+0x2c9/0x820 [ 851.353421] ? anon_vma_clone+0x710/0x710 [ 851.357591] ? vm_area_dup+0x1a8/0x230 [ 851.361471] ? vm_area_alloc+0x1d0/0x1d0 [ 851.365530] copy_process+0x47cc/0x8770 [ 851.369539] ? __cleanup_sighand+0x70/0x70 [ 851.373805] ? perf_trace_lock_acquire+0x15b/0x800 08:44:35 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x400000000000000}}) 08:44:35 executing program 3: r0 = timerfd_create(0xfffffffffffffffd, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x1, 0x5, 0x0, 0x2}) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x80000000, @local, 0x9}, 0x1c) 08:44:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 851.378764] ? print_usage_bug+0xc0/0xc0 [ 851.382845] ? ima_match_policy+0x848/0x1560 [ 851.387269] ? check_preemption_disabled+0x48/0x280 [ 851.392305] ? print_usage_bug+0xc0/0xc0 [ 851.396382] ? kasan_check_read+0x11/0x20 [ 851.400554] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 851.405852] ? __lock_acquire+0x62f/0x4c20 [ 851.410125] ? mark_held_locks+0x130/0x130 [ 851.414395] ? mark_held_locks+0x130/0x130 [ 851.418668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.424232] ? check_preemption_disabled+0x48/0x280 [ 851.429267] ? debug_smp_processor_id+0x1c/0x20 [ 851.433949] ? print_usage_bug+0xc0/0xc0 [ 851.438024] ? check_preemption_disabled+0x48/0x280 [ 851.443054] ? print_usage_bug+0xc0/0xc0 [ 851.447142] ? perf_trace_lock_acquire+0x15b/0x800 [ 851.452089] ? zap_class+0x640/0x640 [ 851.455845] ? __lock_acquire+0x62f/0x4c20 [ 851.460095] ? mark_held_locks+0x130/0x130 [ 851.464328] ? __lock_acquire+0x62f/0x4c20 [ 851.468570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.474125] ? check_preemption_disabled+0x48/0x280 08:44:35 executing program 4: r0 = gettid() r1 = memfd_create(&(0x7f0000000240)="99766d6e6574306e6f6465762500", 0x2) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000000200)={0x5, 0x8, 0x51, 0x100000001, 0xffffffffffffffff}) write$FUSE_LK(r1, &(0x7f0000000280)={0x28, 0xfffffffffffffff5, 0x6, {{0x1a0, 0xcc, 0x2, r0}}}, 0x28) timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0}, &(0x7f0000000300)=0xc) ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000400)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x4, 0x2, @tid=r3}, &(0x7f0000000380)) r4 = socket$vsock_stream(0x28, 0x1, 0x0) r5 = dup2(r4, r2) connect$vsock_stream(r5, &(0x7f0000000440)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) getsockname$llc(r5, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f00000003c0)=0x10) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000000c0)={r4}) getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xd, &(0x7f0000000100)=0x80000004, &(0x7f00000001c0)=0x23) 08:44:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 851.479156] ? dput.part.25+0x241/0x860 [ 851.483141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.488696] ? check_preemption_disabled+0x48/0x280 [ 851.493729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.499636] ? mark_held_locks+0x130/0x130 [ 851.503909] ? zap_class+0x640/0x640 [ 851.507640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.513197] ? check_preemption_disabled+0x48/0x280 [ 851.518237] ? debug_smp_processor_id+0x1c/0x20 [ 851.522924] ? perf_trace_lock_acquire+0x15b/0x800 [ 851.527882] ? perf_trace_lock+0x7a0/0x7a0 [ 851.532134] ? find_held_lock+0x36/0x1c0 [ 851.536213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.541777] ? _parse_integer+0x134/0x180 [ 851.545946] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 851.551499] ? _kstrtoull+0x188/0x250 [ 851.555319] ? _parse_integer+0x180/0x180 [ 851.559484] ? zap_class+0x640/0x640 [ 851.563220] ? lock_release+0xa10/0xa10 [ 851.567218] ? find_held_lock+0x36/0x1c0 [ 851.571296] ? zap_class+0x640/0x640 [ 851.575037] ? get_pid_task+0xd6/0x1a0 08:44:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 851.578943] ? lock_downgrade+0x900/0x900 [ 851.583109] ? check_preemption_disabled+0x48/0x280 [ 851.588150] ? find_held_lock+0x36/0x1c0 [ 851.592234] ? __f_unlock_pos+0x19/0x20 [ 851.596222] ? lock_downgrade+0x900/0x900 [ 851.600736] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 851.606296] ? proc_fail_nth_write+0x9e/0x210 [ 851.610804] ? proc_cwd_link+0x1d0/0x1d0 [ 851.614915] ? find_held_lock+0x36/0x1c0 [ 851.618996] _do_fork+0x1cb/0x11c0 [ 851.622561] ? fork_idle+0x1d0/0x1d0 [ 851.626297] ? __lock_is_held+0xb5/0x140 08:44:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 851.630384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.635951] ? check_preemption_disabled+0x48/0x280 [ 851.640990] ? __sb_end_write+0xd9/0x110 [ 851.645072] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 851.650626] ? fput+0x130/0x1a0 [ 851.653920] ? do_syscall_64+0x9a/0x820 [ 851.657907] ? do_syscall_64+0x9a/0x820 [ 851.661894] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 851.666493] ? trace_hardirqs_on+0xbd/0x310 [ 851.670830] ? __ia32_sys_read+0xb0/0xb0 [ 851.674907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 851.680292] ? trace_hardirqs_off_caller+0x300/0x300 [ 851.685430] __x64_sys_clone+0xbf/0x150 [ 851.689437] do_syscall_64+0x1b9/0x820 [ 851.693337] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 851.698904] ? syscall_return_slowpath+0x5e0/0x5e0 [ 851.703848] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 851.708718] ? trace_hardirqs_on_caller+0x310/0x310 [ 851.713751] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 851.718787] ? prepare_exit_to_usermode+0x291/0x3b0 [ 851.723822] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 851.728699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 851.733898] RIP: 0033:0x457569 [ 851.737109] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 851.756018] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 851.763735] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 851.771003] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 851.778279] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 851.785556] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 851.792839] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:35 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x300000000000000}}) 08:44:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:35 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000340)={0x3, 0x4, 0x8000, 0x3f49, 0x1b6dcdf, 0x7, 0x52a8, 0x2}, &(0x7f0000000380)={0x3ff, 0x9, 0x10000, 0xffffffff, 0x9, 0xe2, 0x2, 0x5}, &(0x7f00000003c0)={0x7, 0x8, 0x8001, 0x9, 0x5, 0x5b7, 0xffff, 0x7}, &(0x7f0000000440)={r2, r3+30000000}, &(0x7f00000004c0)={&(0x7f0000000480)={0x8}, 0x8}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000500)) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) signalfd4(r4, &(0x7f00000001c0), 0x8, 0x80000) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2, @my}, 0x10) r5 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xffff, 0x10000) ioctl$KVM_S390_INTERRUPT_CPU(r5, 0x4010ae94, &(0x7f0000000100)={0xfd, 0xffffffff, 0x2f}) getsockopt$inet_dccp_buf(r5, 0x21, 0x0, &(0x7f0000000240)=""/95, &(0x7f00000002c0)=0x5f) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000014) 08:44:35 executing program 5 (fault-call:1 fault-nth:57): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:35 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timerfd_settime(r1, 0x0, &(0x7f0000000140)={{r2, r3+30000000}}, &(0x7f00000001c0)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, 0xfffffffffffffffd) [ 852.036662] FAULT_INJECTION: forcing a failure. [ 852.036662] name failslab, interval 1, probability 0, space 0, times 0 [ 852.115216] CPU: 0 PID: 32393 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 852.123755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.133112] Call Trace: [ 852.135730] dump_stack+0x244/0x39d [ 852.139386] ? dump_stack_print_info.cold.1+0x20/0x20 [ 852.144614] should_fail.cold.4+0xa/0x17 [ 852.148697] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 852.153817] ? find_held_lock+0x36/0x1c0 [ 852.157905] ? zap_class+0x640/0x640 [ 852.161632] ? lock_downgrade+0x900/0x900 [ 852.165798] ? find_held_lock+0x36/0x1c0 [ 852.169870] ? __lock_is_held+0xb5/0x140 [ 852.173936] ? legacy_validate+0x178/0x220 [ 852.178194] ? perf_trace_sched_process_exec+0x860/0x860 [ 852.183665] __should_failslab+0x124/0x180 [ 852.187918] should_failslab+0x9/0x14 [ 852.191724] kmem_cache_alloc+0x2be/0x730 [ 852.195886] ? dup_userfaultfd+0x6d8/0x890 [ 852.200150] anon_vma_fork+0x196/0x820 [ 852.204049] ? anon_vma_clone+0x710/0x710 [ 852.208212] ? vm_area_dup+0x1a8/0x230 [ 852.212111] ? vm_area_alloc+0x1d0/0x1d0 [ 852.216195] copy_process+0x47cc/0x8770 [ 852.220216] ? __cleanup_sighand+0x70/0x70 [ 852.224470] ? perf_trace_lock_acquire+0x15b/0x800 [ 852.229418] ? print_usage_bug+0xc0/0xc0 [ 852.233495] ? ima_match_policy+0x848/0x1560 [ 852.237912] ? check_preemption_disabled+0x48/0x280 [ 852.242935] ? print_usage_bug+0xc0/0xc0 [ 852.247007] ? kasan_check_read+0x11/0x20 [ 852.251162] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 852.256451] ? __lock_acquire+0x62f/0x4c20 [ 852.260732] ? mark_held_locks+0x130/0x130 [ 852.264996] ? mark_held_locks+0x130/0x130 [ 852.269242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.274786] ? check_preemption_disabled+0x48/0x280 [ 852.279812] ? debug_smp_processor_id+0x1c/0x20 [ 852.284488] ? print_usage_bug+0xc0/0xc0 [ 852.288555] ? check_preemption_disabled+0x48/0x280 [ 852.293577] ? print_usage_bug+0xc0/0xc0 [ 852.297660] ? perf_trace_lock_acquire+0x15b/0x800 [ 852.302602] ? zap_class+0x640/0x640 [ 852.306345] ? __lock_acquire+0x62f/0x4c20 [ 852.310603] ? mark_held_locks+0x130/0x130 [ 852.314852] ? __lock_acquire+0x62f/0x4c20 [ 852.319093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.324634] ? check_preemption_disabled+0x48/0x280 [ 852.329656] ? dput.part.25+0x241/0x860 [ 852.333644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.339189] ? check_preemption_disabled+0x48/0x280 [ 852.344213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.349767] ? mark_held_locks+0x130/0x130 [ 852.354027] ? zap_class+0x640/0x640 [ 852.357754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.363314] ? check_preemption_disabled+0x48/0x280 [ 852.368342] ? debug_smp_processor_id+0x1c/0x20 [ 852.373015] ? perf_trace_lock_acquire+0x15b/0x800 [ 852.377966] ? perf_trace_lock+0x7a0/0x7a0 [ 852.382205] ? find_held_lock+0x36/0x1c0 [ 852.386274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.391821] ? _parse_integer+0x134/0x180 [ 852.395984] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 852.401526] ? _kstrtoull+0x188/0x250 [ 852.405334] ? _parse_integer+0x180/0x180 [ 852.409492] ? zap_class+0x640/0x640 [ 852.413210] ? lock_release+0xa10/0xa10 [ 852.417199] ? find_held_lock+0x36/0x1c0 [ 852.421268] ? zap_class+0x640/0x640 [ 852.424990] ? get_pid_task+0xd6/0x1a0 [ 852.428887] ? lock_downgrade+0x900/0x900 [ 852.433041] ? check_preemption_disabled+0x48/0x280 [ 852.438073] ? find_held_lock+0x36/0x1c0 [ 852.442149] ? __f_unlock_pos+0x19/0x20 [ 852.446131] ? lock_downgrade+0x900/0x900 [ 852.450289] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 852.455836] ? proc_fail_nth_write+0x9e/0x210 [ 852.460337] ? proc_cwd_link+0x1d0/0x1d0 [ 852.464424] ? find_held_lock+0x36/0x1c0 [ 852.468505] _do_fork+0x1cb/0x11c0 [ 852.472062] ? fork_idle+0x1d0/0x1d0 [ 852.475788] ? __lock_is_held+0xb5/0x140 [ 852.479867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.485422] ? check_preemption_disabled+0x48/0x280 [ 852.490451] ? __sb_end_write+0xd9/0x110 [ 852.494528] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 852.500072] ? fput+0x130/0x1a0 [ 852.503359] ? do_syscall_64+0x9a/0x820 [ 852.507337] ? do_syscall_64+0x9a/0x820 [ 852.511317] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 852.515907] ? trace_hardirqs_on+0xbd/0x310 [ 852.520238] ? __ia32_sys_read+0xb0/0xb0 [ 852.524304] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 852.529684] ? trace_hardirqs_off_caller+0x300/0x300 [ 852.534798] __x64_sys_clone+0xbf/0x150 [ 852.538787] do_syscall_64+0x1b9/0x820 [ 852.542687] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 852.548059] ? syscall_return_slowpath+0x5e0/0x5e0 [ 852.552993] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 852.557843] ? trace_hardirqs_on_caller+0x310/0x310 [ 852.562865] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 852.567888] ? prepare_exit_to_usermode+0x291/0x3b0 [ 852.572917] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 852.577794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 852.583007] RIP: 0033:0x457569 [ 852.586207] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 852.605110] RSP: 002b:00007f057d3cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 852.612826] RAX: ffffffffffffffda RBX: 00007f057d3cfc90 RCX: 0000000000457569 [ 852.620101] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 852.627375] RBP: 000000000072bf00 R08: 0000000020000480 R09: 0000000000000000 [ 852.634653] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3d06d4 [ 852.641928] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:36 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xf6ffffff}}) 08:44:36 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x8}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000100)={r2, 0x9, 0x82, "602a1b4d1708f05e486e194b1e66bc3fd2a40e8682b952a9b8c98045c10431e52d20bfb84dde86ab8619d04020fa138881e9f3b021a4ed4bb41ca7e6d13f7305ec11a1db516ba858cb97dac32968b2924b658dc352e02c976e7a6d0f374687c96685eb17bd33036e06ce16836257a4fe59a976ea18ed0498e37c3e12edc7462b5539"}, 0x8a) timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x77359400}}, &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x0, 0x200000000000, 0x0, 0x0, 0x9}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000001c0)={0x0, @aes128, 0x1, "23ae185d953b1c43"}) 08:44:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:36 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000540), &(0x7f0000000580)=0x0) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000680)=0x0, &(0x7f00000006c0), &(0x7f0000000700)) r6 = geteuid() syz_mount_image$ntfs(&(0x7f00000001c0)='ntfs\x00', &(0x7f0000000240)='./file0\x00', 0x3, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000280)="d25f5f330fa33579a95f4804c69215f3d67a6fa8f83029e7016c48ffd0d1a651700e1d8fae7687c5425b", 0x2a, 0x80000000}, {&(0x7f0000000340)="8e35b382f83a97f7852329a5af10675aa1aa1efe4fd489a3f8bd5d79a8c0e0e95945642258c664d8ba4a25c574c13c8f7666c6a72906a39017cbeb755fbebf8691a1ce36fc6b165c81b4b75ba81375ed4f295619c456be1289725bff938ea6a23856a917a74e851543c899639a86734022088d73e257b8a7eddef9e5e08b29fd768c00512089fb6ea477506e83007a740c1fb4f8bdfe8497a53f54055ec1bbf828d44b81fc0092eea00673ccd8484083efd684b1bd033bfaf3", 0xb9, 0x2}, {&(0x7f0000000400)="ba2c2e438988c9d9d7759d61d61c3e8621ad2e4cd204ef9a26350aed2661410ebe83473d6f668c0f238adfe1bc31884828aadc55cd2aadb4b76c0eeaad64557f0a4e2c6dc1a9decd8a35b11dbe026cec66dc8f1b22d77dcd1403843b0ae1ffc7654259dc8ce89983d0c231659812a3f0f11e3d0b2fcad9911482195055731cfcf78f0da81cf9e9656f69c462528d7dcc8dee56aad704a08c804768d83071a8", 0x9f, 0x2}], 0x20, &(0x7f0000000740)={[{@errors_recover='errors=recover'}, {@errors_continue='errors=continue'}, {@show_sys_files_no='show_sys_files=no'}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@utf8='utf8'}, {@show_sys_files_no='show_sys_files=no'}, {@uid={'uid', 0x3d, r3}}, {@nls={'nls', 0x3d, 'iso8859-15'}}, {@case_sensitive_yes='case_sensitive=yes'}, {@dmask={'dmask', 0x3d, 0x8}}], [{@dont_measure='dont_measure'}, {@euid_gt={'euid>', r4}}, {@smackfsroot={'smackfsroot', 0x3d, ')%]user'}}, {@measure='measure'}, {@euid_eq={'euid', 0x3d, r5}}, {@uid_lt={'uid<', r6}}]}) r7 = syz_open_dev$vcsa(&(0x7f0000000880)='/dev/vcsa#\x00', 0x2825, 0x200000) ioctl$PIO_FONTX(r7, 0x4b6c, &(0x7f00000008c0)="7263ab609fb9e1ea855f4cd712e2db1021b30ec48dbe2528b2f3d1160c56f3457b309167be9286448aaa46153475f63b14") connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r8 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4201, 0x6) setsockopt$bt_l2cap_L2CAP_LM(r8, 0x6, 0x3, &(0x7f0000000100)=0x26, 0x4) connect$vsock_stream(r8, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0xffffffffffffffbe) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:36 executing program 5 (fault-call:1 fault-nth:58): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 852.782723] binder_transaction: 10 callbacks suppressed [ 852.782742] binder: 32406:32411 transaction failed 29201/-71, size 1744830464-0 line 2741 08:44:36 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x301280, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e22, @local}}, 0x4, 0xffffffffffffff9c}, &(0x7f0000000580)=0x90) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f00000005c0)={r2, 0x4}, 0x8) r3 = dup(r0) timerfd_settime(r3, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 852.828382] binder_release_work: 10 callbacks suppressed [ 852.828389] binder: undelivered TRANSACTION_ERROR: 29201 08:44:36 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2000}}) 08:44:36 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='fd/4\x00') r1 = accept4$unix(r0, 0x0, &(0x7f0000000180), 0x800) timerfd_create(0x0, 0x0) r2 = dup(r1) syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0xa75, 0x100) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ustat(0x6, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) write$P9_RWALK(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="570000006f010006002400000000010000000000000008040000000700000000000000000300000004000000000000004103000000040000000000000005004a8a00000000f55b8f4dcc56afa2e8b7ea0001000000b00a7d960c1e95010000000000000040e20447dde3b43d4ced776305d0ca094fe22a8a62a6b11f878ccc52c12e421cfec0d5c21f20af00970e45db58ec52cd5ea0ad9c9d87b1486851fe651dc61a7233f8cb4b255b8006a9a3e2d8edf80c8ae9c919404ed9335027c64d59cb658a82eec692f3c12ce949c532b1d53e77559fe1a7a57b0a7638b3fb8ea98d8e3ab313"], 0x57) 08:44:36 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 852.932830] binder: 32424:32425 transaction failed 29201/-71, size 1207959552-0 line 2741 [ 852.953626] binder: undelivered TRANSACTION_ERROR: 29201 08:44:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:36 executing program 3: r0 = timerfd_create(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 853.052061] binder: 32433:32435 transaction failed 29201/-71, size 1280-0 line 2741 [ 853.074681] binder: undelivered TRANSACTION_ERROR: 29201 [ 853.291209] FAULT_INJECTION: forcing a failure. [ 853.291209] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 853.303299] CPU: 1 PID: 32417 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 853.311805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.321162] Call Trace: [ 853.323779] dump_stack+0x244/0x39d [ 853.327446] ? dump_stack_print_info.cold.1+0x20/0x20 [ 853.332652] ? debug_smp_processor_id+0x1c/0x20 [ 853.337335] ? perf_trace_lock_acquire+0x15b/0x800 [ 853.342272] ? mem_cgroup_from_task+0x1f0/0x1f0 [ 853.346953] should_fail.cold.4+0xa/0x17 [ 853.351027] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 853.356144] ? find_held_lock+0x36/0x1c0 [ 853.360223] ? zap_class+0x640/0x640 [ 853.363954] ? zap_class+0x640/0x640 [ 853.367686] ? mark_held_locks+0x130/0x130 [ 853.371934] ? check_preemption_disabled+0x48/0x280 [ 853.376978] ? __lock_is_held+0xb5/0x140 [ 853.381041] ? __irqentry_text_end+0xefcc8/0x1f9688 [ 853.386054] ? lock_release+0xa10/0xa10 [ 853.390021] ? perf_trace_sched_process_exec+0x860/0x860 [ 853.395490] ? __might_sleep+0x95/0x190 [ 853.399475] __alloc_pages_nodemask+0x34b/0xdd0 [ 853.404157] ? check_preemption_disabled+0x48/0x280 [ 853.409184] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 853.414205] ? __pud_alloc+0x1db/0x240 [ 853.418082] ? lock_downgrade+0x900/0x900 [ 853.422229] ? kasan_check_read+0x11/0x20 [ 853.426380] ? do_raw_spin_unlock+0xa7/0x330 [ 853.430789] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 853.436329] alloc_pages_current+0x173/0x350 [ 853.440742] __pmd_alloc+0x3e/0x450 [ 853.444370] ? __pud_alloc+0x1e0/0x240 [ 853.448268] copy_page_range+0x1f6c/0x2ee0 [ 853.452513] ? mark_held_locks+0x130/0x130 [ 853.456743] ? rcu_softirq_qs+0x20/0x20 [ 853.460724] ? unwind_dump+0x190/0x190 [ 853.464624] ? rb_insert_color_cached+0x14b0/0x14b0 [ 853.469655] ? __pmd_alloc+0x450/0x450 [ 853.473551] ? __rb_insert_augmented+0x3b2/0x1890 [ 853.478389] ? rb_insert_color_cached+0x14b0/0x14b0 [ 853.483410] ? save_stack+0xa9/0xd0 [ 853.487028] ? zap_class+0x640/0x640 [ 853.490729] ? kasan_kmalloc+0xc7/0xe0 [ 853.494615] ? kasan_slab_alloc+0x12/0x20 [ 853.498765] ? kmem_cache_alloc+0x12e/0x730 [ 853.503076] ? zap_class+0x640/0x640 [ 853.506778] ? __x64_sys_clone+0xbf/0x150 [ 853.510917] ? do_syscall_64+0x1b9/0x820 [ 853.514968] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.520325] ? find_held_lock+0x36/0x1c0 [ 853.524410] ? anon_vma_fork+0x5ef/0x820 [ 853.528471] ? lock_downgrade+0x900/0x900 [ 853.532714] ? lock_release+0xa10/0xa10 [ 853.536702] ? perf_trace_sched_process_exec+0x860/0x860 [ 853.542148] ? __lock_is_held+0xb5/0x140 [ 853.546225] ? up_write+0x7b/0x220 [ 853.549755] ? down_write_nested+0x130/0x130 [ 853.554157] ? anon_vma_interval_tree_insert+0x2c9/0x370 [ 853.559613] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 853.564618] ? vma_compute_subtree_gap+0x160/0x240 [ 853.569539] ? validate_mm_rb+0xaa/0xc0 [ 853.573516] ? __vma_link_rb+0x26c/0x370 [ 853.577583] copy_process+0x4726/0x8770 [ 853.581575] ? __cleanup_sighand+0x70/0x70 [ 853.585807] ? perf_trace_lock_acquire+0x15b/0x800 [ 853.590728] ? print_usage_bug+0xc0/0xc0 [ 853.594784] ? ima_match_policy+0x848/0x1560 [ 853.599192] ? check_preemption_disabled+0x48/0x280 [ 853.604203] ? print_usage_bug+0xc0/0xc0 [ 853.608261] ? kasan_check_read+0x11/0x20 [ 853.612409] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 853.617683] ? __lock_acquire+0x62f/0x4c20 [ 853.621951] ? mark_held_locks+0x130/0x130 [ 853.626191] ? mark_held_locks+0x130/0x130 [ 853.630430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.635959] ? check_preemption_disabled+0x48/0x280 [ 853.640985] ? debug_smp_processor_id+0x1c/0x20 [ 853.645654] ? print_usage_bug+0xc0/0xc0 [ 853.649734] ? check_preemption_disabled+0x48/0x280 [ 853.654766] ? print_usage_bug+0xc0/0xc0 [ 853.658851] ? perf_trace_lock_acquire+0x15b/0x800 [ 853.663794] ? zap_class+0x640/0x640 [ 853.667547] ? __lock_acquire+0x62f/0x4c20 [ 853.671809] ? mark_held_locks+0x130/0x130 [ 853.676062] ? __lock_acquire+0x62f/0x4c20 [ 853.680315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.685864] ? check_preemption_disabled+0x48/0x280 [ 853.690893] ? dput.part.25+0x241/0x860 [ 853.694891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.700578] ? check_preemption_disabled+0x48/0x280 [ 853.705614] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.711185] ? mark_held_locks+0x130/0x130 [ 853.715461] ? zap_class+0x640/0x640 [ 853.719196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.724747] ? check_preemption_disabled+0x48/0x280 [ 853.729782] ? debug_smp_processor_id+0x1c/0x20 [ 853.734465] ? perf_trace_lock_acquire+0x15b/0x800 08:44:37 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x8cffffff00000000}}) 08:44:37 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:37 executing program 4: r0 = gettid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000680)={{{@in6=@mcast2, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@mcast1}}, &(0x7f00000002c0)=0xe8) syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x6, &(0x7f00000005c0)=[{&(0x7f0000000240)="e5296ac06490abab6e16d2ea77ad2037e8015dd6ba460c0241704fe56ffc26b0a9ec18e897cb491c63e0ee4d7baf817293d7b47064d5bd21ef7b759590d617a30730fbdd8173e52c78946c8939702a7b7a563b31beb4b8cbd8d599eec715ab6721", 0x61, 0xcd45}, {&(0x7f00000001c0)="8eee974ede04afa1df83c857a582ee8b5bcf4fb7db03405c920a9d7dfa1f94ed6b52", 0x22, 0x8001}, {&(0x7f0000000340)="04fc53af74a1f709effcf793ed911fd652abf8caeb6b6cd31627763649dc8e9bfaa1b26e643e4e3fc055b75ea88c5a01b95fc1dfb649bf800f22c64266bab6c682218804b85b41960823a560c6849b55222588e6256d1f11a504540a104f78ffb71e46e63a13fb552929449456c55babf5c577144fb951c9456fcfd6cf15e49bfad8dbd77cc9453855e905c05f43a6ade9925c9326633c112934e5f7fae85f318b76406dd7e6fe8044a4f970c61455c6db5efaab3f6e21ea99bd57856efa7e6b", 0xc0, 0x86}, {&(0x7f0000000400)="3fdda8c8af8b42a62283ad9d8f5395f2d0fae9511ea0437f293e39e2ab4324f6598e889b05bb0e217473aeebe7b4b1ba3ef84924cb57bc8abf7cb474001ae1285c654671c45bf75fa18003689e546167265fb1a43af28f046377c8a6f948efd73239af17d8de8a0641dd8828702d91e0662bd5282200c7ad6bf6748910edb9e17336ce32b033b2c8110d2f8d1ed2ec201810bd", 0x93, 0x102}, {&(0x7f00000004c0)="44f2827d8c75a08375ce302982f246d9ccdc3faf88906b68a736bb177885d9dd7877f1f762a0eddb6cd7e075086c3e3b5bcb7ce0934bd694b89de8fdb3da1811d336780ce4f3613b1c363a034ac659088548", 0x52, 0x5}, {&(0x7f0000000540)="3ee822830748524782d0c32818eaffa62ad98a0c0a281392d6c9959cb3630fbb8e831771691c9ab5043fdee9e2811c68bda660188bb4922db6b7ce0effed70c2dcfe9dea083fc2fe58b9ea39d6cb97b184341f2b06ede52b955b7e97960425", 0x5f, 0x200}], 0xd4000, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'iso8859-1'}}], [{@fsmagic={'fsmagic', 0x3d, 0x101}}, {@obj_user={'obj_user', 0x3d, '/dev/vhost-vsock\x00'}}, {@audit='audit'}, {@uid_gt={'uid>', r1}}, {@seclabel='seclabel'}, {@subj_type={'subj_type', 0x3d, '/dev/vhost-vsock\x00'}}]}) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000840)='/dev/rtc0\x00', 0x40, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000880), &(0x7f00000008c0)=0xc) timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x0}) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f0000000900)) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 853.739436] ? perf_trace_lock+0x7a0/0x7a0 [ 853.743693] ? find_held_lock+0x36/0x1c0 [ 853.747773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.753327] ? _parse_integer+0x134/0x180 [ 853.757486] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 853.763028] ? _kstrtoull+0x188/0x250 [ 853.766843] ? _parse_integer+0x180/0x180 [ 853.771004] ? zap_class+0x640/0x640 [ 853.771023] ? lock_release+0xa10/0xa10 [ 853.771047] ? find_held_lock+0x36/0x1c0 [ 853.771066] ? zap_class+0x640/0x640 [ 853.771093] ? get_pid_task+0xd6/0x1a0 [ 853.778771] ? lock_downgrade+0x900/0x900 [ 853.778786] ? check_preemption_disabled+0x48/0x280 [ 853.778811] ? find_held_lock+0x36/0x1c0 [ 853.778838] ? __f_unlock_pos+0x19/0x20 [ 853.790054] binder_thread_write: 10 callbacks suppressed [ 853.790065] binder: 32443:32451 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 853.790479] ? lock_downgrade+0x900/0x900 [ 853.794856] binder_transaction: 10 callbacks suppressed [ 853.794867] binder: 32443:32451 got reply transaction with no transaction stack [ 853.799632] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 853.799648] ? proc_fail_nth_write+0x9e/0x210 [ 853.799664] ? proc_cwd_link+0x1d0/0x1d0 [ 853.799689] ? find_held_lock+0x36/0x1c0 [ 853.799714] _do_fork+0x1cb/0x11c0 [ 853.799743] ? fork_idle+0x1d0/0x1d0 [ 853.804188] binder: 32443:32451 transaction failed 29201/-71, size 1792-0 line 2741 [ 853.807770] ? __lock_is_held+0xb5/0x140 [ 853.807795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.807812] ? check_preemption_disabled+0x48/0x280 [ 853.807836] ? __sb_end_write+0xd9/0x110 [ 853.807858] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 853.807877] ? fput+0x130/0x1a0 [ 853.816058] binder: undelivered TRANSACTION_ERROR: 29201 [ 853.821364] ? do_syscall_64+0x9a/0x820 [ 853.821382] ? do_syscall_64+0x9a/0x820 [ 853.821410] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 853.821431] ? trace_hardirqs_on+0xbd/0x310 [ 853.821446] ? __ia32_sys_read+0xb0/0xb0 [ 853.821466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.931037] ? trace_hardirqs_off_caller+0x300/0x300 [ 853.936158] __x64_sys_clone+0xbf/0x150 [ 853.940160] do_syscall_64+0x1b9/0x820 [ 853.944064] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 853.949443] ? syscall_return_slowpath+0x5e0/0x5e0 [ 853.954375] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 853.959226] ? trace_hardirqs_on_caller+0x310/0x310 [ 853.964234] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 853.969247] ? prepare_exit_to_usermode+0x291/0x3b0 [ 853.974259] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 853.979116] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.984303] RIP: 0033:0x457569 [ 853.987494] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 854.006398] RSP: 002b:00007f057d3aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 854.014101] RAX: ffffffffffffffda RBX: 00007f057d3aec90 RCX: 0000000000457569 [ 854.021359] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000000000000 [ 854.028624] RBP: 000000000072bfa0 R08: 0000000020000480 R09: 0000000000000000 [ 854.035902] R10: 0000000020000300 R11: 0000000000000246 R12: 00007f057d3af6d4 08:44:37 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:37 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x200000, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000240)={@empty, 0x10a0, 0x0, 0x1, 0x1, 0x800, 0x9, 0xffff}, &(0x7f0000000280)=0x20) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000480)={0xffff, 0x7fff, 0x8, 0xd788, 0x5, 0x8}) prctl$setendian(0x14, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000100)=0x9) r2 = dup(r0) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) r3 = openat(r2, &(0x7f0000000200)='./file0\x00', 0x40, 0x120) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x200, 0x100, 0x0, 0x9, 0x11, 0x14, "9a21b95b1dceeb2680a34996a6b3039b7e0cbad48ac87dd1dffe1c0a71e531f018ce102f85145625d1c8bffe254af68b6f9867d54e5e18afefa3cd84d78447ae", "3cfa552d388935f89dbac480979f4c913b96a7045199b0b97886ebedd662c64e903be0ee01d9a2138f2b009955df04c4f7733abb5f8f37b69ee22a3b721a4620", "d773cbdd7835f7ed5a014b487fede27d0be97c378b03c8be6bdbcdf6994dc43c", [0x2, 0x8000]}) getsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000040), 0xfffffffffffffe2f) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f00000004c0)={0x0, 0x4}, &(0x7f0000000500)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000540)=@assoc_id=r4, &(0x7f0000000180)=0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000002c0)={0x10001, 0x5, 0x0, 0x40, 0x7, 0x5, 0x3, 0x3}, &(0x7f0000000440)=0x20) r5 = geteuid() ioprio_set$uid(0x3, r5, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={0x0, 0x3}, 0x8) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 854.043159] R13: 00000000004bd9e6 R14: 00000000004cc448 R15: 0000000000000003 08:44:37 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xc0ed0000}}) 08:44:37 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x200000012, 0x10000000}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x5, 0x400000) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x2, &(0x7f0000ffb000/0x3000)=nil) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) semget$private(0x0, 0x3, 0x6a) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f00000000c0)={'ifb0\x00', 0x5ee0}) setpriority(0x1, r0, 0x101) [ 854.088910] binder: 32456:32457 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 854.127328] binder: 32456:32457 got reply transaction with no transaction stack 08:44:37 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x8000000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:37 executing program 3: r0 = timerfd_create(0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000240)=0xe8) r2 = getegid() fchown(r0, r1, r2) r3 = dup(r0) timerfd_settime(r3, 0x3, &(0x7f0000000080), &(0x7f0000000300)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r3, 0x0, 0x1, &(0x7f0000000040)='\x00', 0xffffffffffffffff}, 0x30) r5 = fcntl$getown(r0, 0x9) rt_tgsigqueueinfo(r4, r5, 0x19, &(0x7f0000000100)={0x30, 0x40, 0xff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 854.155933] binder: 32456:32457 transaction failed 29201/-71, size 10-0 line 2741 [ 854.180665] binder: undelivered TRANSACTION_ERROR: 29201 [ 854.252811] binder: 32476:32477 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 854.261320] binder: 32476:32477 got reply transaction with no transaction stack [ 854.268947] binder: 32476:32477 transaction failed 29201/-71, size 4294967167-0 line 2741 [ 854.279057] binder: 32476:32477 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 854.279149] binder: undelivered TRANSACTION_ERROR: 29201 [ 854.287320] binder: 32476:32477 got reply transaction with no transaction stack [ 854.300333] binder: 32476:32477 transaction failed 29201/-71, size 4294967167-0 line 2741 [ 854.308863] binder: undelivered TRANSACTION_ERROR: 29201 08:44:38 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2000000}}) 08:44:38 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0xa20e1b000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:38 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:38 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0xf01f00, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 854.631646] binder: 32483:32484 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 08:44:38 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x679, {0x2, 0x4e21, @multicast2}, {0x2, 0x4e23, @rand_addr=0x9}, {0x2, 0x4e24, @broadcast}, 0x200, 0x1, 0x8, 0x7fffffff, 0xa8, &(0x7f0000000040)='team_slave_1\x00', 0x9, 0x2d2c, 0x3ff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:38 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x11, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 854.672593] binder: 32483:32484 got reply transaction with no transaction stack [ 854.699015] binder: 32483:32484 transaction failed 29201/-71, size 50331648-0 line 2741 [ 854.722144] binder: 32483:32484 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 854.732364] binder: undelivered TRANSACTION_ERROR: 29201 [ 854.742997] binder: 32483:32484 got reply transaction with no transaction stack [ 854.764017] binder: 32483:32484 transaction failed 29201/-71, size 50331648-0 line 2741 [ 854.777373] binder: undelivered TRANSACTION_ERROR: 29201 08:44:38 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x9}}) 08:44:40 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000040)={0x805, 0x9554, 0x8004}) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:40 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x20731e, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:40 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x9}}) 08:44:40 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x8cffffff00000000}}) 08:44:40 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x80000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:40 executing program 3: r0 = timerfd_create(0x0, 0x0) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000280)) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) syz_mount_image$ceph(&(0x7f0000000040)='ceph\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="66823cef29041db21df64892bbc2d48c42fe6ffdf3bb03ded045f85ec14d5b92fc5ec5ea52a855e9183f13425288a79cc8631fc600cd8ff320a6778ddbcbcaedf8d84b4f19c30ea791562acf56ccc616499e97a4e5f82667416102c0ccd79f0bd47e64a6288af17fb594e8c991939e06339ae985f205da37e8325a3f5db6fcef84bd5f9e5c490bda9682223e", 0x8c, 0x4}], 0x0, &(0x7f0000000240)='/dev/sequencer2\x00') ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000340)={0x6, 0x0, 0x3}) ioctl$TIOCNOTTY(r1, 0x5422) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x80200, 0x0) ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f0000000380)) socketpair$inet6(0xa, 0x4, 0x476dfeb, &(0x7f00000002c0)) [ 857.165569] binder: 32510:32515 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 857.190588] binder: 32510:32515 got reply transaction with no transaction stack [ 857.204452] binder: 32510:32515 transaction failed 29201/-71, size 536870912-0 line 2741 08:44:40 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x10000200, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:40 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040), 0x13f, 0x2}}, 0x20) 08:44:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 857.224170] binder: 32510:32515 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 857.224242] binder: undelivered TRANSACTION_ERROR: 29201 [ 857.253147] binder: 32510:32515 got reply transaction with no transaction stack 08:44:41 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x100000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:41 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x2000000000004e23, @multicast1}, 0x38) lookup_dcookie(0x2800, &(0x7f00000000c0)=""/35, 0x23) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:41 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f00000000c0)={{0x1000, 0x6}, 'port0\x00', 0x9, 0x0, 0x0, 0x41, 0x1, 0x7, 0x46, 0x0, 0x7, 0xfffffffffffffff8}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:41 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000180)=""/188, 0xbc}, {&(0x7f0000000480)=""/167, 0xa7}, {&(0x7f0000000340)=""/226, 0xe2}], 0x3) 08:44:41 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0xf01f0000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 857.365453] binder: 32536:32537 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 857.388483] binder: 32536:32537 got reply transaction with no transaction stack 08:44:41 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x6}}) 08:44:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:41 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_create(0xb, 0x80800) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:41 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x800000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:41 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) pread64(r1, &(0x7f0000000340)=""/203, 0xcb, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:41 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x200000000000000}}) 08:44:41 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) socket$inet6_sctp(0xa, 0x5, 0x84) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 858.053569] binder: 32560:32568 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 858.089699] binder: 32560:32568 got reply transaction with no transaction stack 08:44:41 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x1100000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:41 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f00000000c0)={0x28, 0x0, 0x0, @my}, 0x10) r3 = syz_open_procfs(r0, &(0x7f0000000080)='net/psched\x00') write$FUSE_INTERRUPT(r3, &(0x7f0000000100)={0x10, 0x0, 0x5}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) [ 858.113470] binder_transaction: 2 callbacks suppressed [ 858.113489] binder: 32560:32568 transaction failed 29201/-71, size 0-10 line 2741 08:44:41 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) getsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000040)={@multicast1, @local, @local}, &(0x7f00000000c0)=0xc) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 858.156068] binder_release_work: 2 callbacks suppressed [ 858.156076] binder: undelivered TRANSACTION_ERROR: 29201 08:44:41 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x50e600, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 858.239801] binder: 32587:32588 transaction failed 29201/-71, size 0-3 line 2741 [ 858.256622] binder: undelivered TRANSACTION_ERROR: 29201 08:44:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:42 executing program 3: r0 = dup(0xffffffffffffffff) timerfd_settime(r0, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:42 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x200000000000000}}) 08:44:42 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)=0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x0}) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x88000, 0x90) r3 = socket$vsock_stream(0x28, 0x1, 0x0) timer_create(0x4, &(0x7f00000000c0)={0x0, 0x35, 0x4, @tid=r0}, &(0x7f0000000100)) connect$vsock_dgram(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_PVERSION(r4, 0x80045500, &(0x7f0000000340)) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) timer_settime(r1, 0x1, &(0x7f00000001c0)={{}, {0x0, 0x989680}}, &(0x7f0000000240)) 08:44:42 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x994cea7e0000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:42 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xf6ffffff}}) [ 858.984575] binder_thread_write: 1 callbacks suppressed [ 858.984586] binder: 32599:32600 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 08:44:42 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$LOOP_SET_FD(r1, 0x4c00, r1) syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x5, 0x141443) 08:44:42 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x10000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 859.035965] binder_transaction: 1 callbacks suppressed [ 859.035977] binder: 32599:32600 got reply transaction with no transaction stack [ 859.065384] binder: 32599:32600 transaction failed 29201/-71, size 0-432345564227567616 line 2741 [ 859.089199] binder: 32599:32600 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 859.089227] binder: undelivered TRANSACTION_ERROR: 29201 [ 859.098108] binder: 32599:32600 got reply transaction with no transaction stack [ 859.125420] binder: 32599:32600 transaction failed 29201/-71, size 0-432345564227567616 line 2741 08:44:42 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x6, 0x101) r2 = getpid() ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f00000000c0)=r2) r3 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0x40085400, &(0x7f0000000000)={0x7}) [ 859.138500] binder: undelivered TRANSACTION_ERROR: 29201 08:44:42 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012, 0x1}, &(0x7f00000001c0)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x84000) fchmodat(r3, &(0x7f0000000100)='./file0\x00', 0x100) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) 08:44:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:42 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) 08:44:42 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x1f000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:42 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000000040)={0x2, 0x3, 0x5, 0x3, 0x8, 0x100000000}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 859.225490] binder: 32628:32629 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 859.247894] binder: 32628:32629 got reply transaction with no transaction stack [ 859.262297] binder: 32628:32629 transaction failed 29201/-71, size 0-5188146770730811392 line 2741 [ 859.274274] binder: 32628:32629 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 859.288617] binder: undelivered TRANSACTION_ERROR: 29201 [ 859.294608] binder: 32628:32629 got reply transaction with no transaction stack [ 859.311231] binder: 32628:32629 transaction failed 29201/-71, size 0-5188146770730811392 line 2741 [ 859.334193] binder: undelivered TRANSACTION_ERROR: 29201 08:44:43 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x11000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:43 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}, &(0x7f00000000c0)=0x10) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7, 0x800000000, 0x0, 0x0, 0xfffffffffffffffe}) 08:44:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:43 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x2010}}) 08:44:43 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x8cffffff}}) 08:44:43 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x2001000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:43 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x8000, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000240)={0x15, 0x1e, &(0x7f0000000200)="f985227c74aacf2ea64926583b022987ce167c5c84fb56fb962714f483fc"}) r1 = timerfd_create(0x7, 0xfffffffffffffffc) r2 = dup(r1) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f00000000c0)={'security\x00'}, &(0x7f0000000140)=0x54) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f00000001c0)={0x7, 0x0, 0x0, 0xfffffffffffffffd, 0xdfc, 0x4}) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000040)=0x0) fcntl$setflags(r2, 0x2, 0x1) fcntl$setownex(r1, 0xf, &(0x7f0000000000)={0x0, r3}) [ 859.960453] binder: 32648:32654 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 859.979235] binder: 32648:32654 got reply transaction with no transaction stack [ 859.986962] binder: 32648:32654 transaction failed 29201/-71, size 0-1744830464 line 2741 [ 860.003144] binder: undelivered TRANSACTION_ERROR: 29201 08:44:45 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x20800, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000180)={0x40000010}) r2 = dup(r0) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:45 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x8000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:45 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x1, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(r0, 0x1004000000016) r3 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0xffffffffffffff81, 0x40001) openat$cgroup(r3, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) 08:44:45 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x900}}) 08:44:45 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x4}}) 08:44:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x93b, 0x9}) [ 862.263864] binder: 32670:32677 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 862.279840] binder: 32670:32677 got reply transaction with no transaction stack [ 862.301438] binder: 32670:32677 transaction failed 29201/-71, size 0-24576 line 2741 08:44:46 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x3f00000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 862.320859] binder: undelivered TRANSACTION_ERROR: 29201 08:44:46 executing program 3: r0 = timerfd_create(0x3, 0x80000) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 08:44:46 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x50e60000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:46 executing program 3: mlock2(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) [ 862.399596] binder: 32689:32693 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 862.420686] binder: 32689:32693 got reply transaction with no transaction stack 08:44:46 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) rt_sigprocmask(0x0, &(0x7f00000000c0)={0x532}, &(0x7f0000000100), 0x8) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) r3 = accept(r2, &(0x7f00000003c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f00000002c0)=0x80) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000000340), 0x4) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000580)=0xe8) setsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f00000005c0)={@broadcast, @rand_addr=0x400, r4}, 0xc) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) ptrace$cont(0x1f, r0, 0x5937b8cb, 0x1e2) flistxattr(r1, &(0x7f0000000240)=""/82, 0x52) r5 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x400401) ioctl$UI_SET_PHYS(r5, 0x4008556c, &(0x7f00000001c0)='syz1\x00') timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000440)={0xffffffffffffffff}, 0x0, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r5, &(0x7f0000000640)={0x4, 0x8, 0xfa00, {r6, 0x80}}, 0x10) tkill(r0, 0x1004000000016) [ 862.453051] binder: 32689:32693 transaction failed 29201/-71, size 0-72 line 2741 [ 862.469460] binder: 32689:32693 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 862.479355] binder: undelivered TRANSACTION_ERROR: 29201 [ 862.485661] binder: 32689:32693 got reply transaction with no transaction stack 08:44:46 executing program 3: r0 = timerfd_create(0x7, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$BLKFRASET(r1, 0x1264, &(0x7f00000000c0)=0x3) r2 = dup(r0) timerfd_settime(r2, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0x40085400, &(0x7f0000000000)={0x7}) ioctl$BLKRAGET(r2, 0x1263, &(0x7f0000000040)) 08:44:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) [ 862.504315] binder: 32689:32693 transaction failed 29201/-71, size 0-72 line 2741 [ 862.514025] binder: undelivered TRANSACTION_ERROR: 29201 08:44:46 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x1f00000000000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) [ 862.599949] binder: 32709:32710 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 862.609268] binder: 32709:32710 got reply transaction with no transaction stack 08:44:46 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x10}}) 08:44:46 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=""/19) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/rfkill\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0xffffff8c}}) 08:44:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) mount(&(0x7f0000000040)=@sr0='/dev/sr0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='btrfs\x00', 0x802050, &(0x7f0000000140)='\x00') 08:44:46 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x1000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:46 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x298, 0x0) ioctl$EVIOCGNAME(r3, 0x80404506, &(0x7f0000000240)=""/163) tkill(r0, 0x1004000000016) 08:44:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x7, 0x3ff, 0x9, 0x1f, 0x3}, &(0x7f00000000c0)=0x14) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x7, 0x200, 0x5121, 0x7, r2}, &(0x7f0000000140)=0x10) [ 863.159495] binder: 32724:32731 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 863.180132] binder: 32724:32731 got reply transaction with no transaction stack [ 863.189645] binder_transaction: 1 callbacks suppressed [ 863.189663] binder: 32724:32731 transaction failed 29201/-71, size 0-4 line 2741 08:44:46 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) clone(0x3f000000, &(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000300), &(0x7f0000000480)) 08:44:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:46 executing program 3: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f0000000080), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) ioctl(r1, 0x4, &(0x7f0000000340)="61d95029b294fde7b198306087e311fe2b12b0ca420c36bead7e0ff210eef596dc9c1c5e0c9d850e6ed55acc4ab94bbad0cfaf2b41d336f9f9ef8438deb333d3b084a7055c729120eb5425cf6c8debea6fe6326a048c3625f929e9c8d8e8b5b16dad2a0563e045f94ee0655131908dfe6bc1308744759bbd1249df578589dae54a4735d24fec51675eab2b5990169698c49751dc7f4fdaa73b57699be9ceced7c399eb1ecacccdf9d8de1d8e8a7bd7a59bed58a9123adcfbeed85c4d944aa861f2aa4e727334375185e753e722d23afce8a64a7296245f2829f04258fd1d3a65e9f15a5024c5344292fd7df74d5b97e8d064bdcaa217cb6305b83d452463f470333d071c1630291207d3ef2b12e95595d0fcc41a98c15d6fa5e9c85cac3cc0194ec487609cbba6507574127341e1ff4f5ff4e2e18ba1af41a7ca0ddf639efa60b81673ab256d8454dce2176c22be3b1343cea832ebd560aa51dc7029016dccfdaa7a72fcea57acfaeb483d11a9c690fefcc7767cfe9bdc6b6224878ac1a7c4373d005d5b38cc28c3adec62a11862a48c1c5893601a1f5fadd7205392a6673a384671f748285759f2d2759c83ca2688311209f3ed0432fb968d41566efaf085848ff54ed2f0542a5c7c1dab965abba56866aeb630b69088d56ed7e7cc0948087f497ca35adf8f53038550396a04b6da2086595a26eca5896c844425b1301c2d1e3d96ab4fb894ce2796b52e20c52ef276461296e6e7c4e67e4dd4ae956929cf27ef14ee957d4d30094a03b39a38f7f66145b694f831c18461584fc8e8e8ad3eba3dfcf0b186966b6555651f5a57774d3c11d9967bc043f15b70cb1d5ca1b8ab9ded94f75ac6e8bd1143813df70d136bf8105b45b50921165a78fb3a4d009f5d6d9b1825831a83aa4b40bcf1d1430d619506ec2c9e2e6fc621b3322541554b365410c45defd2ac404a02fdf0c01f9251a91f79dcfbd55f7c531bbc3e756b80d8f5de3d0f56ce4a2b4976f39287ff87eff046c07d93488b113da65b75312034a1efb09b80061c07f8e7819a3177e3a0e0cc169b5922a9b9368f5aeeec2239d38e9dba727725f3ba9f624aa1d3b02c08c2c80c963fbd8a958fbdfff303c36a6e90e52194840a1a1f156b65a1bbd068a426b7ce398685b9dc765afa8d5cb1b8735ce052a007b9be6604175ed547154380950f1ffbc692c851f9711d92aa44be4be7807919f5adabea56f92e60f63045f74e7c9ab1ae901c235862fa0bddea34cd2dbabc97bbe270af718cce8b6e7b2f00efbc627ef9b124cac552154d9c54703d6d1aac7998520bb2c3a304ca9f4800905f7a22b9f648c5325692277226f12deb90fc249176c753825a689b59cde83cfc7fd4bc54b90df1abb58d6dfd7d542ec4bf2df1a31bb560704fbf2a09fd8e93c5c0bd4743fc9b267cb5d007d52cd7df1dd8273e0ee4827903ab0904f771b749c104a0a7ad5f7c57ee502ca3a010cda1b18d52be5b693012b5f10cdbab8a5d7f10d6f693d8c53a9ba2f484434d6ec51870237034719366140ddffbaa33f760689294e339adc7f45e47d2885b84877831719ed2a5ca4a7f26977890274bb37072b1c22d930fffdd719268a4cddcf55f5a141f3d9088472bde4d2da365aea516e22a2e73715190eda3f410c9db967357296dba2cb9522f7f48902f1ab735a8f3cbbe797ff343f55995fd0d346e22274001ab2e4c0e1a14bd3182449914656a340599e3a1576a467fe869dcd363d6a6ce87996a1aede2d8d3919bf6f54a5ecfc0629059c6191d414925269202f1504a52d9ca1ad182a533ce4766c6b7cdf7954b6a31c7f8a01b09b9e1f657c7c5436ddd3822b6e2ddb6032ec68238c72035280f5590a2d3123beeb1bb23f2986750dcab9120ff869213dee242938a761e74c45165f93d3a0b8e933d1f4b9c3aea97563133f6304e56b1d2bbaffea91d292e34b380f43aab69e588d514b65477832a0f1ede0396e3c2181a19fc87fdce4689ad5e0480cced77170d010854a72730c15f5e8a3f0b8113790a4e53a70b6f9f22abb7d7be7cd9287fe5f8d141024cad6279673fb23ff398e9f0a143ecf63b9464526c384f27c8febcaa30e089e53ea4f24f9f0132539f38134cb72f5af6ab5ed152d6ce7656cc98e793fc9e56ed0c43e7b340fecfaa0540b26f4dfce8c996cc90984be239443d8a78eef9019df9ee2af4e9c336fb2dec8916e25c3b3b5ef320932ba9dab7f6723797c4f5d97b10a5c49d8a56d414bd94762ef14f220ae21da164de707052de47ca8eae045ef764914c4a4ca46f3e207b48ef100d41cb54a1325c4fa0f23796d7fcb62e29aaff2b4cbd3afcd5650d46f906d2159a8a06c230230e888f2eb5fa29bb8753b5bbf10b411bb44ec5ce28f0015f0a7d220ee850525b2822c7f01e22452edb6d6995263067f4269add29759122a473ff0b8f49d2299860d2ec1801e0d20397c66133ab90c4188ac4ad81588cb85145e8887d0e2d4bed4a0831ca30a5c4f0c801efab4023d142d1287b4489a30f1fc766db8dcd71a542ecda7efe774e9e48360b054a091d38b8f4d199f6108652579f361f7c45370d539528ee5c1a9c8556d096cbc6180ec1c9c761b34345d2e4540f6b5591d0715b04945dece72ddbd7b2b8771675b40cd46debb7b83a8a2360edfe5df66b25af3189e196b7d53736c19752a8f10498921ae49f3a87c2a91a748e00e4f4ace2c74b82e649516608e15835f583d1be7c9e2a81ffb91aaf2d3c8c3d9969954946682ab6e006b4bf0b63fc8ff3489d6eab223aeab15956bd206c79f600971d673f435a9628da1bd16421fa082d4813c2e4c15654a87eb1f0aee4a2ea1db0c2e83179d74dc6e8c92d4e4603cf5f47f0dd24355d0c4ca89370d5b1b93dfa175497b7afc3f4ee89003ac063cc8f04c0371d8f1a1e07bc5319303d6be78738d74ef24045b29d0b600ae81ed9840f02cf16a96184dcffa3342921b0b9d599a387c525bcc36c931b9d302a9a116acbe80c09ac7fddb542b7d45cbb91331b89220573ff3f4ad964053699f27fc7aed9dbf75e946413da2573a5cdb30224c0d879aee42d628bb3ad1049153fb91b510b52f5be70bc888be80c3c1d66239c58862644a6dba1993f8f5f70296c8e75061bec9ec78cadd8b475038476f3df87abeba0008969c24d559739514b8d54f8682f242a411c928b019493fe4029185d27cd1ec8d21a8414e464dc37ac66ead8a0293ed36cb4f473958b9c8cb7f11e4fa50e4d8156d92d7790852f1399b1931adf95ab63ac7bc71fa4e98fcbb276cbe3083f8e0f4f81efb9b27edaa96b1a11106e7f4d9a0afa82055e3c62b8e26275d72acaf78b4d24d7ac712608d5ff5ac674aa9e9a923306498e063ebc96e1bacea9313232c499d61d241fa11c36d2d40a307c519527507d1d7803cd369f2daa78d11f4d0ffb73a4cb72676f4d6202e750887a906e4574fc3c24547a0fc38c5a119d706176a8868ee2178c2046f8244b41fb4e10fe3dba5ae875072b4618abb490ef620479e209ec3cde61960bba59ae29a11efd94920422fcdd32f4d2c013f5a8c987681419d723e3dd0ee7dde464480a71921c51ef864fb8af95e41df6e7d9a377163993d31cb31c1e297592504bc3541adf9857eaef01fc686142de85d1ba1d0d11e02cc8cbebbe21b6ccc4aa9d1697c6eb3588a1d23442450d5afc8b991affb3fb8c2f10823c74595224252be630a878a78911e868725a34b9bdcf9b46d40b80b2a5b5ef29ebb50c82f4c8bcd0a21d9a3835f26ae129f03b2cdcf43667103ff2b7b529e31a91c3cf150e2e40874c84fce0211d26a5d528a7720ba47783b2a125221d18346a31c0a8b7701840ed266c7c69596d8054066c975a44f4a2b4b67f5d847016723dfaa5c2da0c62e00b2a7b3fc93dfcd7766e001604d53bd96e5cd2ea7998ac79bf67adaf8b423ee700cc11f9d5da5ed28a94ab6fc61a24fb4b88e563f8b961f7ca28e9f83ff5554763754fa99302d85a60c98bd0932cf908442b4b00067f99e154b24e51ff9a932a1325b2863c360b6de55d77bfb549cb04d4b674bf9409fe5bbc574927aaea92a9f284f39fdd395f9cc577af09e5eeb0dd1d047f4d87f40b67c195e9ebb9e8d1694ddaeeeb155e09626bf10b5af612bf7a329c8625dac74542ebd1e2a3ba068560517821ad71054f34de9d96210c78c710a2fc23aec7d8ac6b4b7c819ace7ae0a3d14a274cc3bdb04b3ab4bfc6e77406f9fabbd09dae9b1d0656722a8b39767ac776bfe6fbaf1a9866f05a72a89011ab8f8b83fc9b8dd839707c42e0678651373dc1bee54d7be7de2175fb8b022a9a05ca41116a815a4c82e5616cac38900d1348478c833474f6f71b51b39ef024860e00fbf364b1ae0ce5e2479ca8ec669fe752b76ecc6afe9b119e0350908046d25ba71fbbef3aef514fe290c93b86a7932e304ddf2707dbe5f985aa7406df0cc7e1798395fb09d9700c7b4fe195d87e783ffba0721e5fe6dedffb69befd4a2d986ea2236ae700cb4127d44d2912c127bbbd5d91ca63715b626817762e17f0feb7921f7a502b1c3aa115d27052f7e84532a4ad414b75ca37d8c115dda6b03b579e162678ddcad9f179acda37f0c142bbaf31d79c185609d2a105ff3047ae57682eade2d8b6b19db0d8fdb2f7b32a88b7be5133dc0f80ddbcaaffde45a5ea52722ac9baef62e4076b931b495236a4437242dbf3f1ae8dd3dbc8ccd7ebcd04067d85afc8fec6ea08a58a693415f67579fc8666192b77322defabe35b5047b2acc1a27955ae89584503ab14d105b1ff1bc384b95b7431b5c4144d23da763c3902a1cb8e79b933421fc13cdcc3ad936d46d5610e44eed23f8e0bb2cb6d45dbb1290577818326ec7325de7fbf33adb80ffde5c1c381c8d6f12436d7ae0c32c5e9c80bf2c091130689f77b59bd256ec056c1da906084a36df00855993eda491f5bdcd7f50fc2b1c098fcbf424083aac6916a242907630167c8df38fadb17cb424ab7547a2a6474223d30d017e3f1d012ea685ded8efe5af96422a2ff0cdc4f8dd436007ecff430ffbe47b569154a5bc73fb9cd53ce9b0416aea7c41bdf56fd11fd8bb8793bd6afc24b3c6ef8cf234916593d7cf84c2687e4c199223ef0598f879f058aa816f29c2812bf06281b609e31af38fef9df3a1393d6d32de1cc8acc91b429b6c94ffb6cdfb21010973385462274c90fb414d6063d67b616b9582d774c8391cce36209385383ee9af0941209edc718c9ecca38f2f35672c0ef1dc3843e3955cf4068e33db710e17586b93fd66e4b905b3a230e713a0e65dc74de689a759f6289bb09e31a9f77ca7962148ebcdef8d95516f1b034d0207eda9f3daa41a811be0392cb2bcee86794205fcf2941de04717211d8bc2ed7949993392f5a1fe802e820f00d094f85159ec4b8d17d2e47761a68a52b103fa6caf620777ef3f10c029757e47a4778cff0a02171f61746be53b83be951d8ee06cb1ddd74f7ff6af76dc16b29da25dc3982717220f1e80cb91056c4dcdcf2021d05ce6a0507610588842163c7b4cf9df79b4167492a1ec071d5276b91bd41a9fab28dd8dd6e1e524b29f24ebf7c129cf0450d4180ee6d24ecc5801733fd8e806b8073997e4ce45abc9989ba424178c14a38591dd4c123748359fcd9889cdd14f27c252f9960307b0f70ec5ceab4dc41b35acfa2b8388cfb07bb74c497fff7b6592e837c44cf5a696e08fe51d69a189ca8f5fefe9ad3eb6350a5f77fc7149401c00d9d6bcf6b01ee2ba6106433a3ecc2b7ce10f2") [ 863.213718] binder_release_work: 1 callbacks suppressed [ 863.213726] binder: undelivered TRANSACTION_ERROR: 29201 08:44:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f0000000140)=[@enter_looper, @register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, &(0x7f0000000080), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f00000001c0)}) 08:44:47 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @multicast1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @my}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) r3 = open(&(0x7f0000000340)='./file0\x00', 0x200040, 0x30) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x1) r4 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x8000, 0x2) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x80000001, 0x80000001, 0x318d, 0x0, 0x10001}, &(0x7f0000000440)=0x98) getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x8}, &(0x7f00000004c0)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000240)={r5, @in={{0x2, 0x4e22, @multicast2}}, 0x8000000004, 0x6}, &(0x7f0000000500)=0xffffffffffffffed) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f00000001c0)={r6, 0x2}, 0x8) tkill(r0, 0x1004000000016) [ 863.298016] binder: 32741:32743 transaction failed 29201/-71, size 0-104 line 2741 [ 863.306805] binder: undelivered TRANSACTION_ERROR: 29201 [ 863.389733] binder: 32748:32751 transaction failed 29201/-71, size 0-33554432 line 2741 [ 863.398665] binder: 32748:32751 transaction failed 29201/-71, size 0-33554432 line 2741 [ 863.399021] binder: undelivered TRANSACTION_ERROR: 29201 [ 863.412932] binder: undelivered TRANSACTION_ERROR: 29201 [ 863.495073] ================================================================== [ 863.502481] BUG: KASAN: use-after-free in perf_trace_lock_acquire+0x66b/0x800 [ 863.509759] Read of size 8 at addr ffff88017e9304e8 by task syz-executor4/32750 [ 863.517204] [ 863.518826] CPU: 1 PID: 32750 Comm: syz-executor4 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 863.527302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 863.536637] Call Trace: [ 863.539214] dump_stack+0x244/0x39d [ 863.542832] ? dump_stack_print_info.cold.1+0x20/0x20 [ 863.548017] ? printk+0xa7/0xcf [ 863.551281] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 863.556027] print_address_description.cold.7+0x9/0x1ff [ 863.561377] kasan_report.cold.8+0x242/0x309 [ 863.565788] ? perf_trace_lock_acquire+0x66b/0x800 [ 863.570720] __asan_report_load8_noabort+0x14/0x20 [ 863.575646] perf_trace_lock_acquire+0x66b/0x800 [ 863.580400] ? perf_trace_lock+0x7a0/0x7a0 [ 863.584640] ? __sched_text_start+0x8/0x8 [ 863.588780] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 863.593527] ? find_held_lock+0x36/0x1c0 [ 863.597576] ? mark_held_locks+0xc7/0x130 [ 863.601722] lock_acquire+0x385/0x520 [ 863.605583] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 863.610775] ? lock_release+0xa10/0xa10 [ 863.614736] ? preempt_schedule+0x4d/0x60 [ 863.618869] ? ___preempt_schedule+0x16/0x18 [ 863.623264] ? __local_bh_enable_ip+0x1a3/0x260 [ 863.628007] ? vhost_vsock_dev_release+0x720/0x720 [ 863.632923] _raw_spin_lock_bh+0x31/0x40 [ 863.636968] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 863.642144] vhost_transport_cancel_pkt+0x15e/0x910 [ 863.647146] ? vhost_vsock_dev_release+0x720/0x720 [ 863.652072] ? trace_hardirqs_on+0xbd/0x310 [ 863.656400] ? lock_release+0xa10/0xa10 [ 863.660382] ? lock_sock_nested+0xe2/0x120 [ 863.664611] ? trace_hardirqs_off_caller+0x300/0x300 [ 863.669706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 863.675236] ? check_preemption_disabled+0x48/0x280 [ 863.680245] ? lock_sock_nested+0x9a/0x120 [ 863.684498] ? lock_sock_nested+0x9a/0x120 [ 863.688739] ? __local_bh_enable_ip+0x160/0x260 [ 863.693420] ? vhost_vsock_dev_release+0x720/0x720 [ 863.698748] vsock_stream_connect+0x903/0xe40 [ 863.703240] ? vsock_dgram_connect+0x500/0x500 [ 863.707813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 863.713357] ? aa_label_sk_perm+0x91/0x100 [ 863.717591] ? finish_wait+0x430/0x430 [ 863.721475] ? aa_af_perm+0x5a0/0x5a0 [ 863.725277] ? apparmor_socket_connect+0xb6/0x160 [ 863.730130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 863.735657] ? security_socket_connect+0x94/0xc0 [ 863.740423] __sys_connect+0x37d/0x4c0 [ 863.744301] ? __ia32_sys_accept+0xb0/0xb0 [ 863.748547] ? kasan_check_read+0x11/0x20 [ 863.752700] ? _copy_to_user+0xc8/0x110 [ 863.756661] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 863.762232] ? put_timespec64+0x10f/0x1b0 [ 863.766374] ? do_syscall_64+0x9a/0x820 [ 863.770335] ? do_syscall_64+0x9a/0x820 [ 863.774308] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 863.778882] ? trace_hardirqs_on+0xbd/0x310 [ 863.783194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 863.788720] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 863.794072] ? trace_hardirqs_off_caller+0x300/0x300 [ 863.799163] __x64_sys_connect+0x73/0xb0 [ 863.803217] do_syscall_64+0x1b9/0x820 [ 863.807092] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 863.812443] ? syscall_return_slowpath+0x5e0/0x5e0 [ 863.817369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 863.822226] ? trace_hardirqs_on_caller+0x310/0x310 [ 863.827232] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 863.832243] ? prepare_exit_to_usermode+0x291/0x3b0 [ 863.837260] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 863.842116] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 863.847290] RIP: 0033:0x457569 [ 863.850491] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 863.869379] RSP: 002b:00007f719d9ecc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 863.877083] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 863.884368] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000006 [ 863.891631] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 863.898907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f719d9ed6d4 [ 863.906185] R13: 00000000004bdb06 R14: 00000000004cc658 R15: 00000000ffffffff [ 863.913454] [ 863.915067] Allocated by task 32750: [ 863.918792] save_stack+0x43/0xd0 [ 863.922231] kasan_kmalloc+0xc7/0xe0 [ 863.925940] __kmalloc_node+0x50/0x70 [ 863.929742] kvmalloc_node+0xb9/0xf0 [ 863.933440] vhost_vsock_dev_open+0xa2/0x5a0 [ 863.937894] misc_open+0x3ca/0x560 [ 863.941429] chrdev_open+0x25a/0x710 [ 863.945136] do_dentry_open+0x499/0x1250 [ 863.949198] vfs_open+0xa0/0xd0 [ 863.952487] path_openat+0x12bc/0x5150 [ 863.956361] do_filp_open+0x255/0x380 [ 863.960152] do_sys_open+0x568/0x700 [ 863.963867] __x64_sys_openat+0x9d/0x100 [ 863.967914] do_syscall_64+0x1b9/0x820 [ 863.971801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 863.976978] [ 863.978606] Freed by task 32749: [ 863.981974] save_stack+0x43/0xd0 [ 863.985428] __kasan_slab_free+0x102/0x150 [ 863.989645] kasan_slab_free+0xe/0x10 [ 863.993431] kfree+0xcf/0x230 [ 863.996522] kvfree+0x61/0x70 [ 863.999613] vhost_vsock_dev_release+0x4f4/0x720 [ 864.004357] __fput+0x3bc/0xa70 [ 864.007618] ____fput+0x15/0x20 [ 864.010883] task_work_run+0x1e8/0x2a0 [ 864.014765] exit_to_usermode_loop+0x318/0x380 [ 864.019356] do_syscall_64+0x6be/0x820 [ 864.023231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 864.028413] [ 864.030045] The buggy address belongs to the object at ffff88017e9277c0 [ 864.030045] which belongs to the cache kmalloc-64k of size 65536 [ 864.042890] The buggy address is located 36136 bytes inside of [ 864.042890] 65536-byte region [ffff88017e9277c0, ffff88017e9377c0) [ 864.055117] The buggy address belongs to the page: [ 864.055132] page:ffffea0005fa4800 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 864.055146] flags: 0x2fffc0000010200(slab|head) [ 864.055164] raw: 02fffc0000010200 ffffea0005fa4008 ffffea0006011008 ffff8801da802500 [ 864.055186] raw: 0000000000000000 ffff88017e9277c0 0000000100000001 0000000000000000 [ 864.055191] page dumped because: kasan: bad access detected [ 864.055194] [ 864.055198] Memory state around the buggy address: [ 864.055212] ffff88017e930380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.063104] kobject: 'loop0' (00000000ac0b65d8): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 864.070121] ffff88017e930400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.070132] >ffff88017e930480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.070137] ^ [ 864.070146] ffff88017e930500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.070155] ffff88017e930580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 864.070160] ================================================================== [ 864.070164] Disabling lock debugging due to kernel taint [ 864.070171] Kernel panic - not syncing: panic_on_warn set ... [ 864.070194] CPU: 1 PID: 32750 Comm: syz-executor4 Tainted: G B 4.19.0-rc8-next-20181019+ #98 [ 864.070201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 864.070205] Call Trace: [ 864.070228] dump_stack+0x244/0x39d [ 864.070245] ? dump_stack_print_info.cold.1+0x20/0x20 [ 864.070263] panic+0x2ad/0x55c [ 864.070281] ? add_taint.cold.5+0x16/0x16 [ 864.212256] ? add_taint.cold.5+0x5/0x16 [ 864.216338] ? trace_hardirqs_off+0xaf/0x310 [ 864.220748] kasan_end_report+0x47/0x4f [ 864.224718] kasan_report.cold.8+0x76/0x309 [ 864.229025] ? perf_trace_lock_acquire+0x66b/0x800 [ 864.233937] __asan_report_load8_noabort+0x14/0x20 [ 864.238868] perf_trace_lock_acquire+0x66b/0x800 [ 864.243610] ? perf_trace_lock+0x7a0/0x7a0 [ 864.247843] ? __sched_text_start+0x8/0x8 [ 864.251982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 864.256726] ? find_held_lock+0x36/0x1c0 [ 864.260774] ? mark_held_locks+0xc7/0x130 [ 864.264910] lock_acquire+0x385/0x520 [ 864.268720] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 864.273897] ? lock_release+0xa10/0xa10 [ 864.277858] ? preempt_schedule+0x4d/0x60 [ 864.282001] ? ___preempt_schedule+0x16/0x18 [ 864.286418] ? __local_bh_enable_ip+0x1a3/0x260 [ 864.291076] ? vhost_vsock_dev_release+0x720/0x720 [ 864.295990] _raw_spin_lock_bh+0x31/0x40 [ 864.300034] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 864.305218] vhost_transport_cancel_pkt+0x15e/0x910 [ 864.310254] ? vhost_vsock_dev_release+0x720/0x720 [ 864.315186] ? trace_hardirqs_on+0xbd/0x310 [ 864.319496] ? lock_release+0xa10/0xa10 [ 864.323459] ? lock_sock_nested+0xe2/0x120 [ 864.327704] ? trace_hardirqs_off_caller+0x300/0x300 [ 864.332799] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 864.338323] ? check_preemption_disabled+0x48/0x280 [ 864.343325] ? lock_sock_nested+0x9a/0x120 [ 864.347546] ? lock_sock_nested+0x9a/0x120 [ 864.351769] ? __local_bh_enable_ip+0x160/0x260 [ 864.356439] ? vhost_vsock_dev_release+0x720/0x720 [ 864.361357] vsock_stream_connect+0x903/0xe40 [ 864.365856] ? vsock_dgram_connect+0x500/0x500 [ 864.370431] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 864.375963] ? aa_label_sk_perm+0x91/0x100 [ 864.380218] ? finish_wait+0x430/0x430 [ 864.384099] ? aa_af_perm+0x5a0/0x5a0 [ 864.387896] ? apparmor_socket_connect+0xb6/0x160 [ 864.392732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 864.398264] ? security_socket_connect+0x94/0xc0 [ 864.403016] __sys_connect+0x37d/0x4c0 [ 864.406904] ? __ia32_sys_accept+0xb0/0xb0 [ 864.411156] ? kasan_check_read+0x11/0x20 [ 864.415304] ? _copy_to_user+0xc8/0x110 [ 864.419267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 864.424798] ? put_timespec64+0x10f/0x1b0 [ 864.428933] ? do_syscall_64+0x9a/0x820 [ 864.432892] ? do_syscall_64+0x9a/0x820 [ 864.436853] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 864.441429] ? trace_hardirqs_on+0xbd/0x310 [ 864.445745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 864.451274] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 864.456630] ? trace_hardirqs_off_caller+0x300/0x300 [ 864.461723] __x64_sys_connect+0x73/0xb0 [ 864.465775] do_syscall_64+0x1b9/0x820 [ 864.469663] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 864.475022] ? syscall_return_slowpath+0x5e0/0x5e0 [ 864.479950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 864.484779] ? trace_hardirqs_on_caller+0x310/0x310 [ 864.489782] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 864.494804] ? prepare_exit_to_usermode+0x291/0x3b0 [ 864.499809] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 864.504638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 864.509813] RIP: 0033:0x457569 [ 864.512992] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 864.531898] RSP: 002b:00007f719d9ecc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 864.539598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 864.546853] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000006 [ 864.554104] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 864.561372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f719d9ed6d4 [ 864.568626] R13: 00000000004bdb06 R14: 00000000004cc658 R15: 00000000ffffffff [ 864.576974] Kernel Offset: disabled [ 864.580612] Rebooting in 86400 seconds..